Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mitigating Risk in a Complex Hybrid Directory Environment


Published on

Webcast discussion on our Hybrid Active Directory Security story. Any defense is only as strong as its weakest point. Office 365 and its Azure Active Directory underpinnings are highly security focused, with features like conditional access, multi-factor authentication, and best-in-class identity security reporting. But if you have a hybrid identity architecture in which your Active Directory users and groups are projected into the cloud, your weakest link isn't the cloud--it's your Active Directory.

Published in: Software
  • How Do Social Media Jobs Pay $35 Per Hour? ♥♥♥
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Mitigating Risk in a Complex Hybrid Directory Environment

  1. 1. Mitigating Risk in a Complex Hybrid Directory Environment Hosted by: Brad Sams Petri Presenter: Sean Deuby Veeam Presenter: Alvaro Vitta
  2. 2. What percentage of your organization has moved to Office 365? • 1-10% • 10%-30% • 30%-50% • 50%+ • We’re not using Office 365 today
  3. 3. Sean Deuby • Identity technology analyst and expert • Microsoft MVP for Directory Services since 2004 • Consults and speaks on cloud identity and identity as a service (IDaaS) • Identity architect at Edgile, Inc. • Frequent contributor to Petri IT Knowledgebase
  4. 4. Alvaro Vitta • Principal Solutions Architect specializing in security at Quest • Specializes in Microsoft cloud-based data center technologies, including Azure AD, Office 365, Active Directory, Exchange, and EMS (Enterprise Mobility Suite) • Works with large private and public organizations to help them solve business problems with software solutions across cloud, hybrid, and private data center environments
  5. 5. Confidential5 • Market trends • Infrastructure security challenges • The solution AGENDA
  6. 6. Confidential6 MARKET TRENDS
  7. 7. Organizations have used AD to authenticate since 2001 2003 2013-TODAY Organizations begin taking the cloud seriously 2007 Collaboration heats up 2009 Server 2008R2 -new forest level 2001 AD replaces NT 2008 Add new resource forest for security 2010 Upgrades, M&As, BYOD, security risks TODAY Future-ready Windows Infrastructure 2004 Email is now business critical
  8. 8. Office 365 adoption is growing rapidly • 22 million consumers (55% YOY growth from 12.4 M) and 70 million commercial customers who have active Office 365 subscriptions. • In the commercial segment, Office 365 had a 57 percent month-over-month jump in the latest 2016 quarter. • Year-over-year growth: about 1 million subscribers a month are adopting Office 365
  9. 9. Why do organizations move to the cloud? • Reduce infrastructure, licensing, and maintenance costs, eliminating on-premises infrastructure and finding storage efficiencies • Empower workforce to operate from anywhere from any device • Increase scalability and business continuity
  10. 10. What about Azure Active Directory? • Office 365 *requires* an Azure AD instance • Azure AD provides the Directory Service for Office 365 applications • Azure AD integrates with on-prem AD creating a HYBRID Directory environment Azure Active Directory
  11. 11. Hybrid Environment: Azure AD Connect Synchronization Workflow
  12. 12. Summary: How Hybrid Directory was ‘created’ 90% of Companies use AD-On prem. O365 Adoption Growing at 70% YoY. AAD has over 10M tenants 75% of Orgs. > 500 users synch AD-On prem. >> AAD Hybrid Directory
  13. 13. How important is protecting on-prem AD resources? 75% of enterprises with more than 500 employees sync their on-prem AD accounts to Azure AD/Office 365 (AD on premises is authoritative)
  14. 14. If you’re leveraging Office 365, are you using Azure AD? • Yes, managing Azure AD accounts • Yes, but only replicating to Azure AD from on- prem • No, not using
  16. 16. What is the surface attack area? AD On-Prem Active AD licenses 500 Million Companies using AD to authenticate 90% 95 million of those accounts are under attack every single day (Microsoft) Daily authentic- ations 10 Billion Accounts under attack each day 95 Million
  17. 17. What is the surface attack area? Azure AD Number of Azure AD accounts 700 Million Number of Azure AD tenants 10 Million Daily logons 1.3 Billion MS Cloud daily cyberattacks 10 Million Microsoft's user identity management systems, process over 13 billion logins Over 10 million (per day) of these logins are cyber-attacks.
  18. 18. Business Challenges • Data exfiltration • Insider threats • Compliance failures • Prolonged operational downtime • Revenue loss due to downtime, loss of productivity, and potentially fines • No permission baselining • No automatic remediation • Lack of detailed auditing • Labor-intense/error-prone • Lack of granular delegation • Disjointed administration • Manual DR Processes Technical Challenges Dangers and pitfalls if you don’t secure AD on-prem Hybrid Directory Challenges faced by businesses
  19. 19. Confidential19 WHAT’S THE SOLUTION? Securing the weakest link in your hybrid directory
  20. 20. Quest AD Security Lifecycle Methodology
  21. 21. Continually Assess • Who has access to what sensitive data and how did they get that access? • Who has elevated privileged permissions in AD, servers, and SQL DBs? • What systems are vulnerable to security threats?
  22. 22. Detect and Alert • How will I know if any suspicious privileged account activities have occurred? • Have any changes occurred that could be significant of an insider threat? • How will I know, quickly, if an intrusion has happened? • Could we be under brute-force attack right now?
  23. 23. Remediate and Mitigate • Is access control allowing those whitelisted in and blacklisted out? • Do my users have the lowest level of user rights possible to do their jobs? • Are my sensitive resources protected? • How much time will it take me to manually remediate unauthorized changes?
  24. 24. Investigate and Recover • How can I be sure that ‘it’ doesn’t happen again? • How can I test my business continuity plan without going off line? • How long will it take us to recover from an AD security incident, manually? • What is my AD RTO after a disaster? • Can I secure access to my DC before next time?
  25. 25. Active Directory Security Suite components IT Security Search & Recovery Manager FE • Investigate AD security incidents • Continuously test your AD business continuity plan • Recover from a security incident • Improve your RTO following a disaster • Secure access to AD DC data Enterprise Reporter • Report on elevated permission in AD • visibility of open shares across servers • Understand which servers have vulnerable security settings Active Roles & GPOAdmin • Enforce permission blacklisting/whitelisting in AD • Implement AD least-privilege access model • Prevent unauthorized access to sensitive resources • Auto-Remediate unauthorized activities Change Auditor for AD • Detect suspicious privileged AD activities • Alert on potential AD insider threats • Notify in real time of unauthorized intrusions against AD • Detect and alert on brute-force attacks
  26. 26. Hybrid directory solution protects all the way around
  27. 27. Secure your Active Directory to mitigate risk in Office 365 • Organizations moving to Office 365 have real and significant security challenges around Active Directory. • On-premises AD remains the core of security even in a cloud/hybrid environment. • Quest offers the only end-to-end AD Security solution in the market • Don’t let your on-premises AD be your Hybrid Achilles Heel!
  28. 28. What is the biggest technology problem facing your organization today? • Pressure on our IT budget • Security threats • IT skill gap • Legacy applications management • Cloud migration difficulty • Other
  29. 29. We get IT Work Smarter | The IT Knowledgebase Thank you for joining. Our broadcast, presentation, and a Tech Brief Summary will be provided.