Every Wednesday in May, we’ve hosted a live webcast as part of a month-long series, How to Overcome Common Hybrid AD and Cloud Security Challenges. In case you’re new to the series, the webcasts all share a common theme centered on a fictional character, Hank the Hacker.
During the first three webcasts, we’ve showed how to:
- Continually assess your Hybrid AD and Office 365 environment for potential insider threats and data breaches
- Detect and alert on suspicious activity with real-time AD and Azure AD auditing
- Fix and prevent privileged access issues to improve Hybrid AD and cloud security
Now, join us on May 24 at 11 am ET for part 4 of the Hank the Hacker webcast series, Investigating and Recovering from a Potential Hybrid AD Security Breach
There are many changes within your hybrid Active Directory environment that can be indicative of a security breach, making the current state of AD no longer trustworthy. In these instances, you’d need to investigate security events and the most likely path to the potential breach. Proper investigation requires 360-degree forensics and full-text search to correlate events, access activities and security configurations across multiple indexed repositories. This includes:
- Any activity in AD, Azure AD, GPOs, files and on computers by a given user during a given period
- Any activity in OUs, groups, files, computers, users and attributes containing a given word
- Security configuration and changes for a given user, including status of the user account in AD, department, last logon time, account expiration, accessible files, group memberships
- Membership information for any given group, including recent changes to membership
After investigation, you need to be able to recover AD in the same way you think about recovering from any other disaster to ensure business continuity. Your contingency plan should automate as much as possible:
- Daily backup of AD database information
- Tight delegation of the rights to back up and restore AD and/or Azure AD objects
- Encryption of AD backups on disk (encryption at rest) to prevent exposure of NTDS.dit database
- Daily backup and automated recovery of the AD schema forest metadata
- Establishment of a recovery time objective for a full AD recovery
- Documentation and testing of partial and full-disaster recovery plans at least once a year
- Cross-training for IT staff on activating and executing the AD recovery plan
Join us for a live, 60-minute webcast, where Quest AD security experts will show you (with some live demo) how to reduce incident response time investigations across your Hybrid AD environment. Discover how to automate your AD business continuity plan (BCP) to minimize your recovery time objective (RTO) in the event of a security incident that causes partial or total damage across your Hybrid AD environment.
By following these investigation and recovery strategies—along with assessment, detection/reporting and remediation/mitigation best practices—you’ll be in position to overcome any common Hybrid AD and cloud security challenges.