Speakers
Synopsis
Does your organisation use Active Directory?
The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) with its international partners has published guidance on how to detect and mitigate Active Directory compromises. This guidance provides strategies to help organisations mitigate the 17 most prevalent techniques used by malicious cyber actors to target Active Directory and gain access to their networks.
Microsoft’s Active Directory is the most widely used authentication and authorisation solution in enterprise information technology (IT) networks globally. This makes it a valuable target for malicious cyber actors looking to gain privileged access to all systems and users that Active Directory manages. With this access, they can bypass other controls and access systems at will, including email and file servers, critical business applications and cloud-based systems and services. After gaining access, malicious actors may persist for months or even years inside Active Directory.
Evicting them can require drastic action, ranging from resetting all users’ passwords to rebuilding Active Directory itself. Responding to and recovering from a compromise is often time consuming, costly, and disruptive.
This presentation by the author of the "Detecting and Mitigating Active Directory Compromises" publication will cover the most common and damaging compromises from the guidance. Additionally, the presentation will go beyond the guidance with additional detection and mitigation strategies to help you improve the security of your Active Directory.
