Stories from the Field: Practical Steps to Accelerate Response and Minimize Downtime After an Active Directory Attack

 

It’s no secret that the identity system is the primary target for cyber criminals. By compromising hybrid AD/Entra ID, the primary identity store for 90% of organizations worldwide, cybercriminals can disrupt business operations and extract sensitive data that they can use to demand ransom. What’s less understood is what happens inside the organization after Active Directory is attacked. What services and apps will go down? How will the IT and security teams communicate with each other? How can a known good AD backup be identified and accessed? Where is the response plan stored and does anyone have access to it when systems are down? Anyone have the cyber insurer’s contact info?

In this lively conversation among top experts In Identity Forensics & Incident Response (IFIR), we’ll unpack real-world identity attack response timelines: What goes sideways and how you can prepare for the worst.

October 16, 2025
See Other Session
Identity’s Work Is Never Done: Applying a Product Mindset to IAM
Uncategorized
Identity’s Work Is Never Done: Applying a Product Mindset to IAM

Hybrid Identity Attacks: Why You Need a Security Assessment
Uncategorized
Hybrid Identity Attacks: Why You Need a Security Assessment

Domain Controller Firewall: Fact or Fiction?
Uncategorized
Domain Controller Firewall: Fact or Fiction?

Panel: The Hybrid Identity Games
Uncategorized
Panel: The Hybrid Identity Games

End the ESCape Clause: Combatting AD CS Vulnerabilities
Uncategorized
End the ESCape Clause: Combatting AD CS Vulnerabilities

Beyond Backups: Practical Steps to Build Operational Resilience
Active Directory security, Cyberattack recovery, Hybrid cloud security, Identity threat detection and response
Beyond Backups: Practical Steps to Build Operational Resilience

Hybrid Identity Unplugged: An AMA with Microsoft AD & Entra Experts
Uncategorized
Hybrid Identity Unplugged: An AMA with Microsoft AD & Entra Experts

From Hybrid to Full Cloud- Is It Right for You?
Uncategorized
From Hybrid to Full Cloud- Is It Right for You?

Enterprise PKI Today: Friend or Foe?
Uncategorized
Enterprise PKI Today: Friend or Foe?

Exposing Hidden Attack Paths: How Threats Get Past Your Best Defenses
Uncategorized
Exposing Hidden Attack Paths: How Threats Get Past Your Best Defenses

Learn More