Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT...
Transcript of Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT...
![Page 1: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/1.jpg)
![Page 2: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/2.jpg)
AGENDA
• Presentazione Alsid• Active Directory(in) security• Alsid per AD• Case Studies• Demo• Architettura
![Page 3: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/3.jpg)
Break the dynamics of most
cyber attacks by preventing
lateral movementFounded by leading incident
responders, the brains behind
Bloodhound
Operations in 15 countries,
protecting 100+ customers and
4M+ accounts
© ALSID COPYRIGHT 2019
![Page 4: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/4.jpg)
Active Directory
(in)security
1
![Page 5: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/5.jpg)
Active Directory
• Governs authentication, holds all passwords
• Manages access rights to every vital asset
• Is a 20-year-old design that didn’t evolve much
• Is impossible to maintain in a pristine state
Clean AD implementations are a myth, and hackers
know how to exploit weaknesses
Active Directory holds
the keys to your realm
C O R P O R A T E D A T A
U S E R S &
C R E D E N T I A L S
I C S & S C A D A
E - M A I L
A P P L I C A T I O N S
C L O U D R E S O U R C E S
T H E C O R E
O F Y O U R I N F R AS T R U C T U R E
![Page 6: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/6.jpg)
T H E R O O T C A U S E O F AL L W I D E S P R E A D C O M P R O M I S E S
N O R S K H Y D R OM a r c h 2 0 1 9
S O N Y
N o v e m b e r 2 0 1 4
T A R G E T
D e c e m b e r 2 0 1 3
C A R B A N A K
F e b r u a r y 2 0 1 5
B A L T I M O R E
J u n e 2 0 1 9
A U R O R A
J a n u a r y 2 0 1 0
U N I T E D N A T I O N SJ a n u a r y 2 0 2 0
S I N G H E A L T HO c t o b e r 2 0 1 8
![Page 7: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/7.jpg)
© ALSID COPYRIGHT 2019
T H E CY B E R K I L LC H A I N F R A M E W O R K
Phishing
campaign on
selected targets
Initial Endpoint
compromise
Company’s
infrastructure
cartographyLocal privilege
escalation
Lateral
movement
Credentials replay
on privileged
accounts Privileges
Escalation on AD
Post exploitation
(persistence,
backdooring) Business
resources
tampering
Exfiltration using
side-channel
tunnels
Target
recognition
A security gap that has received too little attention
from our industry, and far too much from hackers
0
1
2
3
4
5
6
7
8
9
10
W I D E S P R E A D C O M P R O M I S E
• PEN-TESTING
• SIEM-BASED CORRELATION
• COMPLIANCE & AUDIT TOOLS
• AGENT-BASED BEHAVIORAL DETECTION
![Page 8: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/8.jpg)
Alsid for AD
2
![Page 9: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/9.jpg)
T H E C H A L L E N G E S Y O U C AN S O LV E
INVESTIGATE INCIDENTS & HUNT FOR THREATS
• Search and correlate AD changes at object and attribute levels
• Trigger response playbooks in your SOAR
UNCOVER NEW ATTACK PATHWAYS
• Continuously identify new vulnerabilities and misconfigurations
• Break attack pathways and keep your threat exposure in check
FIND AND FIX YOUR EXISTING WEAKNESSES
• Immediately discover, map, and score existing weaknesses
• Follow our step-by-step remediation tactics and prevent attacks
DETECT ONGOING ATTACKS IN REAL TIME
• Get alerts and actionable remediation plans on AD attacks
