Active Directory Emerging Technologies for 2019



well good day to everyone and thank you so much for taking a little bit of time out of your day to spend some time with us here at manage engine and I definitely was looking forward to this webinar as the information for 2019 the technology really has creeped up on us and I think we have some amazing amazing technologies that tie into Active Directory and I have been now to about 10 different countries talking about these emerging technologies and I wanted to really share some information about some of these technologies so I'm very excited and again I want to thank you for your time as I know it's difficult to get away from work even for 30 to 45 minutes my name is Derek Mel Burke I will be your speaker as well as your emcee for this webinar and some logistics for the webinar this is being recorded so please keep an eye out in your inbox for the recording if you want to see this or share it with other people also there will be a slight QA towards the end so please just post your questions to the panel and we will get to those as we go through the content and towards the end if there are any other questions that you have regarding these technologies or other concepts issues you maybe you're having with Active Directory group policy that is my email address right there on the screen so please take advantage of that and email me with any of your questions like everyone else in the world I'm constantly on my phone looking at email and no matter where I am in the world I am constantly trying to help administrators solve their problems with Active Directory and all the related technologies let's see let's go into a brief introduction about me for those of you that don't know who I am I am the chief technology evangelist for the Active Directory solutions team here at manage engine which really means that I have the great opportunity of try in the world I have as I just mentioned been to about ten different countries already this year and it has been a very exciting and very very very dynamic 2019 so far which is very good I see a lot of changes occurring in the industry really good changes towards better security and better overall management of hybrid Active Directory as well as just on-prem Active Directory which is a really good thing I am an MVP I've been an MVP now 14 years I've been an MVP in both Active Directory and Group Policy and what the MVP status means for you is I am a good resource for you so if you have any questions if I don't know the answer I definitely rely on my MVP friends to reach out to them to get solutions so again tell me your toughest questions and I will try to get answers for you there are some resources that I want to point you to really quickly some of you have seen these resources but I want to at least mention them again because you know we here at the AV solutions team at managed engine work diligently on these resources so so the resources that I want to point you to first of all if you just go to manage engine comm and the first resource is if you hover over company you'll see that we have these blogs now these blogs are all inter woven for all the managed engine teams but if you come in here and you just search for example search on Active Directory you will get dedicated resources related to you know the Active Directory areas and you'll see that we have some that are promoting content activities and really what I want to focus on is those that talk about just general information so you know this one's talking about self-service Password Reset in a hybrid Active Directory environment which I'm finding that many organizations are trying to decrypt this so you know this is something that we try to write to we try to get information out in this format and we usually blog one to two times a week so this is an excellent resource for you to come and take advantage of so come out search on different things you can search on security say for example you wanted to search on hybrid oops or to go you wanted to search on hybrid you know we put all of these words in for you so here you can look through all of our hybrid information and get information on that so I think this is an excellent resource for you to take advantage of we work diligently on it so please come take advantage of that another resource I want to point you to is if you come to the main landing page hover over products and go to security hardening for Active Directory this will send you to a site that is about three years old but the content is so relative I was just on LinkedIn yesterday and there were two posts that were really good about Active Directory security and they all pointed back to this area on this page which is guiding you through how to secure all of these different areas one in particular really focused on the idea of password management as well as privilege management which would be your Active Directory groups as well as your service accounts so this is just a really good resource for you to take advantage of so come to the site click on an area and then the blogs and videos will walk you through that area on how to secure that in your Active Directory environment another resource off of our website is anywhere on our overall manage engine site you see this banner ad you can click on it and download our dummies book obviously the dummies book is related to privileged access specifically in Active Directory the book was generated because we had so many I guess questions around how do you control privileges in Active Directory so we we put the book together it's a very small book so if you have a commute or a train ride it's perfect for that it's only about 40 pages in a very short format so this is an excellent resource for you download it it's a PDF share it with others in your