Name: The Dos and Don’ts of Recovering Active Directory from a Scorched Earth Disaster
Start: 2020-05-27T13:50:00Z
End: 2020-05-27T13:51:01.000Z
Location: BrightTALK
Rating: 0

Semperis is the pioneer of identity-driven cyber resilience for cross-cloud and hybrid environments. The company provides cyber preparedness, incident response, and disaster recovery solutions for enterprise directory services—the keys to the kingdom. Semperis’ patented technology for Microsoft Active Directory protects over 40 million identities from cyberattacks, data breaches, and operational errors. Semperis is headquartered in New York City and operates internationally, with its research and development team distributed between San Francisco and Tel Aviv.

Semperis hosts the award-winning Hybrid Identity Protection conference. The company has received the highest level of industry accolades; most recently being named Best Business Continuity / Disaster Recovery Solution by SC Magazine’s 2020 Trust Awards. Semperis is accredited by Microsoft and recognized by Gartner.

Join our next HIP Conference: https://bit.ly/3q6JUbD

We all know that ransomware is everywhere and not going away any time soon. Many organizations – from government entities to regulatory bodies and even cybersecurity experts – have provided recommendations, requirements, and mandates to help you protect your organization from the relentless pace of attacks. But making this guidance real is much easier said than done. It all comes down to the basics but many of us may be unsure of what those basics actually are and how to implement them. In this webinar we will discuss the NIST Cybersecurity Framework for Ransomware Risk Management with a specific focus on:
What the guidance includes
How this guidance compares to other options
How to detect where your program falls short
Actionable advice on where to start and which actions will yield the most benefit (hint: you should start with Active Directory)
Sign up today to learn how you can dramatically improve your security stance in the face of ransomware.

A Practical Guide to Following the NIST Framework for Ransomware Risk Management

As cyberattacks proliferate, many organizations are investing resources in plugging holes in their security strategy. But one common attack entry point—also used in the SolarWinds breach—is consistently overlooked: Active Directory. According to results from a new security assessment tool that evaluates security weaknesses in Active Directory configurations, even large organizations with extensive resources are seeing average scores of 58%—a failing grade.

Where are companies failing in securing Active Directory—and how can you strengthen your AD defenses? Join Microsoft identity experts Darren Mar-Elia and Ran Harel as they walk through the most common weak spots in Active Directory configurations—and how to fix them.
You’ll come away from this session with a practical checklist of AD vulnerabilities to watch for in your environment, including:

- Password policies that are inadequate for modern account protection
- Accounts with elevated privileges in place that haven’t been adequately reviewed
- Accounts with delegated permissions over Active Directory that have unwanted consequences on AD security that have proliferated over time
- Weaknesses in Kerberos usage that are increasingly being exploited to gain privileged access
- Weak Group Policy configuration, which creates a variety of holes that attackers can drive through

Would Your Organization Fail the Active Directory Security Assessment?

Disaster Recovery (DR) strategies have traditionally focused on natural disasters, then expanded into other physical events such as terrorism. Today, cyber weaponization is everywhere, and the "extinction event" is a genuine threat with no respect for geographic boundaries. 
 
Join to learn how how to quickly recover critical business operations following a ransomware attack. 
 
Presented by 15-time Microsoft MVP and identity security expert Sean Deuby (Semperis Director of Client Services), this session will cover: 
 
• Recent cyberattacks that have targeted Active Directory, which is the primary source of identity and access trust for 90% of enterprises 
• Why AD is the cyber kill chain’s weakest link – exploited in virtually every modern attack 
• New “cyber-first” DR technologies automate recovery of complex systems, facilitate recovery to the cloud, and eliminate the risk of reinfection from system state and bare-metal backups.

Ransomware, Risk and Recovery

In this panel discussion, leading experts from the identity security space will share their insight and experience helping real-world organizations secure hybrid environments, which are prime targets for increasingly common cyberattacks that compromise on-premises systems, then move to the cloud—or vice versa.

Learn how to combat the latest threats, close common hybrid identity security gaps, and establish the most effective cyber resilience program for both your legacy on-premises and expanding cloud environments.

Panel: Defending Hybrid Identity Environments Against  Cyberattacks

Considering passwordless but not certain if this is something your organization is ready to tackle? This talk may or may not convince you either way but what you will learn about is the real-world story of the multi-
year journey to do just that for a large organization (>500K employees). This talk will serve as a continuation of the talk from HIP 2020 but will provide enough of the back story for those who might be joining just now. We show the previous plan, what we achieved, the hard lessons learned along the way, and what we must complete before September 2022 to meet our goal of eliminating passwords completely for at least 90% of employees. The talk will address passwordless technologies but will also cover some broader business problems like getting leadership buy-in and navigating employees through the change journey.

