From Sandworm to a Safer Tomorrow: Lessons from Hybrid Identity Protection 2020
Four days, 23 speakers and 1576 attendees later, the third annual Hybrid Identity Protection 2020 (HIP) conference has come to a close. And despite being all virtual for the first time, this year’s event was one of the most powerful to date.
Day 1 – Crisis Management
Just 24 hours before the event began, the U.S. Department of Justice unsealed its indictment of six Russian hackers that formed Sandworm – a group allegedly linked to hacking incidents including the infamous NotPetya ransomware and attacks on the 2018 Winter Olympics.
This uncanny timing set the stage for HIP’s first keynote speaker Andy Greenberg, award-winning senior writer at WIRED and author of the book “Sandworm.” Andy’s presentation harkened back to the confusion and uncertainty caused by NotPetya and how it changed the way we think about security at its core.
In a subsequent rare Q&A session, Andy explained that while investigations like this are extremely difficult and time-consuming, it’s critical to respond and charge these six hackers in order to send a message. There’s a real fear among U.S. agencies like the DHS, the CISA, and intelligence agencies that a major ransomware attack could happen again. For organizations, Andy recommended that even more than defense, it’s important to focus on resilience: “You may not be able to prevent an attack. But perhaps you can be ready to respond to one and to bounce back from one,” said Andy.
Andy’s session kicked off a day of presentations centered on maturing incident response and disaster recovery capabilities. Moty Cristal of NEST, Negotiation Strategies, gave an honest look at what happens during negotiations with cybercriminals. Christoffer Andersson of Enfo helped attendees assess their organizations’ Active Directory resilience, while Sander Berkouwer of SCCT shared stories of what happens when hybrid identity management goes awry.
Capping off the day was an insightful panel on crisis management from a legal, technological, and business perspective. Participants Jules Okafor of RevolutionCyber, Kat Sweet of Capsule8, and Guido Grillenmeier of DXC Technology joined moderator Sean Deuby of Semperis to advise coordinating across multiple business functions to mitigate damages when cyber incidents occur.
Day 2 – Hybrid AD Security
On day two, attendees got technical and dug deeper into their own resilience when it comes to directory attacks on-premises and in the cloud.
In his keynote, Microsoft’s Alex Weinert, an identity expert that oversees billions of logins per day across the company’s products, showed how siloed thinking leads to gaps where attackers thrive. Integration and overlap, he explained, are vital to successful security. Alex went on to share tips on how to accomplish this goal in tricky situations.
Continuing the day, Jorge de Almeida Pinto of IAMTEC explained how businesses with legacy AD deployments and Identity Management systems could check and maintain their account hygiene. Roelf Zomerman, Cloud Solutions Architect at Microsoft, showed how to provide secure access to applications using Azure AD authentication while improving the end-user experience. Later, Accenture’s Joe Kaplan shared how enterprises can go passwordless, and Gil Kirkpatrick of Semperis mapped out how malware works to prepare defenders to protect against it.
The closing panel discussion featured Brian Desmond of Ravenswood Technology Group, along with Joe and Jorge discussing the complexities around hybrid AD security. The powerhouse team of experts shared tips and tricks of the trade, leaving attendees with insights they could bring back and immediately implement in their organizations.
Day 3 – Hacking Identity
After a few days to refresh, we reconvened at the HIP conference for a compelling keynote and history lesson from Chris Roberts of Semperis, one of the world’s foremost experts on counter threat intelligence. Chris discussed how studying techniques used by the Vikings, Mongols, Huns, and other historical adversaries could teach us about their high-tech counterparts today – as well as what’s to come.
Later that day, Wim van den Heijkant of Fortigi explored the recent “hack” at the SANS Institute, dispelling the myth that Azure AD conditional access protects organizations against all forms of authentication misuse. Darren Mar-Elia of Semperis then shared nearly 4 years of research on the various ways attackers exploit Group Policy. Andy Robbins of SpectorOps rounded out the presentations with a tactical session full of strategies for strengthening AD, making hackers’ lives just a little harder.
Closing the day, Wim and Chris discussed hybrid identity as a whole. The two pointed out the fact that we all carry multiple digital identities today and shared how enterprises can deal with the challenges that brings. The pandemic and remote work have made this issue more acute and reignited the importance of implementing a zero-trust environment.
Day 4 – Future Proofing Identity Security
As the conference’s final day began, Chris Kubecka of HypaSec turned our eyes to the future with her presentation on securing emerging technologies – think AI/ML, 5G, 6G, Chemical Printing, 4D Printing and designing a post-quantum world. Chris explained how fixing the cybersecurity problems we have now is absolutely critical as we look towards the potential dangers that lie ahead.
Turning the virtual mic over to Guido Grillenmeier of DXC Technology, we learned about why companies still struggle with the classic move from on-prem to the cloud and how to combine the best of both worlds. Siddharth Bhai of Google Cloud then explored access policies in a multi-cloud world and how to combine the best of both Google Cloud and Microsoft AD. In the afternoon, Stephen Oh of TrustKey Solutions dove into strategies for improving FIDO2 authentication (WebAuthn) for enterprise deployment and use.
At the closing panel, Julie Smith of the Identity Defined Security Alliance (IDSA) was joined by Siddharth and Gil to go further into the future of identity security. One core takeaway? It’s about authorization, not authentication. Authentication is just a way to make sure the attributes are trustable, but it does not actually protect or prevent attacks. Developers should be stepping back to think about how to authorize the right users and externalize that in different environments – because it’s changing all the time.
It’s a Wrap
The HIP conference may be over, but the lessons from the event live on and hold true gems for those grappling with complex identity infrastructure and cybersecurity challenges at all levels.
For anyone that missed the live event, I highly recommend taking in a time-shifted version at your leisure. I’m also happy to say that many of these experts will be joining Semperis on the HIP Podcast in the weeks ahead.
Please follow along, tune in, and be in touch as we explore the many facets of defending hybrid identity environments. There’s much we can learn from one another!
The post From Sandworm to a Safer Tomorrow: Lessons from Hybrid Identity Protection 2020 appeared first on Semperis.
*** This is a Security Bloggers Network syndicated blog from Semperis authored by Thomas Leduc. Read the original post at: https://www.semperis.com/blog/from-sandworm-to-a-safer-tomorrow-lessons-from-hybrid-identity-protection-2020/