Active Directory is only the beginning… Attackers have set their sights squarely on Active Directory when targeting a company, though this typically isn't the primary objective. The motivation and end goals range from stealing data to impacting corporate operations. In this regard, gaining control of Active Directory is a means to an end; compromising Active Directory is an easy way to gain access to all critical corporate resources. Effectively protecting Active Directory has become critical in limiting the impact of a breach. This talk takes the audience on a journey covering the various security milestones and challenges with Active Directory. A variety of (fictionalized) companies and their AD security posture are highlighted along with the challenges they encounter with securing their systems. Key elements involve how enterprise "AD aware" applications can weaken Active Directory security and how leveraging cloud services complicate securing infrastructure. Also explored is what an attacker can do in an environment without having Domain Admin rights. The final section discusses the commonly heard excuses for not implementing security controls to protect Active Directory and the ways to counter these arguments. This talk covers the critical issues affecting organizations today, as well as the biggest challenges; current attack techniques; and the most effective defensive techniques to prevent and mitigate compromise (including limitations to these approaches).

Recorded at NolaCon 2018

video