Active Directory security has come to the forefront in the past few years, with more research & conference talks covering the issues. Many organizations have moved through the standard steps of limiting what accounts have administrative rights, configuring security tools, & optimizing visibility in their SIEM. So, what's next? This talk is focused on the items that greatly improve enterprise security that are the next steps that should be done (beyond the basics), & why they should, which often aren't. The action items required to consider an AD environment as "secure" are clearly outlined and identified. Visiting ADSecurity.org is only the beginning... :)
Sean Metcalf is founder & principal consultant at Trimarc (Trimarc.io), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory attack & defense at many security conferences (Black Hat, DEFCON, DerbyCon, etc). He currently provides security consulting services to customers and posts interesting Active Directory security information at ADSecurity.org.