Taking a Large Organization Passwordless: Completing the Journey

Access and security start with identities and their credentials. Therefore, in this presentation we will take a look under the hood of Azure Active Directory Connect, what the impact is during cross-forest AD 
migrations and how to provision identities to on-premises systems from Azure AD. If you wanted to learn more about the core of identity synchronizations, this is the session to watch.

It’s Raining Identities: The Impact of Azure AD in AD  Migrations

EDR solution makers are evolving into XDR, and XDR is coming for your Identity -- and that's a good thing. XDR (eXtended Detection and Response) solutions are expanding their capabilities to take Identity-related 
response actions when other kinds of compromise (malware infection, for instance) are detected. In this session, we'll look at XDR from an Identity Security practitioner's perspective and predict the future of XDR and Identity. This talk is intended to be useful to Identity Security practitioners of all levels.

XDR Is Coming for Your Identity - And That’s a Good Thing

Identity is a core tenant of trust we leverage in our environments and this concept extends to cloud environments as well. With a public cloud platform, the cloud service provider (CSP) — whether 
Microsoft, Amazon, Google, or another organization — is responsible for the physical security of the infrastructure and for keeping customers’ data separated. At the same time, the companies using those cloud services are responsible for the security of their data and applications, operating systems, 
and identity and access management. The cloud platform might come with security solutions, but the customer organization is responsible for configuring those solutions and ensuring that they are working effectively. In this session, we will review the types of threats and attacks we are facing in deployments we manage today and how attacker tactics are changing as they target cloud infrastructure. We will review some example threats to highlight the considerations and questions organizations should be asking themself. We will then teach you how to leverage the Security Stack mapping research to help you identify and implement native security controls in the cloud to effectively manage the modern threats we face today.

How Has the Threat Landscape Changed as We Transition to  Cloud Environments?

Active Directory security gaps can lurk in various areas, including Kerberos and Group Policy settings. But one of the most challenging categories is account security: According to a recent survey of users of Purple Knight (a free security assessment tool built by Semperis identity experts), organizations have the lowest scores (the highest number of security indicators) in this category. In this session, Alexandra Weaver (Semperis Solutions Architect) and Sean Deuby (Semperis Director of Services) will highlight the top 5 risky account security configurations—such as Admin accounts with old passwords, changes in privileged group membership, and enabled but inactive admin accounts—and how to fix them.

Top 5 Risky Account Security Configurations

Many organizations have Active Directory implementations that are old enough to have graduated high school. Throughout the lifetimes of these Active Directory implementations, successive administrators have 
made configuration changes that may have solved immediate problems, but also inadvertently introduced security vulnerabilities. If you've inherited an Active Directory instance that one or more predecessors have managed, it's likely that you're unaware of these security misconfigurations unless you've deliberately gone searching for them. In this session, you'll learn about common Active Directory misconfigurations, the security implications of those misconfigurations, and the steps you can take to mitigate them.

Common Active Directory Misconfigurations

Ransomware attacks are as common as having a cup of coffee. 
It's not "if attacked..." but rather "when attacked...", and with that in mind, 
the only "insurance" available is to be prepared and have a written and 
tested Disaster Recovery (DR) plan with supporting tooling! Do you have such 
a DR plan? Have you ever tested your backups?

In this session, Jorge will discuss thoughts, mistakes, options, things to 
think about, and steps that are interesting for you when writing a DR 
plan.

Resurrecting After a Ransomware Attack - Be Secure, And Prepared!

Privileged identities but also DevOps pipelines with privileged access needs particular attention in a cloud environment. Over the last years Microsoft releases many design principles, best practices, and security 
concepts for securing privileged access in Microsoft Azure. This includes the new "Enterprise Access Model" (as evolution from the AD tier model) but also best practices from the Cloud Adoption Framework (CAF) to design identity and access for Azure workloads and management. In my session I will speak 
about security considerations and solution approaches from my research work. Which key points should be included in designing a secure foundation for privileged identities? How can I prevent privilege escalation by 
implementing a well-designed and delegated Azure RBAC model? Which aspects should be considered in securing privileged Azure DevOps release pipelines?