organization so those are some resources that are available off of our website another resource that I want to point you to is to follow me on LinkedIn just look for Derrick Melbourne on LinkedIn I'm posting usually two to three very important concepts a week as well as sharing other things throughout my network that I see that's important and as I said yesterday alone there were two very important posts that I that I commented on and reposted because they were excellent content and I find that we are almost in an area where we are overloaded with content so being able to target that content is very important and a final resource is my email address please email me I am here part of my job is to answer your tough question so take advantage of that and I encourage you to do that another thing that I want to point out is I will actually be in Poland for two weeks touring to I think four or five cities and you know these Active Directory seminars if you have never been to one of these seminars they are very action-packed very enticing and full of knowledge sharing and information so please come take advantage of the fact that I will be live in Poland I would love to to meet you I would love to answer your question sit down at lunch sit down at a break and try to go over any things that you're struggling with I have been let's see I've been to three five about fifteen to sixteen seminars already this year I plan on doing about 75 of them throughout the year so very excited to to get to Poland and we'll go over the details of this towards the end of the seminar so please put this on your calendar put this as a reminder so you sign up and come attend these events so let's jump into the content you know I thought a lot about how I wanted to best take up your time today and I wanted to give you things to think about I wanted to give you things to really catch your attention so hopefully I've done that here with the with topics that I have put together and I want you to think out of the box so I you know I want you to try to escape from your day-to-day problems and I want you to think about what I'm telling you and how it can impact what you do on a daily basis because one of the things that I really focus on is the concepts and technology that we're putting into place are they working is everything that we're doing giving us the result that we want it to give and unfortunately I think the answer is in many cases no so what I want to do is I want to push you a little bit I want to push you into thinking how we can use concepts not always technology but concepts to help us further how what we're doing for efficient management and overall security in our environments I've been on your side and I know as an administrator you try desperately every day to implement concepts that are going to help you do your job and help your organization that's my job today is to help you with that so let's first of all talk about this concept around user behavior analytics now some of you may have heard of this some of you may not have heard of this and really what we need to do is we need to secure the insider attacks okay so user behavior analytics is going to do this now what I don't want you to do is hear another technology to secure insert attacks and click off don't do that I did that with this when I first heard about user behavior analytics and how it can help because we're using artificial intelligence for months I was I was totally against it until I saw the implementation and then it changed everything for me because what we are going to be able to do is help secure our endpoints take care of privileged management and most importantly we're going to be able to detect attacks from allowed attackers now let's first of all talk about securing your endpoints okay so over here is an endpoint of mine so I'm going to jump into my virtual environment and I'm going to log on here as Derek now I'm going to try to give you tips as we go through to help you secure insider attacks all right now first and foremost probably your best tip for your employees is that I want you to go to your local Sam on your endpoint now I don't care if you have a hundred endpoints or 100,000 endpoints you're going to you're going to want to do this on all of your endpoints now you may not connect to it like this but I want you to connect to one and see what you currently have so I'm going to come over here and I'm going to go to the local groups on an endpoint now endpoint in this scenario is primarily your workstations your employee machines and I want you to go to their administrators and I want you to see who is a local administrator on their boxes okay this is probably one of the worst case scenarios I've ever seen on what you should not have first of all we have so many different users local and from Active Directory in the local administrators we have Derek who's the user of this machine Derek not only has his account from Active Directory in here Derek has a local account we have another local account called local hacker that doesn't sound good and then we have some oddball account which looks like it was a leftover from a project that maybe went on so these are things that we need to clean up you excuse me headaches so you know this is where we need to start because think about it this way when your user is logged on and I'm currently logged on as Derek when your user is logged on as a local administrator whenever they go to the Internet the entire Internet has back to that machine local administrator privileges so we need to secure that okay all right secondly what we need to do is we need to protect against privileged access let me give you an example of that now inside of Active Directory of course we have many different groups so if I come down here to my privileged groups this would