With cybercrime on the rise, (ransomware) attacks that target Active Directory (AD), the primary identity store for most businesses worldwide, are as common as having a cup of coffee. According to Mandiant consultants, 90 percent of cyber incidents they investigate, involve AD in one way or another. Given that an attack on AD is a “when” rather than “if” scenario, organizations must take preventive measures and be prepared for the worst. This means continuously doing security assessments, having a recovery plan, and purpose-built solutions for recovering AD after a cyberattack. Are you prepared for the worst? Have you ever tested your backups? Backups are most likely automated, but is your recovery automated also? In this session, Jorge will discuss key considerations and different options to develop an AD DR plan. A real world cyberattack scenario will also be discussed.
What you’ll learn:
- How to proactively secure and protect AD from cyberattacks.
- Why the ability to recover AD in a cyberattack scenario is a must-have for organizations.
- AD cyberattack scenarios to address, including multiple (or entire) domain controller outages and irreversible malicious changes.
- Points to consider when developing an AD DR plan.
- How to automate AD recovery to save time during a cyber incident and accelerate recovery of business operations
Speaker: Jorge de Almeida Pinto
Jorge de Almeida Pinto, Senior Incident Response Lead working for Semperis, has been a Microsoft MVP since 2006 with a specific focus on designing, implementing, securing and recovering Microsoft Identity & Access Management (IAM) technologies. Throughout the years, his experience includes work with Active Directory (AD), Active Directory Federation Services (ADFS), Azure Active Directory (AAD), AAD Connect and Microsoft Identity Manager (MIM), and developing (security-related) scripts.