4 Ways Your Organization Can Be Hacked

Transcription

1 Behind the Scenes 4 Ways Your Organization Can Be Hacked Brian Johnson President, 7 Minute Security Jeff Melnick Netwrix, Systems Engineer

2 Agenda Quick introductions The ways your organization can be hacked How Netwrix can help to detect the attacks Q&A session Prize Drawing

3 Who s this guy? Security engineer for 7 Minute Security Podcaster Not famous Tiny movie star

4

5 The story Evil Eric Gordon got fired from Madison Hotels, Inc. and HE WANTS REVENGE!!! Can Netwrix help save the day?

6 Eric Gordon is angry Laid off for bad behavior He wants revenge! Can Billy defend the Madison Hotels network?!

7 Eric s hacking playbook Attack the wifi! Log into my old Active Directory account Password spraying attacks Try to add a new local admin account Plant malware Mousejacking attack! Get domain admin access Cover my tracks

8 Wireless attack try old wifi password!

9 Wireless attack get Wifite

10 Wireless attack capture/crack handshake

11 Login with old account

12 Login with an old account detected!

13 Eric s hacking playbook Attack the wifi! Log into my old Active Directory account Password spraying attacks Try to add a new local admin account Plant malware Mousejacking attack! Get domain admin access Cover my tracks

14 Password spray attack (domain account)

15 Password spray attack (domain account) detected!

16 Password spray attack (local PC)

17 Password spray attack (local PC) detected!

18 Eric s hacking playbook Attack the wifi! Log into my old Active Directory account Password spraying attacks Try to add a new local admin account Plant malware Mousejacking attack! Get domain admin access Cover my tracks

19 Plant malware

20 Plant malware detected!

21 Plant malware detected!

22 Eric s hacking playbook Attack the wifi! Log into my old Active Directory account Password spraying attacks Try to add a new local admin account Plant malware Mousejacking attack! Get domain admin access Cover my tracks

23 Mousejacking attack

24 Mousejacking attack

25 Lets stop for a minute If someone gained Domain Admin on your Active Directory right now: - Would you know? - Are you logging for it? - Could you respond quickly?

26 Mousejacking attack UNDETECTED! But

27 Mousejacking attack UNDETECTED! But

28 Mousejacking attack UNDETECTED! But

29 Mousejacking attack UNDETECTED! But

30 Mousejacking attack cleanup

31 Eric s hacking playbook Attack the wifi! Log into my old Active Directory account Password spraying attacks Try to add a new local admin account Plant malware Mousejacking attack! Get domain admin access Cover my tracks

32 Conclusion Netwrix alerts us to key events happening in our AD environment: - Password spraying - Login attempts to disabled accounts - New local accounts added to key systems - High privilege group membership changes - Malicious user behavior complete with video proof!

33 Netwrix Auditor Know Your Data. Protect What Matters Netwrix Auditor is an agentless data security platform that empowers organizations to accurately identify sensitive, regulated and mission-critical information and apply access controls consistently, regardless of where the information is stored. It enables them to minimize the risk of data breaches and ensure regulatory compliance by proactively reducing the exposure of sensitive data and promptly detecting policy violations and suspicious user behavior.

34 Netwrix Auditor Unified Platform Data Discovery & Classification Infrastructure Unstructured Data Structured Data Cloud Free Add-ons Netwrix Auditor for Active Directory Netwrix Auditor for Windows File Servers Netwrix Auditor for SQL Server Netwrix Auditor for Azure AD Add-on for Generic Linux Syslog Netwrix Auditor for Network Devices Netwrix Auditor for SharePoint Netwrix Auditor for Oracle Database Netwrix Auditor for Office 365 Add-on for Amazon Web Services Netwrix Auditor for Windows Server Netwrix Auditor for EMC Deployment Options Add-on for ServiceNow ITSM Netwrix Auditor for VMware Netwrix Auditor for NetApp Add-on for Splunk Netwrix Auditor for Exchange On-premises Deployment Virtual Appliance Cloud Deployment Add-on for IBM QRadar

35 Netwrix Auditor Evolution Standalone Change Unified Platform for Visibility and Visibility Platform for User Behavior Analysis Auditing Tools Change, Configuration Governance Platform for and Risk Mitigation and Access Auditing Hybrid Cloud Security Predefined Change Auditing Reports Compliance Reports Virtual and Cloud Deployment Behavior Anomaly Discovery Data Discovery & Classification Edition Interactive Search RESTful API Risk Assessment User Profile Dashboards Add-on Store Alerts on Threat Patterns Automated Response File Analysis

36 Next Steps Free trial: Set up Netwrix Auditor in your own test environment netwrix.com/auditor9.7 In-browser demo: Run a demo right in your browser with no need to install anything netwrix.com/go/browser_demo Upcoming and on-demand webinars : Join upcoming webinars or watch recorded ones netwrix.com/webinars netwrix.com/webinars#featured

37 Questions?

38 Thank You!