This talk proposes a practical methodology to significantly increase an organization’s cyber resilience posture against advanced adversaries. Security practitioners are increasingly held to heightened expectations for cyber resilience – that is, the ability to anticipate, withstand, recover and adapt from cyber threats. However, anticipating the many potential threat groups and the hundreds of tactics, techniques and procedures (TTPs) they employ is difficult. Understanding how to withstand their attacks across thousands of assets is a challenge for even the largest of organizations. This talk will propose an approach for focusing defenses where they matter most. Definitions can be hard, but certain systems are highly targeted by threat actors because they perform functions critical to trust and are thus stepping-stones into everything else. We hone-in on often overlooked but critical assets by accounting for the value that these threat actors place on a given asset instead of solely focusing on the asset’s value from a business criticality or informational value perspective. Traditional reliance on Business Impact Analysis should be complemented with a “Voice of the Adversary” approach – i.e., an attacker viewpoint which is often focused on gaining access, sustaining that access, selling the access on, or seeking out opportunities for extortion, theft or fraud regardless of how the organization classifies the asset relevance. The talk starts by explaining what a cyber resilience operating model looks like, describes the attributes of high value targets, and provides use-cases for implementation across the balance of the operating model – e.g., assurance, preparedness, reporting, etc. The proposed approach is pluggable into existing frameworks such as NIST, MITRE and SABSA.
Cyber Resilience in Action: Focusing Defenses Where They Matter Most – An Adversarial Perspective
Through live demos, Microsoft MVP Christopher Brumm shows how you can implement granular access controls, privileged identity management, and access packages for partners and consultants, while maintaining high security standards.
In this HIP Conf session, Tim Wolf, Senior Solution Architect at Semperis, discusses the challenges of traditional PAW implementations and explores how modern PAW approaches offer greater flexibility and easier management while maintaining Zero Trust principles.
Token theft attacks—which enable attackers to impersonate users even in environments with strong authentication—are on the rise. Fortunately, Entra ID has built-in protections. Discover how to use them, how threat actors also leverage them, and how to detect such abuse.
True: You can’t get rid of NTLM in 30 minutes. The entire process typically takes months or even years. But in 30 minutes, you can learn invaluable tips for removing NTLM quickly but precisely. Get the method and toolkit in this HIP Conf session.
Microsoft Security expert and MVP Ru Campbell has worked across hundreds of Microsoft 365 and Entra ID tenants while building a multi-tenant cloud security posture management (CSPM) platform. This session distills practical lessons from that experience. Leave with a focused, immediately actionable set of high-impact security changes that you can apply to your own tenants.
Active Directory expert Christoffer Andersson delivers an in-depth technical presentation and practical security demonstration on the internal workings of Active Directory, clarifying common misconceptions and demonstrating advanced troubleshooting techniques.
Privileged Identity Management is key in a Zero Trust environment, but it’s not a plug-and-play solution. In this session, learn how to avoid common pitfalls and how administrators can unlock the full potential of PIM. Leave with best practices to enhance control and security in your daily operations.
Application security in Entra ID is an essential part of your identity and access management processes. Through the lens of real-world breaches, Sander Berkauer and Raymond Convalius how Entra ID applications work, risks of misconfiguration, and why everything is becoming an app-based identity.
Non-human workload identities involve a crucial human element: knowing how to securely configure and monitor them. In this session, Eric Woodruff, Chief Identity Architect at Semperis, and Thomas Naunheim, Cyber Security Architect, glueckkanja AG, explore workload identities and credential options for integrating your workloads with Entra ID.
Hybrid identity environments often turn into a patchwork of cloud and on-prem systems—breeding access chaos, privilege creep, and compliance risk. In this session, discover how Microsoft Entra ID Governance can bring unified control to mixed environments. Learn how to automate joiner-mover-leaver processes, enforce least privilege, and restore visibility and order across both worlds.