Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sounding the Alarm with Real-Time AD Detection and Alerting

409 views

Published on

Just because your hybrid Active Directory (AD) environment is secure today doesn’t mean it will be tomorrow. You need to stay on top of unusual or suspicious activity if you want to ensure everything happening in your environment is always on the up and up.

In this live webcast, AD experts will identify our two-fold strategy that defines inappropriate changes and then creates strategic alerts for when they occur. We’ll then explore how this strategy helps to reduce the risk of exposure caused by insider attacks and data breaches.

Take a look at the entire series: https://www.quest.com/stophanknow

Published in: Technology
  • DOWNLOAD THI5 BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ACCESS WEBSITE for All Ebooks ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Sounding the Alarm with Real-Time AD Detection and Alerting

  1. 1. How to Overcome Common Hybrid AD and Cloud Security Challenges • Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting
  2. 2. Confidential3 Today’s speakers Bryan Patton - CISSP Principal Strategic Systems Consultant, Microsoft Platform Management Bryan.Patton@quest.com Austin Collins Product Marketing Manager, Microsoft Platform Management Austin.Collins@quest.com Shawn Barker Sr. Product Manager, Microsoft Platform Management Shawn.Barker@quest.com
  3. 3. Confidential4 Confidential4 Webcast Series: How to Overcome Common Hybrid AD and Cloud Security Challenges Part 1: Identifying Hybrid AD Security Risks with Continuous Assessment • May 3rd at 11EST Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting • May 10th at 11EST Part 3: Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access • May 17th at 11EST Part 4: Investigating and Recovering from a Potential Hybrid AD Security Breach • May 24th at 11EST Quest.com/StopHankNow Continually assess Detect and alert Investigate and recover Remediate and mitigate
  4. 4. • What is Hybrid Directory Security? • Who is Hank the Hacker? • Hybrid AD and Cloud Security challenges • Quest Hybrid AD Security Solutions • Live Demo • Q&A and Wrap-up Agenda
  5. 5. What is Hybrid Active Directory Security?
  6. 6. Confidential8 Confidential8 • Office 365 requires an Azure AD instance • Azure AD provides the Directory Service for Office 365 applications • Azure AD integrates with On- premise AD creating a Hybrid Directory environment Hybrid Active Directory Environment
  7. 7. Confidential9 What does AD have to do with Office 365 Security? 95 Million AD authentications are under attack daily 90% Of companies use on- premises AD 70% YoY growth for Office 365 adoption 1 Million Subscribers a month moving to Office 365 700 Million Azure AD accounts 10 Billion On-prem AD authentications per day 1.3 Billion MS cloud login attempts per day 75% Of enterprises with more than 500 employees sync on prem. AD to Azure AD 10 Million Daily MS Cloud logins are cyber-attacks
  8. 8. Confidential10 Confidential10 Active Directory Security is Critical On-premises AD remains the core of security even in a cloud/hybrid environment On-prem is authoritative source and will replicate to Azure AD & Office 365 With security, you are only as secure as your weakest link 1 2 3
  9. 9. Who is Hank the Hacker?
  10. 10. Confidential12 Confidential12 • Organized criminal groups • State-affiliated actors • Disgruntled employees • Rouge administrators • Contractors • Etc. Who is Hank?
  11. 11. Confidential13 Confidential13 How Hank Gets In? • Malware • Ransomware • Pass-the-hash • Weak passwords • Social engineering • Authorization creep • Spear Phishing • Etc.
  12. 12. Hybrid AD Security Challenges
  13. 13. Key Considerations • How will I know if any suspicious privileged account activities have occurred? • Have any changes occurred that could be an indication of an insider threat? • How will I know, quickly, if an intrusion has happened? • Could we be under brute-force attack right now? Key Considerations
  14. 14. Confidential16 Confidential16 Key Challenges • Visibility into who is doing what across AD, Windows, Azure AD & Office 365 • Correlating activity across on premises and cloud resources into a single view • Tracking violations to security policies • Continuous compliance to external regulations & internal audits • Maintaining history of audit trails to satisfy internal policy & regulators
  15. 15. Confidential17 Confidential17 Challenges with Native Auditing • No comprehensive, central view of all changes from all Windows platforms • Searching for a specific activity is time consuming and frustrating • Event details with limited information are difficult to interpret without expertise • No protection exists to prevent unwanted changes to the most sensitive objects, even from privileged users • No long term archiving of activity to satisfy internal security groups or external compliance requirements
  16. 16. How Does Quest Help?
  17. 17. Confidential19 Confidential19 Quest Hybrid Active Directory Security Solution Continually assess Detect and alert Remediate and mitigate Investigate and recover Active Directory Unified AD Fine-Grained Provisioning UNIX Servers SP2K PROD AZUREAD O365 INDIA ASIAPAC EMEA US Aqusiition AD. SAAS Apps. Exchange SQL File Servers On Prem. Apps AAD Connect
  18. 18. Confidential20 Confidential20 Quest On-Prem & Hybrid Security Solutions • Investigate security Incidents • Continuously test your business continuity plan • Recover from a security incident • Improve your RTO following a disaster • Secure access to AD DC data • Enforce permission blacklisting/whitelisting in AD • Implement AD least-privilege access model • Reduce surface attack area in AD • Prevent unauthorized access to sensitive resources • Remediate unauthorized activities • Who has access to what sensitive data • Who has elevated privileged permissions • What systems are vulnerable to security threats • Detect suspicious privileged activities • Alert on potential insider threats • Notify in real time of unauthorized intrusions against • Detect and alert on brute-force attacks Continually assess Detect and alert Investigate and recover Remediate and mitigate
  19. 19. Confidential21 Confidential21 Privileged Accounts • What are they doing with the access • Do they need that access • Reduce surface attack area
  20. 20. Demo Screenshots
  21. 21. Confidential23 Confidential23
  22. 22. Confidential24 Confidential24
  23. 23. Confidential25 Confidential25
  24. 24. Confidential26 Confidential26
  25. 25. Confidential27 Confidential27
  26. 26. Confidential28 Confidential28
  27. 27. Confidential29 Confidential29
  28. 28. Confidential30 Confidential30
  29. 29. Confidential31 Confidential31
  30. 30. Confidential32 Confidential32
  31. 31. Confidential33 Confidential33
  32. 32. Confidential34 Confidential34
  33. 33. Confidential35 Confidential35 Change Auditor Consolidates event data from on premises and from cloud targets Correlates identities across on premises and cloud Configures and maintain your audit policy across your hybrid environment 1 2 3
  34. 34. Confidential36 Confidential36 InTrust Response actions based on events in logs Caching of logs to ensure complete audit trail Compression of logs for longer storage 1 2 3
  35. 35. Confidential37 Confidential37 • Additional data than you natively receive on premise • Correlation of data in the cloud • Reduce noise to focus on what is important in your environment Summarize
  36. 36. Confidential38 Confidential38 Next Steps: Attend next week or watch on-demand! Part 1: Identifying Hybrid AD Security Risks with Continuous Assessment • May 3rd at 11EST Part 2: Sounding the Alarm with Real-Time AD Detection and Alerting • May 10th at 11EST Part 3: Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access • May 17th at 11EST Part 4: Investigating and Recovering from a Potential Hybrid AD Security Breach • May 24th at 11EST Quest.com/StopHankNow Continually assess Detect and alert Investigate and recover Remediate and mitigate
  37. 37. Questions?
  38. 38. Thank You

×