Post on 09-Jan-2017
Mitigating Risk in a ComplexHybrid Directory Environment
Hosted by: Brad SamsPetri Presenter: Sean DeubyVeeam Presenter: Alvaro Vitta
What percentage of your organization has moved to Office 365?• 1-10%• 10%-30%• 30%-50%• 50%+• We’re not using Office 365 today
Sean Deuby• Identity technology analyst and expert• Microsoft MVP for Directory Services
since 2004• Consults and speaks on cloud identity
and identity as a service (IDaaS) • Identity architect at Edgile, Inc.• Frequent contributor to Petri IT
Knowledgebase
Alvaro Vitta• Principal Solutions Architect specializing
in security at Quest• Specializes in Microsoft cloud-based data
center technologies, including Azure AD, Office 365, Active Directory, Exchange, and EMS (Enterprise Mobility Suite)
• Works with large private and public organizations to help them solve business problems with software solutions across cloud, hybrid, and private data center environments
Confidential5
• Market trends• Infrastructure security challenges• The solution
AGENDA
Confidential6
MARKET TRENDS
Organizations have used AD to authenticate since 2001
2003
2013-TODAYOrganizations begin taking the cloud seriously
2007Collaboration heats up
2009Server 2008R2 -new forest level
2001AD replaces NT
2008Add new resource forest for security
2010Upgrades, M&As, BYOD, security risks
TODAYFuture-ready Windows Infrastructure
2004Email is now business critical
Office 365 adoption is growing rapidly
• 22 million consumers (55% YOY growth from 12.4 M) and 70 million commercial customers who have active Office 365 subscriptions.
• In the commercial segment, Office 365 had a 57 percent month-over-month jump in the latest 2016 quarter.
• Year-over-year growth: about 1 million subscribers a month are adopting Office 365
Why do organizations move to the cloud?
• Reduce infrastructure, licensing, and maintenance costs, eliminating on-premises infrastructure and finding storage efficiencies
• Empower workforce to operate from anywhere from any device
• Increase scalability and business continuity
What about Azure Active Directory?
• Office 365 *requires* an Azure AD instance
• Azure AD provides the Directory Service for Office 365 applications
• Azure AD integrates with on-prem AD creating a HYBRID Directory environment
Azure Active Directory
Hybrid Environment: Azure AD Connect Synchronization Workflow
Summary: How Hybrid Directory was ‘created’
90% of Companies use AD-On prem.
O365 Adoption Growing at 70% YoY.
AAD has over 10M tenants
75% of Orgs. > 500 users synch AD-On
prem. >> AADHybrid Directory
How important is protecting on-prem AD resources?
75% of enterprises with more than 500 employees sync their on-prem AD accounts to Azure AD/Office 365 (AD on premises is authoritative)
If you’re leveraging Office 365, are you using Azure AD?
• Yes, managing Azure AD accounts• Yes, but only replicating to Azure AD from on-
prem• No, not using
Confidential15
HYBRID DIRECTORY SECURITY CHALLENGES
What is the surface attack area? AD On-Prem
Active AD licenses
500Million
Companies using AD to authenticate
90%
95 million of those accounts are under attack every single day (Microsoft)
Daily authentic-
ations
10 Billion
Accounts under attack
each day
95 Million
What is the surface attack area? Azure AD
Number of Azure AD accounts
700Million
Number of Azure AD tenants
10 Million
Daily logons
1.3Billion
MS Cloud daily
cyberattacks
10Million
Microsoft's user identity management systems, process over 13 billion logins
Over 10 million (per day) of these logins are cyber-attacks.
Business Challenges
• Data exfiltration• Insider threats• Compliance failures• Prolonged operational downtime • Revenue loss due to downtime,
loss of productivity, and potentially fines
• No permission baselining• No automatic remediation• Lack of detailed auditing• Labor-intense/error-prone• Lack of granular delegation• Disjointed administration• Manual DR Processes
Technical Challenges
Dangers and pitfalls if you don’t secure AD on-prem
Hybrid Directory Challenges faced by businesses
Confidential19
WHAT’S THE SOLUTION?Securing the weakest link in your hybrid directory
Quest AD Security Lifecycle Methodology
Continually Assess
• Who has access to what sensitive data and how did they get that access?
• Who has elevated privileged permissions in AD, servers, and SQL DBs?
• What systems are vulnerable to security threats?
Detect and Alert
• How will I know if any suspicious privileged account activities have occurred?
• Have any changes occurred that could be significant of an insider threat?
• How will I know, quickly, if an intrusion has happened?
• Could we be under brute-force attack right now?
Remediate and Mitigate
• Is access control allowing those whitelisted in and blacklisted out?
• Do my users have the lowest level of user rights possible to do their jobs?
• Are my sensitive resources protected?
• How much time will it take me to manually remediate unauthorized changes?
Investigate and Recover
• How can I be sure that ‘it’ doesn’t happen again?
• How can I test my business continuity plan without going off line?
• How long will it take us to recover from an AD security incident, manually?
• What is my AD RTO after a disaster?
• Can I secure access to my DC before next time?
Active Directory Security Suite components
IT Security Search & Recovery Manager FE
• Investigate AD security incidents
• Continuously test your AD business continuity plan
• Recover from a security incident
• Improve your RTO following a disaster
• Secure access to AD DC data
Enterprise Reporter
• Report on elevated permission in AD
• visibility of open shares across servers
• Understand which servers have vulnerable security settings
Active Roles & GPOAdmin
• Enforce permission blacklisting/whitelisting in AD
• Implement AD least-privilege access model
• Prevent unauthorized access to sensitive resources
• Auto-Remediate unauthorized activities
Change Auditor for AD
• Detect suspicious privileged AD activities
• Alert on potential AD insider threats
• Notify in real time of unauthorized intrusions against AD
• Detect and alert on brute-force attacks
Hybrid directory solution protects all the way around
Secure your Active Directory to mitigate risk in Office 365
• Organizations moving to Office 365 have real and significant security challenges around Active Directory.
• On-premises AD remains the core of security even in a cloud/hybrid environment.
• Quest offers the only end-to-end AD Security solution in the market
• Don’t let your on-premises AD be your Hybrid Achilles Heel!
What is the biggest technology problem facing your organization today?
• Pressure on our IT budget• Security threats• IT skill gap• Legacy applications management• Cloud migration difficulty• Other
We get IT
Work Smarter
Petri.com | The IT Knowledgebase
Thank you for joining. Our broadcast, presentation, and a Tech Brief Summary will be provided.