When malicious actors get administrator access in an Active Directory (AD) environment, illicit activity can be extraordinarily difficult to detect or prevent.
Earlier this month, Plurilock Solutions Architect Joel Eng and First West IT cybersecurity expert Ryan Smith tackled this problem in a wide-ranging technical presentation on detecting credential compromise. Together, they covered:
AD environment architecture and the nature of the problem
Which attack surfaces exist and where
What lateral movement looks like in AD environments
Why it’s hard to detect
Most importantly—what to do it about it
Here’s a brief preview:
Joel’s march through the “mushy center” of AD networks, complete with diagrams, shows how attackers have access to a huge variety of ways to move inside the perimeter.
And while Azure and AWS are offering security teams new capabilities and approaches to try to solve problems like these, the changing nature of work—more remote users, VDI sessions, untrusted networks, and more—is applying force in the opposite direction, making credential compromise a more relevant threat than ever before.
If you oversee an AD environment, spend an hour on this in-depth, technical discussion—no filler—to find out whether you’re also up against a “mushy center,” what the risks are, and what steps you can take to combat them.
Watch the video now so that you’re not caught out by today’s evolving threats later. ■