Name: Top Active Directory Attacks and How to Prevent Them
Start: 2022-06-09T16:00:00Z
End: 2022-06-09T16:00:52.000Z
Location: BrightTALK
Rating: 5

This channel brings together the leading identity and security vendors and industry experts to regularly educate security leaders on how to reduce risk through identity-centric strategies. For more resources and education on identity-centric security strategies, visit www.idsalliance.org.

Join Elias Jensen, Director, Architect Lead at Omada, for an exciting webinar that aims to guide the attendees through the various technologies that enable the application of AI for IGA.

This can help to drive significant improvements in workflow decision-making and accelerate your IGA journey towards an identity-first architecture. You will also hear about an example of how one of Omada’s customers are using AI today for IGA.

Attendees will learn:
-  IGA AI applications
-  The layers of AI impact within IGA
-  AI requirements before you can get going

How to Successfully Leverage AI Game-Changers Powering Identity Governance

Identity Management Day 2024 is coming on the 9th of April! See a preview of what you can expect in this 21-hour event. Hear from speakers, sponsors, volunteers, and staff. Get yourself ready!

Identity Management Day 2024 Preview

Identity Security is more significant now than it has ever been. It is the foundation for ensuring cybersecurity in the new digital/cloud era. Join this webinar to hear global perspectives from seasoned industry analyst and leaders on why Identity Security has been taking the center place, how organizations should align their Identity practices and where identity is heading towards. This will be a precursor to the Identity Management Day happening on April 9, 2024.

The Significance of Identity Security

Cybersecurity incidents involving compromised credentials continue to be the most common cause of a data breach for enterprises, and account takeover for individuals. The need to secure our digital identities remains one of the most urgent tasks facing our digital ecosystem.

Attendees Will Learn:
- Why do we need an Identity Management Day?
- What can you do as an individual, an SMB or an enterprise to #BeIdentitySmart?
- How to Become an Identity Management Champion and the resources available.
- Other ways to get involved in Identity Management Day.

Who Should Attend:
- CISOs
- CIOs
- IAM Architects
- IAM Engineers
- Application Architects

Identity Management Day 2024: How To Get Involved

Mergers and Acquisitions happen all of the time. Regardless of the industry, size, or type of organization, a common thread exists around either combining or keeping separate
identity management, email systems, and file sharing throughout the new organization. This webinar will have speakers with real-world experience in the pains and joys of IAM in M&A work.

Attendees Will Learn:
- Lessons learned from IAM in M&A
- Pitfalls to avoid during M&A processes
- Practices to use when merging dissimilar IAM technologies
- How to ensure that dissimilar IAM methodologies can be kept separate

Who Should Attend:
- IAM Engineers
- CISOs
- Chief Privacy Officers
- Enterprise Engineers
- Application Engineers

Challenges and Pitfalls of IAM with Merger and Acquisition Activity

Effective cloud security goes beyond fixing configurations or permissions it’s fundamentally about controlling “access” to your cloud—your consoles, data and infrastructure. In this webinar, we will address the gap between detection and remediation and dive into the major areas posing as substantial threats in the cloud environment.

Attendees will learn:
– How to evolve to deliver cloud security as a part of holistic identity security.
– The challenges of modern identity security in the cloud.
– Actions and best practices to meet these challenges and elevate your identity security to include your multi-cloud estate.

Who should attend:
Cloud security leaders, architects and identity leaders.

It All Comes Back to Access: How to Establish Cloud Identity Security in 2024

Traditional least privilege practices have proven inadequate. Enterprises are caught between over-provisioning roles or resort to the blunt instrument of full access removal – both lead to operational inefficiency and increased risk.

Gain insight into:
– Inefficiencies of all-or-nothing access policies in contemporary enterprise contexts.
– Strategies for implementing a nuanced access model that refines least privilege for practical, everyday use.
– Real-world examples showcasing the limitations of traditional PoLP and the benefits of a revised approach.

Attendees will get an enriched perspective on achieving true least privilege - one that reflects the changing realities of cloud (and on-prem) access requirements.

The Broken State of Least Privilege: Reimagining a New Approach

Third-party privilege is one of the most significant attack vectors organizations face. Yet, today's organizations manage a wide range of external identities such as contractors, partners, freelancers, suppliers, and affiliates to perform important business functions. Managing their identities and the access they receive is becoming increasingly complex, manual, and fraught with error. It’s time to bring all these critical identities under control.