include domain admins this would include Enterprise admins and we need to make sure we know at any one time who has membership in these groups now if you are not being updated in real time when these groups change membership you need to change your thinking because if you were the attacker and you had access into an organization as a domain admin how much time do you need to cause damage well guess what if you have an attacker inside of your environment with privileged access they need the same amount of time maybe less because they are a true attacker and they are prepared when they get there so you need a situation like this watch now I'm going to go into Active Directory I'm going to go to my domain admins and right here you can see the current list now whether I add or remove anyone from this list you need to be notified in real time so if I go in and I add someone to the list I can't get to this quick enough but I'm going to add someone to this list if I try to get over here as fast as possible I can't because it's already notified me that's domain admins group change membership this is what I'm talking about this is the type of environment that you need and you need this because you need to protect against insider attacks you need to know when privileges are modified you also need to know when allowed attackers are getting into the environment now what I what I what I went over just now was we need to protect against endpoints that are that are over privileged we need to protect against groups of active directory to get privileges but what about those users in your environment that already have privileges these are users that I call allowed attackers now when we started talking about allowed attackers many organizations have tried to throw some solutions at this okay now some solutions are very good at detecting and and determining behavior that maybe shouldn't have occurred for example I just showed you how a Sim ad audit plus can show you when a group changes membership so again here in AD audit plus I simply am tracking when a privileged group changes membership and I'm notifying you of that right I'm sending you an alert so that's pretty easy right and I can send this alert not only on my dashboard I can send you a text I could send you an email and you can get real-time notifications of these types of things that are occurring but the issue that we have with a traditional sim is what about users that have access I mean what we have put into a sim solution or thresholds and correlation and triggers and rules and the issue with these is we only want to see through a notification when certain things hit a certain level which unfortunately is causing us to miss information okay so what we have now for your sim solution is a new technology called user behavior analytics also referred to as user and entity behavior analytics now what this technology does is it creates a baseline of behavior per user instead of trying to describe it let me show it to you so you can clearly see it this is user behavior analytics okay this is the normal behavior of a particular user now I'm going to pick on me because I'm the most active user in this demo environment so I am going to look at usual activity volume based on user okay so I'm going to go in and I'm going to take the user right and this is a great thing about UBA is you can actually see the baselines okay now this is only using the current sim solution and I'm going to say I want to know file activity count based on user okay now I can also look at management I can look at failures I can look at modification so what I want to do is I want to see what the user behavior analytics is determining for this user now this is the file activity count normally for this user and you will see that the average is I'm most active between 9 and 10 a.m. ok so that means that between 9 and 10 is when I'm normally doing my activity towards files notice that if I gain access between 1 a.m. and 5 a.m. I don't really have any activity so any activity that I have should throw up some type of flag because this is abnormal now notice that I have access right I've accessed files but I usually don't access the files which makes sense this is this is in the middle of the night so even though the user has access if they gain access in an attack format there what is I call and allowed attacker so UVA creates a baseline of behavior and I look at a wide variety of activities and then I look for anomalies for that access okay now you may be saying okay I'm still I still don't understand let me give you a perfect example I'm going to go back here and I am going to to look at logon activity now if I'm over here on my clients right here's a client if the user here is logged on and they get a list of all the users from Active Directory which any user can do in your environment which you know and then all of a sudden they log off of their machine right this is the users machine and they go through every single account right because I can switch users I can log on as any other account and I try to log on with a password of a common password on every single user trying to guess that password I'm going to assume that your sim solution won't detect that but watch this I have a user behavior analytics report that says unusual volume of logon failures based on a host and I can see in real time when this occurs and guarantee you if I find something like this where so many different users are logging onto the same host in the short amount of time you're under attack your normal sim solution would not pick this up but this is one of the latest type of attacks called a password spray attack so you BA can detect password spray attacks from your internal employees it's that powerful it's that awesome and you see the thresholds right when I