Live Demo Session:
Best Practices: Protect Your Active Directory Against Ransomware
Virtually 100% of modern ransomware attacks include attempts to enumerate and/or exploit Active Directory. Why? Active Directory (AD) is the primary source of information for all enterprise resources and is core to the applications that run an organization, making it a high-value target for adversaries. When AD is compromised business stalls!
During their execution and propagation phases, ransomware such as Conti, Maze, LockBit, etc. all attempt to query Active Directory either by living off the land, or by leveraging tools such as BloodHound, AdFind, and CobaltStrike. Join this virtual Best Practices Session to learn:
- Why attackers are successfully going after your AD
- How to effectively reduce your AD attack surface, which limits the number of ways an attacker can exploit AD
- How to gain visibility into real-time attacks, including brute-force and mass account changes
- How to identify users and applications making queries into privileged AD objects
- How to hide your critical accounts from unintended eyes, delivering misinformation to attackers to halt their progress -All without requiring privileged accounts or running additional software on your domain controllers!
Date: April 6, 2022
Time: 10:00 a.m. PDT/1:00 p.m. EDT
Presenters: Todd Rosenberry, Sr Consulting Engineer, Steve Griffiths, Lead Architect AD Products, and Robert Crisp, VP Technical Services
*Playback recordings will not be made available for these sessions.