Many roads lead to Active Directory insecurity, such as e-mail phishing, letting go of your foothold, and all of that can be done without getting caught. These problems can be solved with Endpoint Detection, correlating your network, endpoint, log events, and being encrypted. Paul and John discuss their theories on Active Directories and what to do to save you from being hacked!
All I want for Christmas is a Secure Active Directory
I find that many roads lead to Active Directory insecurity:
- Email phishing campaigns successfully provide attackers with a foothold – Okay, so this problem is solved outside of AD, right?
- Once you gain a foothold, you can gather information and credentials
- Once you have a map and credentials, you can move laterally
- Once you move laterally, you can own all the most critical and sensitive data
- You can do all of the above without getting caught, or they find it once its too late
You can try to solve the above problems with:
- Endpoint detection and response
- Correlating network, endpoint and log events
While it’s better to:
- Fix the authentication issues (Prevention)
- Turn off features that give attackers the map (Reduce the footprint)
- Detect certain events in AD that show abuses of authentication and lateral movement (Detection)
Visit http://secweekly2.wpengine.com/esw for all the latest episodes!