Fixing the Bad for the Good!

Active Directory (AD) has been around for about 2 decades, and many organizations started using it as soon as it became available, some even earlier. Especially large orgs have Identity Management systems to manage the lifecycle of identities somehow (user accounts, service accounts, computer accounts, other account purposes). AD has evolved and with every new release of the OS, it became more secure. However, that does not mean you are automatically using all of the most secure account settings. It also does not mean you automatically stopped using the least secure account settings. What about passwords? Are your users using weak or compromised passwords, and how do you know? Do users own multiple accounts and are they sharing passwords across accounts they own, and how do you know? Weak settings and passwords (i.e. bad account hygiene) are what the bad guys need to take over your systems, accounts and ultimately your AD through e.g. "lateral movement". Even with large orgs and/or well managed ADs, you'll be surprised of what you will see when you dig in. Although the best option is to go passwordless, or at least decrease password usage, that may not be a viable option for all orgs. So what can you do about all of this? Please join me in this session where I will explain what can be done from a technical and process perspective.