Pour bénéficier d’une expérience Web optimale, utilisez Internet Explorer 11 ou version ultérieure, Chrome, Firefox, ou Safari.

It’s Complicated: The Special Risks of Password Spraying to AD and Azure AD and How to Prevent and Detect

It’s Complicated: The Special Risks of Password Spraying to AD and Azure AD and How to Prevent and Detect
a la demande
  • Date enregistrée:Nov. 4, 2021
  • Événement:a la demande
It’s Complicated: The Special Risks of Password Spraying to AD and Azure AD and How to Prevent and Detect

At first glance, password spraying would hardly seem worth the effort for an attacker against an organization with decent security. In a perfect world password spraying wouldn’t be so effective. But in the world we actually live in, it’s quite the opposite. Password spraying is effective for a number or reasons:

  • Humans don’t usually pick good passwords
  • The audit events you need to monitor are fragmented across multiple systems and clouds
  • The signal-to-noise ratio of password spraying is low

But password spraying takes an exponential leap higher in effectiveness when you can’t even get the audit events, which is a potential problem with Azure Active Directory, as reported by Ars Technica and SecureWorks. Moreover, a bad password in on-prem AD exposes lots of other stuff in the cloud thanks to the coupled security risks of today’s hybrid environment.

This webcast explores:

  • How password spraying works and how it differs from other attacks like credential stuffing
  • Various ways that AD and AAD interact from a password standpoint (password hash sync, passthrough, ADFS)
  • Why AD is attractive for password sprays
  • Mysterious risks to hybrid AD and AAD environments
  • The importance of Azure’s new Azure Password Protection for on-prem AD
  • Why password spraying is difficult to detect

In this technical and practical session, Matthew Vinton, Strategic Systems Consultant for Quest, talks about what makes password spraying difficult to detect, how it gets more useful with the bigger the target, and what can be done with regular credentials (at minimum, recon). Matthew also demonstrates how Quest On Demand Audit provides a single audit plane across AD and AAD, and can perform anomaly detection, at scale, across those two platforms.

To prevent AD password sync from making the cloud vulnerable, we discuss how to:

  • Enforce MFA across all users
  • Eliminate external AD auth points
  • Deploy Azure AD Password Protection on-prem
  • Perform login anomaly detection against AD to detect unusual rises in unsuccessful sign-in activities

Intervenants

  • Randy Franklin Smith, Ultimate IT Security
  • Matthew Vinton, Strategic Systems Consultant, Quest

Regarder votre webcast gratuit

Veuillez patienter...

triangle-down check
En téléchargeant, vous vous inscrivez pour recevoir des e-mails marketing de notre part. Pour vous désinscrire, veuillez suivre les instructions figurant dans notre politique de confidentialité.

Site protégé par reCAPTCHA. Consultez les conditions d’utilisation et la politique de confidentialité de Google.