Protect Your Privileged Identities and DevOps Pipelines In  Microsoft Azure!

Identity and security management functions have typically been 
siloed in many organizations. But with the rise in cyberattacks targeting 
identity systems as an initial or secondary attack vector, security and 
technology leaders are looking at ways to foster collaboration between these 
two groups. According to the Identity Defined Security Alliance (IDSA) 
report 2021 Trends in Securing Digital Identities, 64% of organizations 
surveyed have made changes to better align security and identity functions 
within the last two years.

Join industry leaders as they discuss the challenges that siloed teams face 
from a security perspective and how organizations are taking steps to align 
security and identity functions to improve overall security posture.

Panel: Uniting Identity and Security Teams Against the Adversaries

The attack paths into AD are numerous. AD itself is complex 
and usually outstrips the ability of IT administrators to fully protect it. But 
there are key things you can do to reduce its attack surface, that don't 
require a lot of headaches and change tickets. In this session, Darren will 
highlight the best of these and talk about what kinds of things attackers are 
typically looking for when they try to exploit AD.

Practical Tips for Protecting Active Directory

As weak, stolen, and cracked passwords are at the root of 80% of cybersecurity incidents, Passwordless has the potential to change the world. Under the covers, Windows Hello for Business, Microsoft's 
Passwordless solution, has already changed the authentication paradigm for Active Directory. Regardless of the device being domain-joined, hybrid Azure AD-joined or Azure AD-joined, you can access organizational resources without specifying credentials. In this session, Sander Berkouwer, 13-time Microsoft MVP, explains how Windows Hello works in all three scenarios and what you need to get it going for your organization.

Windows Hello for Business Hybrid Access: How Does It  Work Under the Covers?

How can organizations foster a diverse and inclusive culture in the cybersecurity community? Simon Hodgkinson, Former bp Chief Information Security Officer (CISO), chats with Emma Leith, European CISO at Santander about her experience in creating a culture within cybersecurity organizations that allows diversity to flourish. They’ll discuss common barriers related to inclusion—and Emma’s own experiences—as well as the current state of DEI initiatives in the cybersecurity industry. They’ll include some practical steps organizations can take to embrace a mix of perspectives to improve their offerings and foster meaningful connections in the cybersecurity industry.

Diversity in CyberTech and the Importance of Cultivating an Inclusive Culture

In this conversational chat, Denis Ontiveros Merlo and Sean Deuby discuss how organizations can “set data free” in a secure manner. Despite investment in Identity, we still have significant security breaches and 
friction when attempting to drive a sustainable identity culture given competing priorities and view on value. This presentation will present some examples of anti-patterns to consider when tackling some very visible 
operational identity issues and will attempt to provoke critical thinking to understand whether the identity profession is designing products that really drive the right user behavior. As we use behavioral economics and heuristics —the use of rules of thumb or mental shortcuts to make a quick decision—are we not focusing on the wrong problems and reinforcing our cognitive bias?

Fireside Chat: Scaling Identity for the Future - Enterprise Perspective

How many times have you been asked to prove your identity to different organizations? You may have had to provide copies of a passport, a bank statement, a utility bill or appear in person. How would it be if you 
could prove who you are once and then use that proof across multiple service providers? Welcome to the world of Verifiable Credentials (VCs). 
 
In this session, John Craddock will introduce you to VCs and show you how to issue your own VCs using the Azure AD Verifiable Credentials service. Could this be your steppingstones into a whole new world?

Keynote: Will Decentralized Identities and VCs Become the Future of Identity?

The threat to Active Directory from ransomware and wiper attacks is generally understood, but the complexity of forest recovery is not. In “the good old days," AD recovery meant recovering AD from natural disasters and operational errors. But cyberattacks changed all that. With AD becoming a prime target for widespread, business-crippling attacks, it’s time to think “cyber-first."

In this technical workshop, you’ll learn the dos and don’ts of recovering AD from a cyber disaster.

The Presenters:
- Guido Grillenmeier, Microsoft MVP & Chief Technologist, DXC Technology

- Gil Kirkpatrick, Microsoft MVP & Chief Architect, Semperis

The Dos and Don’ts of Recovering Active Directory from a Scorched Earth Disaster

Active Directory

Ransomware

Cyber Attacks

Cyber Crime

Business Continuity

Authentication

Automation

Azure

Cloud Security

Enterprise Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Dos and Don’ts of Recovering Active Directory from a Scorched Earth Disaster

Presented by

About this talk

More from this channel