heard hit a certain threshold this is when you get notifications so the idea is I will be able to notify you when things that should not be happening based on normalcy are happening and I can look at log on hours the host first time log on I can look at resource access and when people access resources that they it's too much access and I can also pull these together now this is a really cool concept imagine if I can take all of the the activities in an amount of time and give you a risk score now the risk score concept is all around the idea that users behave in a certain way and when they act differently it's going to throw up a flag but instead of throwing up flags all over the place let's throw up flags per user so if one user has twenty flags in one hour and those twenty flags indicate activity they normally don't do well that's going to be their overall risk score as the risk score increases it means that user is behaving in ways they normally don't do over and over again so if I come in here and I see the risk score for user 1 and user 2 is pretty high what I can do is go to user 1 and user 2 I can see that the makeup of where they have their risk and then I can actually review the details now in this case this user is accessing and modifying the registry they're also going in and they're modifying file permissions and system files now this is a clear indication that this user is performing activities they normally do not do thus they have a risk score which is here in the 50 to 60 range all you have to do is one look at the dashboard and to set up alerts that you can actually be notified when someone hits a certain threshold of a risk score so you can actually see what's going on and you can take action so this concept now extends into accumulating risk scores for user behavior analytics I guarantee you this is the newest emerging technology in 2019 and it is going to change the way we administer Active Directory so you BA inside of a DRA plus user and entity behavior Linux inside of log 360 revolutionary technology that is going to give us insight into insider attacks that we've never seen before really cool stuff okay now let's move on and talk about a second area of emerging technology which I put under the umbrella of password enhancements now password enhancements and it doesn't sound that important however if we look at the foundation for where we've been in Active Directory for 19 years we're still using weak authentication protocols we still have a stale password policy now what do I mean by stale password policy well if I come in and I look at what my current password policy is you will see that my current password policy has the exact same settings that have had since the year 2000 for those of you that work in Windows NT the only thing that's added is password complexity but we could even have that in Windows NT so if you go back all the way to the early 1990s password policies haven't changed at all which means that when attackers come in and they use tools like cane they can run dictionary attacks they can run brute force attacks they can come in and they can set up certain characteristics and they can attack our packs words so what we need to do is we need to come up with technologies we need to come up with concepts again I'm going to push your envelope here we're going to have to know of ways that the attackers break into our hashes so that we can fix them now what do we have what concepts should we put in place well we should force special characters now here's my here's my floss be around us if this is my current password policy where to go I think I get rid of it so if this is my current password policy okay complexity requirements indicates that I must have three of the four character types upper case lower case number and special now I ask this question around the world and I get the same answer around the world if your users right are forced to put in three of these four which three do they always put in upper case lower case a number I get that same answer everywhere I go everywhere I go so that means that your users are not using special characters which means that if I'm doing an attack right if I'm coming in here and setting up what a brute-force attack is I'm never going to use special characters and that's going to save me time so the idea now look at this if I come in and do uppercase lowercase special this says it's going to take 4.4.2 times sin to the 15 years and if I come in and use less than that it's going to take to the 14 years it's going to reduce time now I know blah blah blah that's still a long time that's beside the point okay the point is it is helping the attacker and I'm going to show you when I come to Poland and we go through the ad seminar I'm going to show you exactly the details around how these attacks are occurring I really don't have time to dive into it today but we're going to have a full session on password attacks and I'm going to dive deep and give you resources to give you backing on exactly how these attackers attack your passwords so I'm going to show you first hand how to protect them what I'm telling you now is the way that you protect passwords is force users to have special characters force them okay we also need to include dictionaries inside of the password policy that users can't use those dictionaries because again inside of an attack tool there's importing dictionaries and the importation of a dictionary now they can attack our password hashes with without any brute force it takes so much less time to do that but if we can use a dictionary inside of our password policy now we're protecting against that attack immediately it's super simple so these are concepts that we must put in place okay we almost also must deny consecutive passwords some resources that I've looked