Join this webinar for advice on how to create more trust in your third party relationships by adding sustainable processes and tools that enable you to control access. In this session Saviynt experts will discuss:
– Creating a smooth, secure Day-1 process
– Using just-in-time access provisioning to reduce risk to data
– Leveraging PAM processes to monitor and audit third party activities

Use Identity Convergence to Collaborate More Securely With External Partners

Whether you are just starting your journey with IAM, or are a sophisticated organization with advanced programs, IDSA best practices enable you to build a roadmap and benchmark your progress.

Securing human and machine identities in production environments is critical, but cloud complexity and the necessary skills make it extremely difficult. During this webinar, Lior Zatlavi, Tenable Senior Principal Cloud Security Architect, who chairs the IDSA CIEM Technical Working Group, will explain how you can jumpstart your CIEM efforts by implementing relevant best practices to increase visibility, effectively manage entitlements, and further reduce risks by categorizing both human and service identities. He will also demonstrate how to leverage tools like Ermetic (now Tenable Cloud Security) to automate processes.

Attendees will learn about the importance of:
● Listing and tracking all identity relationships in your cloud infrastructure
● Processing logs to profile the activity of identities and detecting anomalous behavior patterns
● Integrating the remediation of excessive permissions to existing workflows
● Managing Just-in-Time access to reduce standing privilege

Who should attend?
This talk is relevant for both c-level executives who are aiming to solve the business challenges that CIEM can resolve, as well as cloud security practitioners, who get into the nitty gritty of it all.

Elevating Cloud Security with CIEM Best Practices

Cyber deception has been around in some shape or form since the 1960s, excelling at finding threats inside the network, whether they are external attackers who have broken in or malicious insiders attempting corporate espionage. Security professionals are familiar with early forms of deception technology in cybersecurity, such as honeypots, honeynets, and honeytokens. While the techniques are the same, modern deception has moved far beyond these early technologies.

Attendees Will Learn:
– Deception technology for a modern defense
– How cyber deception disrupts advanced attacks
– How advanced cyber deception capabilities improve your overall security posture
– How organizations can use cyber deception to enhance Identity Security

Who Should Attend:
– Cyber security professionals
– Information security professionals
– IT security professionals
– Managed service providers

Leveling Up Identity Security with Cyber Deception

We will look at some significant results from two independent research surveys on identity trends.

Attendees will learn:
– The latest in identity research
– Common trends in securing digital identities
– Minding the gaps in identity security practices and standards

Who should attend:
– Identity Managers
– CISO
– CIO
– Privacy Officera
– Application Engineers
– GRC Analyst

Identity Security – Survey Says!

Identity Security concepts are top of mind for auditors, regulators, cyber insurance providers and more. How should organizations prioritize conflicting definitions of the term? In this session, we’ll share the technical foundations, history and core concepts of Identity Security.

Attendees Will:
 – Explore Identity Security trends and concepts.
 – Learn about CyberArk's vision for Identity Security.
 – Hear real stories from a global team with nearly 50 years of combined IT experience.

Identity Security Trends: Stories from the CyberArk Field Technology Office

Google recently announced a proposal to reduce the maximum validity period for public TLS certificates from 398 days to 90 days. This is a massive change that all organizations need to be aware of now to start preparing for how to renew all public TLS certificates four times a year.
What is the objective behind these proposed changes? What’s the impact on certificate management and how should organizations prepare?
Certificate lifecycle management automation is the only way to keep up with short-lived certificates to ensure your internet applications are available and secure. Start preparing now!

What Will Attendees Learn?
– Google’s proposal to reduce the TLS certificate validity
– The impact of short-lived certificates and how to prepare
– How to achieve certificate lifecycle automation and crypto-agility at scale with AppViewX CERT+

Crypto-Agility Automation: Preparing for Google’s 90-Day TLS Validity Proposal

A reckoning is coming for Traditional MFA, as many methods are easily hacked and grounds for higher cyber insurance premiums and non-renewals. To best stay ahead of the latest hacker attacks and exceed cyber compliance, you need a novel approach to MFA. One that is powered by a risk-based, continuous authentication platform that provides passwordless options, device, trust, and security controls throughout the digital journey including post authorization. Attend this webinar to hear which MFA methods are being mandated to attain cyber security compliance.

