The reality is that your network is under attack. The bad guys are using advanced machine learning techniques to exploit sometimes subtle vulnerabilities in your network implementation and design to gain a foothold inside your network. These footholds then use map the network, determine who the domain admin IDs are, who the local admins are, and what machines have local admins. In some cases, they are exploiting your actual techs, their rights and the tools we know and love network to deliver their deadly payload. Then those targeted users get phishing emails to try and gain access to their IDs, their workstations and their rights to the network.
You have to assume the bad guys are sitting next to you and your techs as you do your work. We have to design and in this case re-design the network to keep the bad guys as blind as possible to what the network looks like and contain any infection before it can do us serious harm.
In June Scott Quimby went through some frightening real-world scenarios on how your network is being attacked. You can view a recording of Hardening Active Directory Part I here.
Literally, the information about new, dangerous attacks have been pouring in ever since the June session. In June Scott talked about attacks that could destroy your network in 120 minutes that were happening. Since then there have been verified attacks compromising 50-60% of all network computers in just 4 minutes from the very first infection!
In this session, Scott continues the discussion of what is going on and provides useful information on how to better protect against these threats.
If you would like to watch this recording, please click here.