How Identity-as-a-Signal is the Secret to Protecting Against Credential Compromise

How do you detect fully authenticated intruders who are in the "mushy center" of your Active Directory network environment?

When malicious actors get administrator access in an Active Directory (AD) environment, illicit activity can be extraordinarily difficult to detect or prevent.

Earlier this month, Plurilock Solutions Architect Joel Eng and First West IT cybersecurity expert Ryan Smith tackled this problem in a wide-ranging technical presentation on detecting credential compromise. Together, they covered:

  • AD environment architecture and the nature of the problem

  • Which attack surfaces exist and where

  • What lateral movement looks like in AD environments

  • Why it’s hard to detect

  • Most importantly—what to do it about it

Here’s a brief preview:

In our last event, Joel Eng and Ryan Smith did a technical deep-dive into why it’s hard to protect AD-centric networks against threats using compromised credentials—and what can be done about it.
See the Full Video  

Joel’s march through the “mushy center” of AD networks, complete with diagrams, shows how attackers have access to a huge variety of ways to move inside the perimeter.

And while Azure and AWS are offering security teams new capabilities and approaches to try to solve problems like these, the changing nature of work—more remote users, VDI sessions, untrusted networks, and more—is applying force in the opposite direction, making credential compromise a more relevant threat than ever before.

If you oversee an AD environment, spend an hour on this in-depth, technical discussion—no filler—to find out whether you’re also up against a “mushy center,” what the risks are, and what steps you can take to combat them.

Watch the video now so that you’re not caught out by today’s evolving threats later. ■