Any advice on how to best secure/monitor domain admin and higher-level access service accounts? It would be nice to have more detailed alerts regarding activity with these accounts than just if the account is locked. We are an Azure/AD shop. We have Arctic Wolf as our SOC.

1.8k views2 Comments

Sort By:

Oldest

Chief Evangelist in IT Servicesa year ago

Getting understanding of the ability for these accounts to read, update and delete data is essential and monitoring their actual activity is essential and can be provided through new DSPM tools

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

VP Cybersecurity in Banking7 months ago

import your logs into Splunk and then create alerts going to your SOC to validate appropriate usage.

Content you might like

Hello. I'd like to get peer insight on Windows Hello for Business, specifically: 1) Are you currently using or actively planning to implement Windows Hello for Business? If you're using it, do you have it deployed to all users/devices or only a subset of users/devices (e.g. only Executives, only in the IT area, not in manufacturing areas, only Sales, etc). 2) Do you require ADDITIONAL step-up authentication for when users access critical applications and/or sensitive information? If so – how are you doing this? (e.g., MS Authenticator MFA prompt, other 3rd party Authenticator solution, FIDO2 solution, etc) 3) Did you have any challenges with overall lifecycle management or operational challenges? (e.g. users forgetting their PIN, laptop replacement/hardware issues, user experience complaints, etc.) Thanks very much.

Identity & Access Management (IAM)Zero Trust

214 views

Single sign-on (SSO) increases the chance of a major network security breach.

Single Sign-On (SSO/SAML)Identity & Access Management (IAM)Third Party Risk Management (TPRM)

Strongly agree4%

Agreee59%

Neutral23%

Disagree12%

Strongly disagree1%

View Results

3.8k views2 Upvotes3 Comments

Curious how people are dealing with fraud, and specifically tech support scams, in their organisation. Our service desk have a protocol (using personal questions and answers or escalation to a manager) when validating staff requesting password resets. This wouldn't be scalable to our wider population. I've heard of one tech firm implementing something simple like 2 random words generated on an internally hosted website every, say, 60s that can be used as a challenge & response. Does anyone have any other smart, easy to use, bits of tech that I should consider as part of a wider on-going education and awareness campaign? I'm assuming this is a hot topic for many of you, given the recent Quick Assist social engineering ransomware attacks.

Relationship Management Awareness & Training Identity & Access Management (IAM)

2k views1 Upvote

Is SASE/SD-WAN a foolproof solution for ensuring remote workers access your system securely?

Identity & Access Management (IAM)Vendor/Product Recommendation Infrastructure

Head of Information Technology3 years ago

We used Okta with Device Trust and that works pretty well for ensuring that people are accessing at least some of the applications from devices that we manage. That works well for the most part. Of course, there are super ...read more

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & Leadership Strategy & Architecture Cloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments