Name: Assessing the Security of Your Active Directory: Privileged Account Risks and Controls
Start: 2024-08-14T17:00:00Z
End: 2024-08-14T17:01:12.000Z
Location: BrightTALK
Rating: 5

Netwrix empowers security professionals to face digital threats with confidence by enabling them to identify and protect sensitive data as well as to detect, respond to, and recover from attacks. More than 13,500 organizations across 100+ countries rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity, and infrastructure. By reducing the cybersecurity burden with Netwrix, organizations concentrate on advancing their cause while reducing cyber risk.

For more information, visit www.netwrix.com

In the last twenty years, privileged access management (PAM) has gone through many evolutions to keep pace with the ever-changing cyberthreat landscape. Still, a vital risk remains front and center: Privileged accounts are crucial for the day-to-day work of admins, but they are usually needed for only short periods of time — the rest of the day, they can be compromised by attackers and misused by insiders.

Old-school PAM solutions reduce this risk only to some extent, while being costly and time-consuming to deploy. But it doesn’t have to be this way! In this session, we’ll explore a modern, easy-to-adopt approach that deals with this core problem head-on.

Join this session to learn how you can:
- Leverage privilege orchestration to remove known attack surfaces when at rest
- Dynamically delegate access according to use case without impeding admin efficiency
- Quickly adopt modern PAM tools to centrally control and audit access

Security Renaissance: Why it's time to break with old-school PAM solutions

Identity professionals have traditionally focused on compliance and governance activities, while leaving Security Operations to the Cybersecurity team to monitor the endpoint (EDR) and network (NDR), potentially missing Identity Threats. Cloud adoption has made identity a primary target for cyber security attacks, making it one of the key vectors of attack expansion after infiltration.

As a result, Identity professionals need to consider an Identity Threat Detection and Response (ITDR) program and how to integrate it into their organization’s larger Security Operations Center (SOC). Watch this webinar to find out the considerations that should be made when bringing on an ITDR program and how to incorporate it into an organizations larger SOC program. By doing so, you can ensure that your organization is well-protected against identity-based cyber threats.shell webinar

Adapting to a New Paradigm in Security: Implementing Identity Threat Detection and Response in Your SOC

In this session, we will focus on critical Active Directory attack tactics, detection strategies, and prevention methods to safeguard your organization. During this webinar we will have an in-depth demonstration of live attacks stimulation and practical detection and prevention methods featuring a complete product demonstration across our entire suite of AD security solutions. 

Join this session to gain insights into: 
- DCSync Attacks: Dive into DCSync techniques, explore permissions audits, and uncover attack paths and detection strategies. Learn how to secure replication permissions, detect DCSync attacks, and prevent unauthorized access through Domain ACL monitoring and defense-in-depth strategies.  
- Kerberoasting Attacks: Understand the risk Kerberoasting poses to enterprise environments. We’ll cover the detection, mitigation and prevention techniques, including specific lockdown measures on SPN changes in your Admin Account OUs while keeping service account OUs accessible.

A Deep Dive into Common AD Attacks: Tactics, Detection and Prevention

In this session, we will explore the key strategies for mitigating risks and vulnerabilities. Vincent Le Toux, the founder of PingCastle, will show how you can audit your environment to identify common risks in your AD security posture that enable attacks, like the ones mentioned in the Detecting and Mitigating Active Directory Compromises guide. This report was published by the top six security agencies, ASD, CISA, NSA, CCCS, NCSC-NZ, and NCSC-UK, and PingCastle is highlighted as one of the essential tools for securing Active Directory (AD) environments against evolving threats. 

Join this session to gain insights into: 
- Understand common AD attack vectors that could jeopardize your organization, such as DCSync, Kerberoasting, Certificate Template Abuse (ESC1) and Domain Controller Coercion. 
- Identify security gaps that could leave your organization exposed to different threats.  
- Implement remediation strategies to address identified risks across your AD configurations, policies, and more.

How to Protect Your Organization from Common AD Vulnerabilities

As cyber threats evolve, organizations must strengthen their defenses with a balanced cybersecurity approach, integrating people, processes, and technology. Yet, finding this balance is often challenging. Some focus on tech investments but lack the skilled personnel, while others have strong teams but lack strategic processes or advanced technology.

Watch this interactive panel discussion with experts from Netwrix and KnowBe4 as they explore how to build a comprehensive cybersecurity strategy. 

You will:
- Understand how the three pillars—people, processes, and technology—interconnect to form a strong security framework.
- Learn common challenges and strategies to balance these pillars.
- Explore how managed services can enhance cybersecurity.
- Gain actionable insights for developing a well-rounded security program to protect against emerging threats.

