How to Fix and Prevent Privileged Access Issues to Improve Hybrid AD and Cloud Security

Every Wednesday in May, we’re hosting a live four-part webcast series, How to Overcome Common Hybrid AD and Cloud Security Challenges. The webcast series features a fictional character, Hank the Hacker, who represents hackers that appear in many shapes and sizes and who love to exploit of AD, Azure AD and Office 365 security limitations.

In part 1 of the series, we showed you how to identify potential cloud security risks, insider threats and data breaches with continuous assessment. In part 2, we showed the importance of real-time auditing to detect Hybrid AD security abnormalities as quickly as possible.

Now, join us on May 17 at 11 am ET for part 3 of the Hank the Hacker webcast series, Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access

Increasingly, many AD security incidents or data breaches come as a result of privileged 'misuse'. This could stem from not only the activities of malicious insider threats, but also from external threats like Hank the Hacker who are targeting privileged users in order to gain access to sensitive data.

Most organizations have multiple admins with privileged accounts. Hank the Hacker has to breach just one of those accounts to obtain privileged access. These threats can cause serious data breaches for your organization resulting in significant data loss, large penalties and fines, costing your company money and reputation. Anyone reading this blog can quickly count many high-profile examples in the news. But beyond damaging news headlines, the average data breach costs organizations $4 million according to the 2016 Ponemon Institute study.

Given the myriad moving parts within an organization—employee turnover, promotions, changing access privileges—it’s impossible to manually keep permissions up-to-date, especially across a hybrid environment. To create an environment that maintains consistent, accurate access permissions across your on-premises AD, Azure AD and Office 365, it’s important to automate as many processes as possible.

In this 60-minute webcast, Quest AD security experts will show you how to both remediate unauthorized actions immediately to minimize potential damage, but also automate security policy enforcement across AD to mitigate the potential for recurrence.

You’ll discover how to automate key tasks such as:

 Remediation

  • Reverting changes to unauthorized groups based on whitelists of users authorized to make membership changes
  • Rolling back mass changes or deletions to AD objects such as GPOs, group memberships, users and attributes
  • Automating workflow to detect when user accounts are inactive

Mitigation

  • Externalizing AD permissions and controlling them in a proxy model to restrict not only who can do what, but also which objects given users can even see
  • Enforcing a real-time whitelisting permission model across AD objects and GPOs to ensure that only service accounts in a least-privileged access proxy model may make changes to sensitive objects
  • Using temporal group memberships coupled with approval workflows to mitigate risk arising from permanent memberships in sensitive and privileged groups

Once remediation and mitigation processes have been established, you’ll greatly reduce access mistakes and lapses as well as avoid the risk of making the same mistake twice. To learn more about maintaining security within your hybrid AD and Office 365 environment, join us for this webcast!

Attend Event

About the Author
Daniel Gauntner
Dan Gauntner is a Senior Product Marketing Manager where he oversees the positioning and go-to-market strategy for Office 365, Active Directory, Exchange, Lotus Notes, SharePoint and OneDrive for Business...