All I Want for Christmas is A Secure Active Directory – Enterprise Security Weekly #73
December 22, 2017
Many roads lead to Active Directory insecurity, such as e-mail phishing, letting go of your foothold, and all of that can be done without getting caught. These problems can be solved with Endpoint Detection, correlating your network, endpoint, log events, and being encrypted. Paul and John discuss their theories on Active Directories and what to do to save you from being hacked!
All I want for Christmas is a Secure Active Directory
I find that many roads lead to Active Directory insecurity:
Email phishing campaigns successfully provide attackers with a foothold - Okay, so this problem is solved outside of AD, right?
Once you gain a foothold, you can gather information and credentials
Once you have a map and credentials, you can move laterally
Once you move laterally, you can own all the most critical and sensitive data
You can do all of the above without getting caught, or they find it once its too late
You can try to solve the above problems with:
Endpoint detection and response
Correlating network, endpoint and log events
While it's better to:
Fix the authentication issues (Prevention)
Turn off features that give attackers the map (Reduce the footprint)
Detect certain events in AD that show abuses of authentication and lateral movement (Detection)
Full Show Notes
Visit http://secweekly2.wpengine.com/esw for all the latest episodes!
[audio src="http://traffic.libsyn.com/eswaudio/All_I_want_for_Christmas_is_a_Secure_Active_Directory_-_Enterprise_Security_Weekly_73_converted.mp3" ]
In an on-demand virtual event for CyberRisk Alliance, Don Cox, former CISO at Mednax, speaks with SC Media Deputy Editor Bradley Barth about endpoint security and communicating practices for good security posture.