Fortifying the 3 Pillars of Cybersecurity: People, Processes, and Technology

In today’s rapidly evolving digital landscape, protecting sensitive data is more challenging than ever. Data Security Posture Management (DSPM) offers organizations a proactive approach to safeguarding data by providing continuous visibility into security risks, vulnerabilities, and compliance gaps across diverse environments. This webinar will dive deep into the core principles of DSPM, exploring how organizations can effectively implement a comprehensive strategy to mitigate risks, maintain compliance, and secure their most valuable data assets.

You will learn best practices for identifying and classifying sensitive data, and continuously monitoring access to critical information. Whether your organization operates on-premises, in the cloud, or in a hybrid setup, this session will offer actionable insights and real-world examples to help you build and maintain a robust data security posture. 

By watching this session, you will gain insights on:

- The fundamental components of Data Security Posture Management (DSPM) and its importance in today’s cybersecurity landscape. 
- How to identify, classify, and secure sensitive data across on-premises, cloud, and hybrid environments. 
- Strategies for maintaining compliance with industry regulations and continuously improving your organization's security posture.

Enhancing Cybersecurity with Data Security Posture Management

Watch white-hat hacker Brian Johnson (security enthusiast and president of 7 Minute Security) for an insightful webinar on penetration testing using cutting-edge AI tools. He’ll focus on ChatGPT and PentestGPT, an open-source tool designed to assist in penetration testing that integrates seamlessly with ChatGPT.

Watch this session to discover:

- How ChatGPT compares with other prominent language models like those from Meta and Google
- Which types of questions and prompts that ChatGPT excels at, and where it may not be the ideal solution
- What steps are involved in an Active Directory penetration test
- How you can use PentestGPT to jumpstart a pen test, and what its limitations are

But that’s not all! We’ll also discuss how to defend against emerging threats like AI-powered attacks, and explore how Netwrix solutions provide you with a formidable defense.

Hack the Hackers: Exploring ChatGPT and PentestGPT in Penetration Testing

Configurazioni errate e vulnerabilità nascoste nei sistemi AD ed Entra ID sono un vantaggio per gli aggressori informatici. Con Netwrix PingCastle, la nostra soluzione per la valutazione del rischio AD ed Entra ID, ottieni una visione completa dei rischi. Puoi sfruttare le mappature MITRE, ATT&CK™ e ANSSI con il relativo punteggio di rischio per concentrare gli sforzi di sicurezza in modo efficace.
Il risultato? Postura di sicurezza avanzata per il tuo ambiente AD ibrido, correzione efficace e difese migliorate contro le minacce informatiche basate sull'identità in evoluzione.
 
Guarda il nostro webinar e scopri come:
- Elimina i punti ciechi nel tuo ambiente AD
- Identificare e dare priorità ai rischi
- Colmare le lacune di sicurezza
- Monitora e migliora i punteggi di sicurezza per garantire una protezione continua dell'AD

Controlla e riduci i rischi: identifica le vulnerabilità e correggi di Active Directory

Depuis la création des programmes de gouvernance de l'identité, les organisations ont adopté une approche pour principalement sécuriser les accès et ne se sont pas autant concentrées sur le modèle des ressources. Bien que cette approche ait produit des résultats positifs, elle s'est faite au détriment de l'efficacité, de la rapidité et de la précision. Pendant ce webinaire, nous partagerons comment la combinaison des programmes de gouvernance des données et des identités peut produire des résultats plus précis, de meilleurs modèles et une infrastructure plus sûre.

Au-delà de la conformité : pourquoi enrichir la gouvernance des données avec des informations sur les identités ?

Have you recently gone public? Planning an IPO in the coming years and want to know how to prepare? This SOX-focused webinar will cover:  
- How SOX readiness efforts have changed over the past few years 
- Strategy for how to prepare your systems and the way they’re managed 
- The people you need in place 
- In what order you should tackle these challenges

IPO Readiness Checklist for NetSuite and Salesforce

In this session, we will focus on safeguarding sensitive data and protecting SQL servers from unauthorized access. This session will cover effective strategies for identifying and mitigating excessive file reads and unauthorized access to sensitive information.

Join this session to gain insights into:
- Demonstrating "Snaffler" to explore SMB shares/files and discover hidden secrets.
- Using nmap and other tools to locate SQL servers.
- Performing password spraying attacks on SQL "sa" accounts.
- Exploiting stored procedures to capture, crack, or relay domain admin accounts.

Advanced Strategies for SQL Server Protection & Sensitive Information Security

The introduction of PAM to any organization carries a degree of risk. If not introduced and implemented correctly, it can disrupt your IT operations and alienate your administrative staff. Planning and prior consultation with your teams are key to success.
 
