ES Episode73

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly #73

Recorded December 20, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Enterprise News

    1. It's the Most Hackable Time of the Year - Network Critical
    2. Flexera reimagines open source vulnerability detection with FlexNet Code Insight
    3. Dispelling Cybersecurity Myths
    4. Report: Amazon in talks to acquire cybersecurity startup Sqrrl - SiliconANGLE
    5. Press Release: ExtraHop Adds AWS Data to Provide Performance and Security Insights for Hybrid Enterprises


    All I want for Christmas is a Secure Active Directory

    I find that many roads lead to Active Directory insecurity:

    1. Email phishing campaigns successfully provide attackers with a foothold - Okay, so this problem is solved outside of AD, right?
    2. Once you gain a foothold, you can gather information and credentials
    3. Once you have a map and credentials, you can move laterally
    4. Once you move laterally, you can own all the most critical and sensitive data
    5. You can do all of the above without getting caught, or they find it once its too late

    You can try to solve the above problems with:

    1. Endpoint detection and response
    2. Correlating network, endpoint and log events
    3. Encryption

    While it's better to:

    1. Fix the authentication issues (Prevention)
    2. Turn off features that give attackers the map (Reduce the footprint)
    3. Detect certain events in AD that show abuses of authentication and lateral movement (Detection)


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+