Cleaning House in Your Active Directory: Finding Threats and Conditional Access
Learn how to take a proactive approach to Active Directory (AD) security by joining us at this month’s Magnify Meetup with Conditional Access specialists, Preempt. You’ll learn how to set up your AD correctly, find your flaws and fix them, identify where you have weak authentication protocols, and how you can build a better AD infrastructure.
Meetup Topics at a Glance
Attack Protections via Identity Store Hygiene
Cybersecurity visibility and enforcement starts with Active Directory (AD). Identity and Access Management – via AD or another Identity Store – is the nerve centre of an enterprise, governing how users and accounts access applications and assets. Any security compromise of AD undermines the entire identity management infrastructure, leading to potential data leaks as well as potential system corruption, takeover or ransomware, or destruction. We discuss how conditional access principles open the door to new types of segmentation based not merely on network boundaries, but on policies touching the context of identity, behaviour, and risk of the user credential; and threats to AD services.
Assess Gaps, Detect Threats and Prevent Threats with the MITRE ATT&CK Chain
Get to grips with the MITRE ATT&CK Framework, a knowledge base of tactics, techniques and procedures (TTP’s) that you see used by threat actors in the real world, and how it helps cybersecurity professionals mature, secure and assure their organisations.
Protect, Prevent and Enable
Discover how to identify security gaps in user-defined authentication policies, prioritise authentication threats based on risk score, and accelerate MFA rollout for any app without degrading UX.
Best Practice Guidance
Secrutiny’s Deepak Shukla will be on hand to help you learn Active Directory basics and best practices.
Harden your AD security, gain real-world insights from industry leaders and discuss best practices for robust identity security without MFA fatigue, by joining the conversation. If you can’t make the live session, registering will ensure you can access the on-demand version as well. Discover our other meetups here.
4:30 pm (GMT)
Deepak Shukla, Head of Professional Services at Secrutiny
Boris Danilovich, Senior Software Developer at Preempt
A critical privilege escalation exploit in Windows Server (CVE-2020-1472), codenamed Zerologon, allows an attacker to become a domain admin, even without any credentials.
Microsoft’s September Patch Tuesday fixes 129 security holes (23 of which are rated ‘critical’) in numerous versions of its Windows operating system and related software. One of the more critical patches could allow remote code execution by sending an email to a victim.
Secrutiny Awarded Position on Crown Commercial Services “Cyber Security Services 3 Dynamic Purchasing System”
We are thrilled to announce that Secrutiny has been awarded a position on Crown Commercial Service’s Cyber Security Services 3 Dynamic Purchasing System (DPS).