Watch this session to:
- Understand the value of workflow mapping
- Explore best practices for deployment and learn how to engage your team
- Compare strategies for introducing PAM to your IT teams
- Learn about new methodologies that can make transitioning to PAM easier

PAM Roadmap: Key Strategies for Effective Deployment and Team Engagement

La transition numérique du secteur de la santé, bien qu'indispensable, a augmenté considérablement le nombre de cyberattaques. Des plus petites structures aux grands hôpitaux, tous sont devenus des cibles privilégiées pour les cybercriminels. En réponse à cette menace croissante, le gouvernement a mis en place le programme CaRE, conçu pour renforcer de manière durable la cybersécurité des établissements de santé.

Lors de ce webinar Boris ROYER Et Jean-Christophe RADIUS de l’hôpital St Joseph, vont vous présenter leur retour d’expérience sur la mise en place d’une solution d’IGA (Gestions des identités et des accès) un des éléments clés du Programme CaRE.

Les points clés abordés pendant ce webinar seront :  
- La gestion des accès aux systèmes d'information
- Le provisioning et déprovisioning automatiques
- Les campagnes de revues des accès
- Comment Netwrix Usercube a leurs aide avec la mise en place du Programme CaRE
- Le ROI d’un tel projet

Programme CaRE : les réponses apportées par la gestion des identités et accès (IGA)

Groups are the fundamental way we manage access both inside Active Directory to control privileged access and readability of directory information as well as outside AD, throughout the rest of your network, to manage both end-user access to information and applications and privileged access to systems relying on AD. 

The biggest issues that contribute to group-based risks include:
There’s no direct way to see all the entitlements a group has across your hybrid on-prem and multi-cloud environment
You frequently find multiple groups with nearly the same name and many of the same users – but not quite
Ownership of groups and criteria for membership is frequently unclear and therefore groups are allowed to grow stale; members are added but never removed
Group-nesting is powerful and has a legitimate use but it can quickly get out of control leading to shocking and unintended results

Groups were always a copious source of findings in my AD security practice where I audited a range of AD implementations and taught regulators like the FDIC and the four large accounting firms how to assess Active Directory. In this session I’ll share what I learned and help you clean up your existing groups in implementing conventions and controls to keep groups secure going forward.

Jennifer Taufan, Netwrix Solutions Engineer, will show you how to:
Report on effective group membership in Active Directory and Entra ID
Understand where groups are granting access to your data sources such as file servers and SharePoint
Monitor and alert on group membership changes

Assessing Your Active Directory: Group Related Risks

In today's rapidly evolving cybersecurity landscape, attackers are leveraging advanced tools like generative AI to find new ways to compromise your IT infrastructure. Watch an insightful webinar where experienced pentester and white-hat hacker Brian Johnson will demonstrate how real-world hackers use tools like ChatGPT to craft sophisticated attacks. More importantly, you'll learn how to detect and prevent these threats.
 
During this session, we will delve into key strategies for strengthening your cybersecurity defenses. This comprehensive webcast will equip you with the knowledge and tools necessary to safeguard your organization’s critical assets.
 
Watch to gain insights into:
- Mitigating Active Directory password spraying attacks.
- Identifying accounts with non-expiring passwords and testing their resilience against weak passwords.- 
- Detecting users in groups with excessive permissions, such as those in "maintenance" groups capable of resetting passwords on key accounts or performing DCSYNC with domain controllers.
- Understanding the role and significance of AdminSDHolder in maintaining security.
 
Don't miss this opportunity to enhance your cybersecurity posture and protect your organization from sophisticated threats.

Mastering Password Security & Active Directory Monitoring

Les erreurs de configuration et les vulnérabilités cachées dans vos systèmes AD et Entra ID représentent une véritable aubaine pour les cyberattaquants. Grâce à Netwrix PingCastle, notre solution pour l’évaluation des risques liés à AD et Entra ID, vous pouvez détecter ces failles et empêcher les malfaiteurs d’exploiter vos systèmes avant qu’il ne soit trop tard. Le résultat ? Une posture de sécurité renforcée pour votre environnement AD hybride, une remédiation efficace et des défenses accrues contre les cybermenaces basées sur l’identité, en constante évolution.

