Show Transcript
Hide Transcript
[MUSIC PLAYING] Hello, everyone. we were going to call this show The Brian and Bryan Show. But let me start by saying, my name is Ghazwan Khairi. I'm a principal systems consultant for Quest. And I'm joined by Bryan Patton, Principal Systems Consultant, and Brian Hymer, Strategic Solutions Architect for Quest.
Today's short topic will be and should be the focus for every single organization that depends on Active Directory for its authentication or authorization. We will cover Active Directory, Disaster Recovery Edition for Quest. So we're going to introduce Quest's Recovery Manager for Active Directory.
Mr. Hymer, we're going to start with you. The last figure I have in front of me is 10 million daily attempts on hacking Azure Active Directory accounts. And I know the figure last time I checked was like 95 million or 100 million daily attempts on on-prem Active Directory accounts. How can Quest help?
Active Directory is key to the industry, right? It is the primary authentication method across most corporations and organizations today. And if Active Directory is down, everybody is down. It doesn't matter. As a matter of fact, I even remember hearing that in the Maersk attack back in 2017. If Active Directory can't get recovered, we can't recover anything.
Quest has built unique solutions around Active Directory recovery for a long time. And the Disaster Recovery Edition, our latest addition in that scheme of tools, allows you to recover Active Directory even from a ransomware attack.
Yeah. Then, why do you think that's important for customers to have a disaster recovery plan in place? And also, you work with a lot of customers, a lot of national customers. What's the percentage of customers who actually have a disaster recovery plan in place, in case they get attacked by ransomware or other attacks?
Well, I think it really depends on-- I think a lot of customers have a plan. But I don't think it's necessarily a fully developed plan. They traditionally will talk to a different backup vendor who they say can do restoration of all these different systems. But the system relies on Active Directory to authenticate via either on-premise or in Azure Active Directory. Do you have a plan in place to get that up and be able to authenticate prior to be able to restore all their applications and data, which use that authentication to begin with?
So you have to do the first step before you can get to the second stop. A lot of people think that they're covered, but they only really realize they're not covered after practicing. Once you practice, you realize the different caveats of what it really takes to do a full Active Directory restoration, or even about just like an Azure AD misconfiguration with-- a conditional access policy is an example.
Yeah, Bryan actually brought up a really good point. And I can't tell you how many times I've talked to a client that says, you know, we're moving a domain controller into our disaster recovery area so that they can do their disaster recovery testing. I came back and said, well, have you tested recovering Active Directory? And they go, what? Why would I need to do that, right?
And in a physical disaster, that's not an issue at all. But in today's area of cyber warfare and cyber criminals, ransomware is infecting domain controllers across the corporation. So it's no longer a geographic physical location type disaster. It is a cyber disaster across your entire forest.
And by default, Active Directory is highly available, again, to multiple different domain controllers. But to your point, Brian, the likelihood of a Red Square attack happening is at an all-time high. These types of attacks not happening 10 years ago, they've really kind of surfaced in the last three or four years. And now everybody can see that the likelihood is a lot more likely in their organization. So you have to have a plan to respond in the event that situation does occur to you.
It's true, so true, Bryan. And like you said earlier, being able to test that recovery is key.
Well, let's talk about that. So let's tie all that into-- Hymer, what's your top two features in the newly released Disaster Recovery Edition that allows customers to achieve that kind of coverage against their Active Directory effects?
Yeah, good question, Ghaz. So we just released 10.1 last month. And my two favorite features there, the first is clean OS recovery, an absolutely paramount way to recover your Active Directory. And I'll explain why. And the other is the ability to phase your recovery, whereas we used to do just a single forest, everything at once type recovery. Now you can do recovery in phases. We have a new mode called repromotion, which allows you to promote new domain controllers to replace your existing domain controllers in a forest during a disaster.
And you know what? And Bryan Patton, I know you mention this all the time. You always say, oh, flexibility and options. Either one of you, what's flexibility and restore options from a Quest standpoint?
Well, every customer is different. Some still want to restore using bare metal recovery. Others you'll want to restore using a non-tainted operating system they can validate is clean. So we give you the option and ability to do whatever twist as you need, not only on-premise, but even out to Azure AD. Because if you're talking about disaster recovery, you also have to consider all the different stuff that's located in Azure Active Directory, as well as the attack surface is really expanded out with a proliferation of Office 365.
Right, so beyond the perimeter of your own corporate network, for sure. Clean OS recovery is great. Because what we do is we take an Active Directory system state backup. And if you don't know, it only includes the NTDS directory and your sysvol, and then a few registry