• Help your SOC team visualize notifications & alerts in your SIEM
1 2
34
NO AGENTS AD-NATIVENO PRIVILEGES NEAR-INSTANT VALUE
CLOUD & ON-PREM
AD ADMINS
BLUE TEAMS & AUDITORS
AD ADMINS
SOC ANALYSTS
INCIDENT RESPONDERS
THREAT HUNTERS
SOC ANALYSTS
THREAT HUNTERS
![Page 10: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/10.jpg)
S I M P L E , S E AM L E S S I N T E G R AT I O N
FLEXIBLE
AND INSTANT-ON
APPLICATION
NO AGENT,
NO DEPLOYMENT,
NO WEIRD RIGHTS
STANDARD
PROTOCOLS,
NO-SURPRISE
ARCHITECTURE
AVAILABLE IN OUR
CLOUD, IN YOUR
COUNTRY
A MODERN SAAS-BASED SOLUTION
LDAP KERBEROS
SMB/CIFS DNS
NETBIOS
GLOBAL CATALOG
DSRU RPC
ALSID For AD
SELECTED
DOMAIN
CONTROLLER
![Page 11: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/11.jpg)
S I M P L E , S E AM L E S S I N T E G R AT I O N
FLEXIBLE
AND INSTANT-ON
APPLICATION
NO AGENT,
NO DEPLOYMENT,
NO WEIRD RIGHTS
STANDARD
PROTOCOLS,
NO-SURPRISE
ARCHITECTURE
AVAILABLE IN OUR
CLOUD, IN YOUR
COUNTRY
A MODERN SAAS-BASED SOLUTION
LDAP KERBEROS
SMB/CIFS DNS
NETBIOS
GLOBAL CATALOG
DSRU RPC
ALSID For AD
SELECTED
DOMAIN
CONTROLLER
Customer cases
5
![Page 12: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/12.jpg)
![Page 13: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/13.jpg)
K E Y
M E T R I C S
T A C K L I N G T H E
C H A L L E N G E
R E S U L T S
25 Domains under continuous supervision 400.000 AD user accounts protected
CH
AL
LE
NG
ES
COMPLEX ENVIRONMENT
Sanofi has 87 manufacturing sites in 38 countries.
All of them are integrated in the global AD, with dozens
of forests and domains and 400 DC.
LEGAL REGULATIONS
To ensure its clients’ safety, the pharmaceutical sector is
heavily regulated. For example, the composition of each
drug must be guaranteed along the whole production chain.
SO
LU
TIO
N
SHEDDING LIGHT ON THE AD RISK LEVEL
Alsid allowed the global CISO office to have an up-to-
date view of the security risks on the infrastructure,
presented in clear and actionable dashboards.
DESIGNING A GLOBAL SECURITY ROADMAP
Alsid offered a prioritized security roadmap with quick-win
actions. Every action’s technical cost is evaluated, and
executives can follow the security plan execution.
Worldwide AD infrastructure coverage
Continuous
monitoringof highly critical assets
Board-level
dashboards presented to executives
![Page 14: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/14.jpg)
![Page 15: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/15.jpg)
K E Y
M E T R I C S
T A C K L I N G T H E
C H A L L E N G E
R E S U L T S
34 Companies acquired by
Vinci Energies in 2017 85.000 AD user accounts protected
CH
AL
LE
NG
ES
MAINTAINING SECURITY BOUNDARIES
Vinci Energies previously established robust security
boundaries on its HQ infrastructure. Maintaining them
throughout all its acquisitions is no easy challenge.
INTEGRATING NEW COMPANIES
Once a new company is bought, business pressures IT
to integrate infrastructures quickly, sometimes at the
expense of cybersecurity.
SO
LU
TIO
N
CONSOLIDATED DASHBOARD
All of Vinci Energies subsidiaries’ security levels are
presented in a global dashboard so that security gaps
are discovered quickly.
INSTANT & CONTINUOUS ASSESSMENT
Before integrating a newly acquired company, Vinci
Energies security team performs an initial assessment
and sets security goals. They follow the implementation of a minimal acceptable level before integration.