Regardez notre webinaire pour savoir comment :
- Éliminer les zones d’ombre de votre environnement AD
- Repérer les risques et classez-les par priorité
- Combler les failles de sécurité
- Surveiller et améliorer les scores de sécurité pour assurer la protection continue de l’AD

Contrôlez et réduisez les risques : identifiez les vulnérabilités de votre compte Active Directory

As organizações enfrentam atualmente desafios sem precedentes, desde o aumento de ataques de ransomware e de ataques por estados-nação até à necessidade de navegar pelas complexidades de novas regulamentações, como a diretiva NIS2. Este webinar foi desenhado para lhe proporcionar o conhecimento e as estratégias necessárias para se manter à frente destas ameaças, garantindo ao mesmo tempo o cumprimento dos requisitos legais mais recentes.
Junte-se ao nosso próximo webinar e obtenha insights práticos sobre como melhorar os seus processos e formações, otimizar e ensaiar as suas estratégias de resposta, e reforçar os contratos com os seus fornecedores. Também serão exploradas as implicações da responsabilidade pessoal dos órgãos de gestão ao abrigo da NIS2.

Durante o webinar, veremos como as soluções da Netwrix podem permitir uma proteção robusta contra ameaças emergentes e garantir um cumprimento contínuo das regulamentações. Saiba como tirar partido destas ferramentas avançadas para proteger o seu negócio no desafiante ambiente cibernético atual.

Assista ao nosso webinar para:
- Obter dicas práticas para melhorar os seus processos de cibersegurança e estratégias de resposta a incidentes.
- Compreender o impacto da diretiva NIS2 na responsabilidade corporativa e pessoal.
- Conhecer as melhores práticas para treinar e preparar a sua equipa para enfrentar eficazmente os desafios de cibersegurança.
- Descobrir como as soluções Netwrix podem reforçar as suas defesas e facilitar a conformidade com as regulamentações em constante evolução.

Dominar a NIS2: Estratégias de Cibersegurança Vencedoras para as Ameaças de Hoje

Le workstation dei dipendenti, sia su Windows, macOS o Linux, sono diventate dei vettori di attacco e sono quindi presi di mira dagli aggressori. Questo perché sono il collegamento attraverso il quale i dati digitali vengono condivisi, copiati, caricati su servizi cloud di terze parti, stampati e/o spostati su supporti rimovibili. Indipendentemente da dove sono archiviati i dati, l'endpoint è la causa principale della maggior parte degli incidenti di furto di dati.

Come fare quindi a prevenire e rafforzare la propria postura di sicurezza? Parleremo di questo e molto altro ancora nel nostro prossimo webinar.  Guarda il nostro webinar e scopri:

- Perché DLP degli endpoint è fondamentale per proteggere i dati sensibili della tua azienda in un panorama in continua evoluzione
- Come DLP degli endpoint può proteggere la tua azienda dai costi elevati associati alle violazioni dei dati
- In che modo Endpoint Protector consente alle organizzazioni di proteggere i propri dati garantendo al contempo la conformità ai requisiti normativi
- Come l’integrazione con Netwrix Audutor e Netwrix Data Classification consenta di avere una protezione completa a partire dai server on-premises, al cloud e/o ai client

Come prevenire l'esfiltrazione dei dati sugli endpoint e rafforzare sicurezza e conformità

Note: This is a replay of the webinar with Randy Franklin Smith.

If privileged accounts are the most protected, why do they keep appearing in exploits, like the recent Snowflake/Ticketmaster incident?

The reasons are two-fold:
- Privileged accounts are prime targets.
- Many organizations don’t follow best practices.

In this session on “Assessing the Security of Your Active Directory,” цу]we’ll focus on privileged accounts to help you improve controls and reduce risks. We’ll cover:

Identifying privileged accounts beyond just the Administrators group, including indirect vectors like AD object permissions and Windows system rights.

Using Windows Security Logs to track privileged account logons. Limiting privileged account use to same-security-tier endpoints is crucial, as an admin account is only as safe as the endpoint it’s used on. For instance, some Snowflake contractors reportedly used personal computers with infostealer malware.

Implementing security tiers for accounts, servers, and endpoints to prevent privileged accounts from being exposed to less secure tiers.
Addressing specific risks and controls for privileged accounts in Active Directory.

Our sponsor, Netwrix, offers tools perfect for this topic. Netwrix Auditor can:
- Report on privileged accounts in Active Directory.
- Monitor logons and alert to suspicious activity.
- Generate audit trails and reports for privileged activities.
- Help prepare for audits and ensure compliance.

Jennifer Taufan, Solutions Engineer at Netwrix, will demonstrate these capabilities.

Assessing the Security of Your Active Directory: Privileged Account Risks and Controls

Active Directory

Cyber Attacks

Cyber Security

IT Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Assessing the Security of Your Active Directory: Privileged Account Risks and Controls

Presented by

About this talk

More from this channel