This is promotional content. Learn more.
We’ve said it many times and we won’t change our mind anytime soon: we go to conferences to meet old friends, make new ones, and have stimulating conversations.
It can be a tour de force as we have a limited amount of time and an almost unlimited number of topics we can chat about. Yes, we can all agree that the InfoSec industry has become a variegated field with a great variety of people and stories. We sure love that, but when story time is also lunch time, it takes a special topic to get the the energy level up and starting the podcast by telling stories about the early days (1970’s) of the Atari 800 can have that reinvigorating effect. That’s exactly what Marco and I did when we spoke with Darren Mar-Elia from Semperis. That wasn’t all that we spoke about though—that was just the ice-breaker for the chat we had.
As both a published author and as a journalist for the early days of Windows IT Pro, we were thrilled to chat with a fellow storyteller whose professional IT career traces back to mainframes and Unix Spark stations.
In 2006, Darren started his own company, SDM Software, and became known as the “GPO Guy” with the goal of helping organizations get a handle on their group policies. After recognizing that he continues to see the “same” things every handful of years—in 1995, again in 2000, again in 2005, and so on—Darren decided to join Semperis in 2017 to help organizations overcome their Active Directory (AD) challenges; challenges he’s seeing far too often connected to his earlier life in GPO-land.
One of the biggest challenges organizations face when it comes to managing their Active Directory is keeping everything up-to-date, in sync and online, especially in the case where ransomware and other malware attacks hit the AD source. Were these attacks completed using AD APIs such that the security team never sees any log entries—since there aren’t any log entries? What does the backup and recovery process look like? Does the company even have a reliable, clean (non-infected) backup available? Are there any backdoors present that could allow the bad actors to elevate privileges in the AD, even after the restoration process has been completed?
These are all tough questions to answer for many; they become significantly more challenging when you look at bringing in cloud-based AD services (i.e. Azure AD) that may also connect to some on-premises services.
Thankfully, Darren is able to provide some seriously-valuable insight into these questions and more. However, my final question taking the API model to the next level—where machine-to-machine and bot-driven actions are being performed on our behalf—Darren had a different idea in mind.
Have a listen to hear what Darren’s plan is when this eventuality becomes reality.