Flawless & quick
integration of new companies
Up-to-date security checks
Leverage AD
security in the due-diligence process
![Page 16: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/16.jpg)
Demonstration
3
![Page 17: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/17.jpg)
A L S I D F O R A D I N R E AL L I F E
![Page 18: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/18.jpg)
A L S I D F O R A D I N R E AL L I F E
![Page 19: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/19.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
EXECUTIVE SUMMARY IMPACTED DOMAINS
DOCUMENTS
ATTACKER KNOWN TOOLS
![Page 20: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/20.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
EXECUTIVE SUMMARY IMPACTED DOMAINS
DOCUMENTS
ATTACKER KNOWN TOOLS
VULNERABILITY DETAILS
![Page 21: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/21.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
VULNERABILITY DETAILSVULNERABILITY DETAILSDEVIANT ELEMENTS
No
ExportOKAction
1
![Page 22: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/22.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
VULNERABILITY DETAILSVULNERABILITY DETAILSDEVIANT ELEMENTS
No
ExportOKAction
1
![Page 23: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/23.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
VULNERABILITY DETAILSVULNERABILITY DETAILSDEVIANT ELEMENTS
No
ExportOKAction
1
![Page 24: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/24.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
VULNERABILITY DETAILSVULNERABILITY DETAILSDEVIANT ELEMENTS
No
ExportOK
1
Action
![Page 25: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/25.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
VULNERABILITY DETAILSVULNERABILITY DETAILSDEVIANT ELEMENTS
No
ExportOK
1
VULNERABILITY DETAILSVULNERABILITY DETAILSDEVIANT ELEMENTS
No
ExportOK
1
Action
IGNORE DEVIANT ELEMENTS
![Page 26: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/26.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
NoYes
ExportOK
1
Action
DEVIANT ELEMENTS
ExportOK
1
Action
![Page 27: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/27.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
Yes
DEVIANT ELEMENTS
ExportOK
1
Action
EXECUTIVE SUMMARY
DETAILS
DEACTIVATE OR DELETE THE ILLEGITIMATE DOMAIN CONTROLLERS
![Page 28: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/28.jpg)
SECURITY ANALYTICS
MANAGEMENT
No
Yes
DEVIANT ELEMENTS
ExportOK
1
Action
EXECUTIVE SUMMARY
DETAILS
DEACTIVATE OR DELETE THE ILLEGITIMATE DOMAIN CONTROLLERS
INVESTIGATE THE ROOT CAUSES OF THE INCIDENT
for99+
?
![Page 29: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/29.jpg)
SECURITY ANALYTICS
MANAGEMENT
No
Yes
DEVIANT ELEMENTS
ExportOK
1
Action
EXECUTIVE SUMMARY
DETAILS
DEACTIVATE OR DELETE THE ILLEGITIMATE DOMAIN CONTROLLERS
INVESTIGATE THE ROOT CAUSES OF THE INCIDENT
for99+
?
0-30 days Only deviant events
Pause the Trail Flow
![Page 30: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/30.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
0-30 days Only deviant events
Pause the Trail Flow
ATTRIBUTES IMPACTED DOMAINS
INDICATORS
![Page 31: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/31.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
0-30 days Only deviant events
Pause the Trail Flow
ATTRIBUTES IMPACTED DOMAINS
INDICATORS
![Page 32: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/32.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
0-30 days Only deviant events
Pause the Trail Flow
ATTRIBUTES IMPACTED DOMAINS
INDICATORS
No
EXECUTIVE SUMMARY
DOCUMENTS
ATTACKER KNOWN TOOLS
![Page 33: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/33.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
EXECUTIVE SUMMARY
DOCUMENTS
ATTACKER KNOWN TOOLS
ALERTS
Select current page
OKActionNo
![Page 34: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/34.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
No
EXECUTIVE SUMMARY
DOCUMENTS
ATTACKER KNOWN TOOLS
ALERTS
Select current page
OKActionNo
![Page 35: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/35.jpg)
SECURITY ANALYTICS
MANAGEMENT
for99+
?
