Commvault Field CTO and Principal Technologist Dan Conrad stopped by Episode 12 of The Resilience Rundown podcast to chat with host Thomas Bryant about Active Directory. Dan has over two decades of Active Directory experience.<\/p>\n\n\n\n
Thomas mentioned that many people in the industry tend to overlook authentication and Active Directory when they\u2019re planning for cyber incidents. Dan agreed that the most common threats haven\u2019t changed over his career and tend to boil down to people, processes, and mentalities.<\/p>\n\n\n\n
He shared that the way Active Directory was administered previously was flawed and administrators created dangerous or exploitable situations by running all over the network and doing everything with admin credentials.<\/p>\n\n\n\n
The single sign-on nature of Active Directory, Dan said, makes it very easy for users and admins to use, but we leave footprints everywhere we go. And those footprints are exploitable by attackers. He mentioned many examples of breaches resulting from one user with a compromised credential.<\/p>\n\n\n\n
Over the years, admins including Dan have made advances in security practices, such as managing his regular account separately from his admin account, and using Priviliged Access Management solutions.<\/p>\n\n\n\n
\u201cThat\u2019s much more efficient from a security perspective because every time I’m done using it, I check it back in and it changes the password, which nullifies all those hashes I just left across the network so that they can\u2019t be exploited,\u201d he said.<\/p>\n\n\n\n
He also mentions the need to be careful about giving out credentials just because someone asks \u2013 and keep an eye on third-party domain trust relationships that can put systems at risk.<\/p>\n\n\n\n
Thomas asked about other best practices to secure Active Directory against threats beyond separating roles and PAM. Dan mentioned patching, with an awareness of the impact to legacy applications. He also mentioned the most important thing is knowing everything you can possibly know about Active Directory.<\/p>\n\n\n\n
\u201cThat\u2019s sort of my mentality, that safety net, that you think you know how to detect, you think you know how to patch, you think you know how to do all this stuff,\u201d Dan said. \u201cBut if you can\u2019t recover, none of that really matters because there\u2019s going to be something you didn\u2019t know about.\u201d<\/p>\n\n\n\n
Thomas\u2019 question on the role of backup and recovery in terms of protecting Active Directory prompted Dan to recall some sticky situations from the past. However, he also mentioned that \u201cthe other side of that is having the ability to recover at a granular level, is sort of a very relaxing feeling.\u201d<\/p>\n\n\n\n