at over the years this is probably one of the number-one behaviors of an corporate user is they put whatever password they have now and the next time they put password one password – password 3 so all the attacker has to do is come up with the root put numbers at it and boom they can get in and this is what the attackers are doing ok so we must increase the overall password security how do you do that well my recommendation is to use a solution that's designed to do it because Microsoft doesn't have it Microsoft does not have the technology to solve including dictionaries forcing special characters but if you use the password policy enforcer we come in and say you must use special characters you are denied using five consecutive characters from the past old password right here right which means I can't put in password 1 and password – because that's five consecutive characters from the old password I can import a dictionary I can put in patterns all of these concepts are here and all I need is a solution that gives them to me ok but I can move even to the next level which is using two-factor authentication what two-factor authentication does is it removes the reliance on the password alone and now I can add another layer of security to users that are gaining access to their computer and applications that's right I can actually use two-factor authentication at the windows logon again you just need the solution that provides the answer and now I can provide windows logon two-factor authentication ok Windows two-factor authentication allows you to come in and set up the details around which factors you're going to use and we provide a slew of multi-factor authentication for access to applications and log onto your machine QA SMS text message email Google Authenticator mobile Authenticator radius all of these options so whether you're accessing your applications whether it be pass single sign-on or otherwise right so this is the list of applications you can protect with two-factor authentication as well as logon to the machine this is where the industry is going Microsoft is already here Microsoft uses multi-factor authentication everywhere in their organization users no longer rely only on the password this is where we're heading this is why we consider this to be emerging technology and we have solutions around this to help you now what I do when I come to Poland in our seminars as I tie multi-factor authentication to a hybrid environment because this is where I see many organizations moving because hybrid Active Directory is where we are going I asked the question and you'll see when I come live to you I asked the question to the audience how many people are going to be in a hybrid environment in five years and the number is over 80% 80% I've already been in contact with probably 3,000 administrators this year the number is over 80 so we're going to be hybrid in five years we have to understand the technologies we have to understand what hybrid means we have to be able to administer and secure our hybrid environments and it's not as easy as you think it actually can be quite complex so we have to understand where we've been on Prem and where we're going into a hybrid but what you cannot think is okay I'm moving to the cloud no no no no no no you are including the cloud with on Prem because on Prem is where we've been for 15 plus years so it for those of you that are still on Prem you've been on Prem for 20 years for those of you that are hybrid now you were on Prem only for 15 years the thing that's the same is on Prem so we need to think about this and Microsoft is pushing us to hybrid as soon as we have office 365 because you cannot have office 365 without Azure Active Directory so now what I'm finding is that organizations are moving to a hybrid environment because they want office 365 which is fine but what I don't want you to do is throw away all of your technology you've built on Prem ok now this first bullet here is a direct quote from Microsoft as your Active Directory is not on Prem Active Directory in the cloud it is not I can tell you that right now ok as your Active Directory is a small snippet of an identity and access management solution that Microsoft provided to support office 365 and get you into Azure ok another fact there is no direct correlation from on Prem security and management into Azure so you have two different worlds that you've joined to be a hybrid but you have to consider them and how they're going to work together and you need to make decisions of what is going to be the best strategy to administer and secure your hybrid environment this is what I decrypt when I come to Poland now let me give you some examples of what I mean provisioning users ok when you provision users you are going to have to consider or how you're going to get the information from on prim to the cloud or vice versa now this right here is a user creation template our user creation templates are for on-prem and you will notice that right here everywhere that you can update the cloud as your active directory in office 365 with attributes from on-prem you simply come in here and you're going to click office 365 when you create users on Prem it will automatically update as your active directory in the content that's up there with those users you do nothing else I'm telling you right now that you need to come to these seminars so you can see all of this in action because these technologies are where we're heading okay now if you want the solutions before I come to Poland I just want you to email me we just don't have a lot of time in a 45 minute webinar to do this which is why I come there and we have a full three hours together to go over all these details okay so these are technologies that I'm introducing to you that are possible they