The document discusses hybrid Active Directory (AD) security challenges and how Quest solutions can help. It describes how AD is critical even for cloud/hybrid environments. Common security challenges include lack of visibility across on-premises and cloud resources and inability to track policy violations or maintain long-term audit trails. Quest solutions provide real-time detection and alerting across hybrid environments, help investigate incidents, and enable remediation of unauthorized activities through reduced privileged access and continual assessment. A demo shows how Quest tools consolidate event data and correlate identities to better detect and respond to threats.
Sounding the Alarm with Real-Time AD Detection and Alerting
1. How to Overcome Common Hybrid AD
and Cloud Security Challenges
• Part 2: Sounding the Alarm with Real-Time AD
Detection and Alerting
2. Confidential3
Today’s speakers
Bryan Patton - CISSP
Principal Strategic Systems Consultant, Microsoft Platform Management
Bryan.Patton@quest.com
Austin Collins
Product Marketing Manager, Microsoft Platform Management
Austin.Collins@quest.com
Shawn Barker
Sr. Product Manager, Microsoft Platform Management
Shawn.Barker@quest.com
3. Confidential4 Confidential4
Webcast Series: How to Overcome Common Hybrid AD
and Cloud Security Challenges
Part 1: Identifying Hybrid AD
Security Risks with Continuous
Assessment
• May 3rd at 11EST
Part 2: Sounding the Alarm with
Real-Time AD Detection and Alerting
• May 10th at 11EST
Part 3: Who’s Watching the
Watchers? Fixing and Preventing
Inappropriate Privileged Access
• May 17th at 11EST
Part 4: Investigating and Recovering
from a Potential Hybrid AD Security
Breach
• May 24th at 11EST
Quest.com/StopHankNow
Continually
assess
Detect
and alert
Investigate
and recover
Remediate
and mitigate
4. • What is Hybrid Directory Security?
• Who is Hank the Hacker?
• Hybrid AD and Cloud Security challenges
• Quest Hybrid AD Security Solutions
• Live Demo
• Q&A and Wrap-up
Agenda
6. Confidential8 Confidential8
• Office 365 requires an Azure
AD instance
• Azure AD provides the
Directory Service for Office
365 applications
• Azure AD integrates with On-
premise AD creating a Hybrid
Directory environment
Hybrid Active Directory Environment
7. Confidential9
What does AD have to do with Office 365 Security?
95 Million
AD authentications are under
attack daily
90%
Of companies use on-
premises AD
70%
YoY growth for Office 365 adoption
1 Million
Subscribers a month
moving to Office 365
700 Million
Azure AD accounts
10 Billion
On-prem AD authentications per
day
1.3 Billion
MS cloud login attempts per day
75%
Of enterprises with more
than 500 employees sync on
prem. AD to Azure AD
10 Million
Daily MS Cloud logins are
cyber-attacks
8. Confidential10 Confidential10
Active Directory Security is Critical
On-premises AD remains the core of security even in a
cloud/hybrid environment
On-prem is authoritative source and will replicate to Azure AD &
Office 365
With security, you are only as secure as your weakest link
1
2
3
13. Key Considerations
• How will I know if any suspicious privileged
account activities have occurred?
• Have any changes occurred that could be
an indication of an insider threat?
• How will I know, quickly, if an intrusion has
happened?
• Could we be under brute-force attack right
now?
Key Considerations
14. Confidential16 Confidential16
Key Challenges
• Visibility into who is doing what across
AD, Windows, Azure AD & Office 365
• Correlating activity across on premises
and cloud resources into a single view
• Tracking violations to security policies
• Continuous compliance to external
regulations & internal audits
• Maintaining history of audit trails to
satisfy internal policy & regulators
15. Confidential17 Confidential17
Challenges with Native Auditing
• No comprehensive, central view of all changes
from all Windows platforms
• Searching for a specific activity is time consuming
and frustrating
• Event details with limited information are difficult to
interpret without expertise
• No protection exists to prevent unwanted changes
to the most sensitive objects, even from privileged
users
• No long term archiving of activity to satisfy internal
security groups or external compliance
requirements
17. Confidential19 Confidential19
Quest Hybrid Active Directory Security Solution
Continually
assess
Detect
and alert
Remediate
and mitigate
Investigate
and recover
Active
Directory
Unified AD
Fine-Grained
Provisioning
UNIX
Servers
SP2K
PROD
AZUREAD
O365
INDIA
ASIAPAC
EMEA
US
Aqusiition
AD.
SAAS Apps.
Exchange
SQL
File Servers
On Prem. Apps
AAD Connect
18. Confidential20 Confidential20
Quest On-Prem & Hybrid Security Solutions
• Investigate security Incidents
• Continuously test your business
continuity plan
• Recover from a security incident
• Improve your RTO following a
disaster
• Secure access to AD DC data
• Enforce permission
blacklisting/whitelisting in AD
• Implement AD least-privilege
access model
• Reduce surface attack area in AD
• Prevent unauthorized access to
sensitive resources
• Remediate unauthorized activities
• Who has access to what
sensitive data
• Who has elevated privileged
permissions
• What systems are vulnerable to
security threats
• Detect suspicious privileged
activities
• Alert on potential insider threats
• Notify in real time of
unauthorized intrusions against
• Detect and alert on brute-force
attacks
Continually
assess
Detect
and alert
Investigate
and recover
Remediate
and mitigate
33. Confidential35 Confidential35
Change Auditor
Consolidates event data from on premises and from
cloud targets
Correlates identities across on premises and cloud
Configures and maintain your audit policy across your
hybrid environment
1
2
3
35. Confidential37 Confidential37
• Additional data than you natively receive on premise
• Correlation of data in the cloud
• Reduce noise to focus on what is important in your
environment
Summarize
36. Confidential38 Confidential38
Next Steps: Attend next week or watch on-demand!
Part 1: Identifying Hybrid AD
Security Risks with Continuous
Assessment
• May 3rd at 11EST
Part 2: Sounding the Alarm with
Real-Time AD Detection and Alerting
• May 10th at 11EST
Part 3: Who’s Watching the
Watchers? Fixing and Preventing
Inappropriate Privileged Access
• May 17th at 11EST
Part 4: Investigating and Recovering
from a Potential Hybrid AD Security
Breach
• May 24th at 11EST
Quest.com/StopHankNow
Continually
assess
Detect
and alert
Investigate
and recover
Remediate
and mitigate