0-30 days Only deviant events
Pause the Trail Flow
ATTRIBUTES IMPACTED DOMAINS
INDICATORS
![Page 36: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/36.jpg)
![Page 37: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/37.jpg)
A S N E A K P E A K I N TO O U R I N D I C ATO R - O F - E X P O S U R E S
© ALSID COPYRIGHT 2019
S E C U R I T Y M O D E L
R E L A T E D I O E
KDC password
last change
Protected
users
Privileged account
with SPN
Last logon date
for admin accounts
SD Propagator
consistency
Replication
policy
Objects
access control
Unconstrained
delegation
Bitlocker
key access control
Don’t expire
accounts
Protected
users
Administration
attribute
Privileged groups
membership
Reversible
password storage
Disabled accounts in priv. groups
Anonymous
users behavior
Kerberos user
accounts config
Fine-grained
password policy
Trusts
attributes
Directory
configuration
Blocking OU
Managed
service accounts
Obsolete
systems
Trusted certificate
authorities
Schema security
descriptor
DSRM account
Advanced
audit policy
RODC
KDC account
RODC
management account
Control caching
policy on RODC
RODC filtered
attributes
RODC global
revealed group
Sensitive
GPO link
Lateral
move restriction
Enforced
GPO
Disabled
or unlinked GPO
A C C O U N T S
R E L A T E D I O E
C O N F I G U R A T I O N
R E L A T E D I O E
R E A D - O N L Y D C
R E L A T E D I O E
S1S1
S2S2
S3S3
S4S4
S5S5
S6S6
S7S7
S8S8
S9S9
A1A1
A2A2
A3A3
A4A4
A5A5
A6A6
A7A7
A8A8
A9A9
C1C1
C2C2
C3C3
C4C4
C5C5
C6C6
C7C7
C8C8
C9C9
R1R1
R2R2
R3R3
R4R4
R5R5
R6R6
R7R7
R8R8
R9R9
![Page 38: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/38.jpg)
Architecture
4
![Page 39: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/39.jpg)
S I M P L E , S E AM L E S S I N T E G R AT I O N
FLEXIBLE
AND INSTANT-ON
APPLICATION
NO AGENT,
NO DEPLOYMENT,
NO WEIRD RIGHTS
STANDARD
PROTOCOLS,
NO-SURPRISE
ARCHITECTURE
AVAILABLE IN OUR
CLOUD, IN YOUR
COUNTRY
A MODERN SAAS-BASED SOLUTION
Corporate VPN
infrastructure
Monitored domainsYour dedicated
Alsid Cloud instance
CLIENT’S INFRASTRUCTURE
![Page 40: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/40.jpg)
S I M P L E , S E AM L E S S I N T E G R AT I O N
FLEXIBLE
AND INSTANT-ON
APPLICATION
NO AGENT,
NO DEPLOYMENT,
NO WEIRD RIGHTS
STANDARD
PROTOCOLS,
NO-SURPRISE
ARCHITECTURE
AVAILABLE IN OUR
CLOUD, IN YOUR
COUNTRY
A MODERN SAAS-BASED SOLUTION
LDAP KERBEROS
SMB/CIFS DNS
NETBIOS
GLOBAL CATALOG
DSRU RPC
ALSID For AD
SELECTED
DOMAIN
CONTROLLER
![Page 41: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/41.jpg)
QUESTION
![Page 42: Alsid - Corporate Presentation - 2020passport.exclusive-networks.it/upload/workdoc/... · THE ROOT CAUSE OF ALL WIDESPREAD COMPROMISES N OR S K H YD R O M a r c h 2 0 1 9 S ON Y N](https://reader034.fdocuments.us/reader034/viewer/2022042613/5f8eec7079c32027b24297bf/html5/thumbnails/42.jpg)
Mauro Suardi
Business Development Director
Mobile: +39 348 8373147
Piero Provenza
Systems Engineer
Mobile: +39 347 08.27.973
DL: +39 011 2747.607