revolutionize our current Active Directory environment and where we're heading with Active Directory some of you are already in hybrid some of you aren't in the ability to use a template to automatically create users on Prem and in Azure direct active directory with a single click absolutely amazing okay so what we need to do is consider provisioning users right we also must consider the details of each component the password policy password limitations and I'm going to blow you away with some statistics and details around passwords inside of Azure Active Directory I'm going to blow you away with how we can actually increase the overall security in your hybrid environment related to passwords I mean one of the things that I think is so vital is the ability to give users when they don't know how to log on the ability to reset their own passwords whether they are on your work or whether they're in a hotel somewhere else around the world like I normally am and what we provide is we provide the ability for users to reset their own passwords that way they do not have to call the help desk this is part of the overall Azure Hybrid Active Directory environment because I need to decrypt for you what Microsoft provides and show you the limitations and then I need to show you what we provide and how we come in and we slide in and give you a full blanketed approach to users being able to control their own passwords yet the password is more secure and again this is where we start tying con concepts together I'm going to be able to utilize this increased password policy in an environment where providing the user to be able to reset their passwords anywhere in the world and the local cache on their machine is also updated it's genius ok but tying these concepts together takes a little bit of time I'm just introducing to you these ideas so that you now know what's possible okay so self-service Password Reset for your on-prem users for your mobile users is essential tying that with increased password security this is where we need to go I mean just look at some of the attacks I looked at an attack yesterday from a friend that lives in France there was a there was an organization that was attacked because they had weak passwords come on this is the year 2019 we have weak passwords in 2019 we are giving the attackers an open field to attack us we must take action whether it be action to know who's attacking us inside whether it be the the idea of increasing passwords or in a hybrid environment don't let the technology get ahead of you but these three concepts here I see around the internet around everywhere whether it be at Microsoft conference trade shows whether it be other security trade shows these are the technologies that I see as pushing us forward in Active Directory in 2019 so I will be in Poland for two full weeks this is the layout okay these are the dates where I will be and and and when I will be in Poland now what I encourage you to do I'm going to give you a couple of action items first I want you to come back to our security hardening site okay again to get the security hardening site products security hardening come down and I all I want you to do before you see me in May is I want you to pick one of these blue areas I don't care which one it is and I want you to walk through the blogs and videos and implement the technology that I'm suggesting it's it's it's built in this is built in technology I'm not having you download product or do anything all I'm doing is having you increase security for what you currently have – I want you to come to the main manage engine website I want you to go all the way to the bottom and go to events then I want you to go to May and you will see clearly here that we are going to be in Warsaw on the 14th come in here pick your city right and I want you to go and register for this event that's me this is where we're going to be and I want you to register for these events which ever City is closest to you you will not be dismayed this is a perfect opportunity for you to come spend some time with us there will be me there there will be other Active Directory experts there will be other experts in different areas plus all of your colleagues it is a half-day event you don't spend all day you come in you get the information amazing information I'm going to give you action items just like I'm giving you now you're going to be able to walk back to work and immediately start to increase security and management efficiency in your environment okay so I encourage you to take advantage of all the resources I've pointed out I encourage you to take advantage of the fact that I'm going to be live in Poland I have never had someone come up to me after a seminar and say that was a complete waste of my time it's usually the absolute awesome I made the opposite this has been the best use of my time possible I encourage you to do that so you have some action items to take advantage of right now you have some action items to take advantage of as the week's go on I hope to see you in Poland in mid-may I think it's going to be a very engaging event like I said I've done about 15 of these 80 seminars already this year I was just in Germany last week in three cities unbelievable events the the energy was high the excitement was there and I encourage you to come experience that so I'm gonna let you get back to work I definitely appreciate your time if you have any questions please email me this is my email address I'll be waiting for those I'll get back to you as soon as possible and until I see you in about a month in Warsaw and the other cities in Poland I wish you the best and I'm I hope you take advantage of the resources thank you very much for your time and I hope to see you soon thanks

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *