Most organizations have multiple administrators with privileged accounts. But when you consider Hank the Hacker only has to breach one of those accounts to obtain privileged access to your environment, you start to get an idea of how important it is to keep an eye on those accounts.
In this live webcast, AD experts will show you how to both automatically remediate unauthorized actions immediately to minimize potential damage, but also automate security policy enforcement across Active Directory (on-premises and Azure AD) to mitigate the potential for recurrence.
Find out more at: quest.com/stophank
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access
1. How to Overcome Common Hybrid AD
and Cloud Security Challenges
• Part 3: Who’s Watching the Watchers? Fixing and
Preventing Inappropriate Privileged Access
2. Confidential2
Today’s speakers
Mark Broghammer
Systems Consultant, Microsoft Platform Management
Mark.Broghammer@quest.com
Dan Gauntner
Sr. Product Marketing Manager, Microsoft Platform Management
Daniel.Gauntner@quest.com
Chris Ashley
Sr. Product Manager, Microsoft Platform Management
Chris.Ashley@quest.com
3. Confidential3 Confidential3
Webcast Series: How to Overcome Common Hybrid AD
and Cloud Security Challenges
Part 1: Identifying Hybrid AD
Security Risks with Continuous
Assessment
• May 3rd at 11est
Part 2: Sounding the Alarm with
Real-Time AD Detection and Alerting
• May 10th at 11est
Part 3: Who’s Watching the
Watchers? Fixing and Preventing
Inappropriate Privileged Access
• May 17th at 11est
Part 4: Investigating and Recovering
from a Potential Hybrid AD Security
Breach
• May 24th at 11est
Quest.com/StopHankNow
4. • What is Hybrid Directory Security?
• Who is Hank the Hacker?
• Hybrid AD and Cloud Security challenges
• Quest Hybrid AD Security Solutions
• Live Demo
• Q&A and Wrap-up
Agenda
6. Confidential6 Confidential6
• Office 365 requires an Azure
AD instance
• Azure AD provides the
Directory Service for Office
365 applications
• Azure AD integrates with On-
premise AD creating a Hybrid
Directory environment
Hybrid Active Directory Environment
7. Confidential7 Confidential7
What does AD have to do with Office 365 Security?
95 Million
AD authentications are under
attack daily
90%
Of companies use on-
premises AD
70%
YoY growth for Office 365 adoption
1 Million
Subscribers a month
moving to Office 365
700 Million
Azure AD accounts
10 Billion
On-prem AD authentications per
day
1.3 Billion
MS cloud login attempts per day
75%
Of enterprises with more
than 500 employees sync on
prem. AD to Azure AD
10 Million
Daily MS Cloud logins are
cyber-attacks
8. Confidential8 Confidential8
Active Directory Security is Critical
On-premises AD remains the core of security even in a
cloud/hybrid environment
On-prem is authoritative source and will replicate to Azure AD &
Office 365
With security, you are only as secure as your weakest link
1
2
3
13. Key Considerations
• Is access control allowing those whitelisted
in and blacklisted out?
• Do my users have the lowest level of user
rights possible to do their jobs?
• Are my sensitive resources protected?
• How much time will it take me to manually
remediate unauthorized changes?
Key Considerations
14. Confidential14 Confidential14
Key Challenges
• Too many over-privileged users
71% of users have inappropriate access
• Privileged account misuse
• Incorrect/outdated group
membership
• Group Policy management
16. Confidential16 Confidential16
Quest On-Prem & Hybrid Security Solutions
• Investigate AD security Incidents
• Continuously test your AD business
continuity plan
• Recover from a security incident
• Improve your RTO following a
disaster
• Secure access to AD DC data
• Enforce permission
blacklisting/whitelisting in AD
• Implement AD least-privilege
access model
• Reduce surface attack area in AD
• Prevent unauthorized access to
sensitive resources
• Remediate unauthorized activities
• Who has access to what
sensitive data
• Who has elevated privileged
permissions
• What systems are vulnerable to
security threats
• Detect suspicious privileged
activities
• Alert on potential insider threats
• Notify in real time of
unauthorized intrusions against
• Detect and alert on brute-force
attacks
Continually
assess
Detect
and alert
Investigate
and recover
Remediate
and mitigate
17. Confidential17 Confidential17
• Delegate to restricted views so people only see what they have rights to perform
• Managed Units
• Version Control Root within GPOADmin
Mitigate
29. Confidential29 Confidential29
• Workflows
• ARS Workflow for service account approval and de-provisioning (discuss only)
• Dynamic Groups
• Rollback and incorporate changes from GPOADmin
• Report on differencessimilarities and refine your GPO’s
Remediate
37. Confidential37 Confidential37
• Active Roles is used
globally to manage and
secure more than 60
million AD user accounts
• Active Roles is in use at
more than 2,500
companies worldwide
• Product has been in
existence since 2003
• Deployments range in size
from 250 to 800K+ users
Active Roles
A single tool for both on-prem
and Azure AD management
and security
38. Confidential38 Confidential38
Automate manual, time-consuming
GPO management tasks
Ensure regulatory compliance with
advanced GPO auditing and tracking
Enhance internal change control
processes
Enjoy peace of mind when deploying
GPO changes
Integrates and extends native tools
Simplified Group Policy Management and Administration
GPOADmin
40. Confidential40 Confidential40
Next Steps: Attend next week or watch on-demand!
Part 1: Identifying Hybrid AD
Security Risks with Continuous
Assessment
• May 3rd at 11est
Part 2: Sounding the Alarm with
Real-Time AD Detection and Alerting
• May 10th at 11est
Part 3: Who’s Watching the
Watchers? Fixing and Preventing
Inappropriate Privileged Access
• May 17th at 11est
Part 4: Investigating and Recovering
from a Potential Hybrid AD Security
Breach
• May 24th at 11est
Quest.com/StopHankNow