Filling the Active Directory Security Gaps in Your SIEM
Lateral movement and privilege escalations through Active Directory are the root cause of all breaches. SIEM solutions are not new, and most organizations rely on them to measure the overall security of the network and devices that the SIEM is monitoring. SIEMs can gather log information from computers, firewalls, network devices, printers, and more.
With each device having a different logging format, as well as different levels of events, the SIEM must be configured for each and every device to ensure proper analysis and event gathering. Just looking at Active Directory and domain controllers alone, you’ll find thousands of generated events.
There’s a hacker-shaped hole in your SIEM. Stopping AD compromise begins with weeding out the root causes: lateral movement + privilege escalation.
Get the Alsid Academy guide by Microsoft MVP Derek Melber at Alsid to help fill the gaps in your SIEM.
Agenda:
- Where SIEMs succeed (and fail)
- SIEM customization, correlation, and false positives
- The risks of agent- and privilege-based solutions
