With cybercrime on the rise, ransomware attacks that target Active Directory (AD), the primary identity store for most businesses worldwide, are as common as having a cup of coffee. Many cyber incidents involve AD in one way or another. Given that an attack on AD is more of a “when” rather than an “if” scenario, organizations must have a tested AD DR plan and purpose-built solutions for securing AD before an cyberattack and recovering and securing AD after a cyberattack.
This presentation discusses the risk to today’s enterprise organizations and explains why prioritizing hybrid identity (Active Directory and Entra ID) security is so important. It discusses the use of Security Indicators, Indicators of Exposure (IoE) and Indicators of Compromise (IoC), as a means to evaluate AD security and discover vulnerabilities that could attract attackers. Examples of various identity threat detection and response (ITDR) tools that can help you with this, will also be discussed. Attendees will learn why an AD Recovery Plan is a vital resource for ongoing operational resilience, including the different ways to execute parts of that DR plan and what the impact is of such an execution. Last but not least a real-life AD recovery scenario will be discussed, to put all the pieces together.