Resurrecting Active Directory After a Ransomware Attack

"With cybercrime on the rise, ransomware attacks that target Active Directory—the primary identity store for most businesses worldwide—are as common as having a cup of coffee. According to Mandiant consultants, 90 percent of cyber incidents they investigate involve Active Directory in one way or another. Given that an attack on Active Directory is a “when” rather than “if” scenario, organizations must have a tested plan and purpose-built solutions for recovering Active Directory after a cyberattack. This presentation discusses the risk to today’s enterprise organizations and explains why prioritizing hybrid identity (Active Directory and Azure AD) security is so important. It discusses the use of security indicators—indicators of exposure and indicators of compromise—as a means to evaluate Active Directory security and discover vulnerabilities that could attract attackers. The pros and cons of various identity threat detection and response (ITDR) tools—Purple Knight, PingCastle, and Bloodhound—and options are discussed. Attendees will learn why an Active Directory Recovery Plan is a vital resource for ongoing operational resilience, various options for such a plan, and important consideration during the planning process. " Time: 15:30 - 16:20