Attendees Will Learn:
– Why certain MFA methodologies are not allowed by highly regulated industries like the Federal Government, Energy and Financial Services.
– How to use a passwordless continuous authentication approach to analyze user activity and detect anomalies for ultimate security.
– Real-world examples on how to decrease the chance of cyber insurance being rescinded.
– How to implement unified security controls for all users and resources to block unauthorized and malicious access in real-time for cyber insurance compliance.

Who Should Attend:
– Manager, Identity and Access Management
– Global Head of IAM Strategy 
– Senior IAM engineer 
– CISO
– Director, Identity and Access Management
– Identity and Access Management
– Information Security Directors 
– VP of Cybersecurity

The Reckoning: Why Traditional MFA is Not Enough for Cyber Insurance Compliance

Optimizing IAM infrastructure through program maturity involves continuously improving IAM program to better align with your organization's security goals and needs. In this webinar, Asif Savvas, CPO, Simeio and Aubrey Turner, Executive Advisor, Ping Identity will share best practices and steps IAM leaders can take, from setting clear goals that are meaningful, to leveraging automation and analytics to improve efficiency and effectiveness.

Attendees Will Learn: 
·  The relevance of setting goals and roadmap for your IAM journey to achieve maturity.
·  Case studies where enterprises started with a foundational program and achieved maturity resulting in optimizing their IAM infrastructure.
·  Identifying KPIs that are relevant for business stakeholders
·  The role of automation and analytics in achieving KPIs
·  Assessing and measuring key IAM domain performance

Optimizing IAM Infrastructure Through Program Maturity

Comprehensive IAM frameworks are crucial for safeguarding user identity and access privilege. Human vulnerabilities, like errors and social engineering attacks, can compromise IAM systems. Join us to explore proactive and adaptive approaches for managing IAM, integrating technology and user education. We'll discuss the human aspects of a security framework and balancing user convenience with security. Learn how to achieve adaptability while protecting against threats.

Attendees Will Learn How To:
• Identify and address vulnerabilities posed by human errors and social engineering attacks in IAM systems through thorough training and awareness programs for employees.
• Implement proactive and adaptive approaches to effectively manage IAM and stay ahead of potential security threats.
• Integrate technology solutions with comprehensive user education programs to enhance the overall security posture of IAM systems.
• Develop and implement strategies that strike the right balance between user convenience and security measures without overly burdening users.
• Learn from adversaries and adopt adaptability in IAM management to align with evolving threats and industry best practices.

Identity: Humans are the Problem

Balancing security and usability is crucial—especially in fast-paced environments where an organization’s frontline workers often need to authenticate quickly, manage complex workflows, and handle customer interactions. However, many businesses struggle with outdated and inefficient authentication processes that can create significant user friction, high costs, and gaps that can be exploited by bad actors.

Avoid these pitfalls with modern approaches that can meet you where you are today—regardless of your underlying IT complexity—and find out how organizations like CarMax are moving away from legacy approaches to authentication and toward the foundations of a Zero Trust and passwordless future.

How CarMax Empowers Their Workforce with Modern Authentication

Identity is the new perimeter has been the industry mantra for a while now. But is that enough? With the new normal of remote workers and the increased risk that comes along with that, it is no longer the new perimeter, but is now the ONLY perimeter that matters. Learn how managing and strengthening your identity core is critical to the success of any organization

Attendees Will Learn:
• Why Identity is important to the overall security of an organization.
• How organizations approach must be different.
• How the context of an identity is key.

Identity is the ONLY Perimeter

As the most broadly deployed identity service in the world, Active Directory is a lucrative target for cyberattackers. Ransomware-as-a-service groups including Conti and LockBit 2.0 have become increasingly adept at finding and exploiting security gaps in Active Directory. In this session, Alexandra Weaver, Semperis Solutions Architect, discusses the most common AD security vulnerabilities she encounters in her work with customers, how attackers take advantage of those gaps with examples from recent attacks, and how you can harden your AD security posture to prevent attacks. 
Key takeaways:
• Common AD vulnerabilities that attackers exploit, grouped into five categories: account security, AD infrastructure, Group Policy, Kerberos, and AD delegation 
• How malicious actors compromised AD in well-known attacks such as Colonial Pipeline
• How you can identify and proactively close security gaps in your AD environment

Top Active Directory Attacks and How to Prevent Them

Active Directory

Identity Management

Identity Security

Ransomware

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Top Active Directory Attacks and How to Prevent Them

Presented by

About this talk

More from this channel