How do you protect against ransomware? We’ll show you.

Welcome. This is Quest Unscripted. A vlog series on trending topics. And Quest solutions related to Active Directory. Office 365. Oh and don't forget Azure AD. You are here because you have questions. We're here because we have answers. I think. We will address questions we've received from customers. Who experience the same challenges as you. All with the goal of helping you confidently move. Manage. And secure. Your Microsoft environment. We call the show Quest Unscripted. Because. Except for this intro. Nothing we say is scripted or rehearsed. And we're pretty sure you'll notice that right away. So Rob, you do a lot of customer calls for a lot of the reps here at Quest. So is there a common question that you have been receiving in the last few weeks? Yeah. I mean the there's not one specific question but it's more around the area of securing the environment and protecting it and obviously recovering. So the main focus has been I guess most customers are concerned about not if they're going to be hit with ransomware but more when. And they're starting to focus on locking down the environment, protecting it, and then like I said, more importantly recovering. How do they get themselves out of trouble if they are in that position. Yeah. And you know what, Brian, before you add your comments, we just got off a call where you presented to us best practices on how customers can protect and what we should go out and talk to customers about. Do you want to give us a two or three minute rundown of what you discovered? Yeah first of all, we do a disclaimer. There's no guarantee that us or any vendor can say that you can't be hacked or compromised. The number of different zero day exploits that are out there continue to grow. A recent book I'm reading is by Nicole Perlroth, This Is How They Tell the World Ends. And it kind of goes into a lot of the nation states and how they hoard a lot of different exploits. And unfortunately with the previous events with Microsoft back in the summer of the SolarWinds breached, even earlier this week with Mimecast, there's notifications and source codes that has been taken. And given enough time and source code I could reverse engineer, and maybe find different flaws that others may not previously seen. So I'm expecting a lot more activity to happen in the future. So what can we do to try to prevent? People usually try to get it either now with the zero day phishing whatever, you know that's a tough thing. When people get in, they try to spread and get more access and raise their rights so they can have a bigger impact, i.e., we were talking about Rob with ransomware. So what are people doing? They're using the same old methods they always have that. Mimecast is freely available. People will come in there and they will try to pivot. If there has something on memory on that local machine, they will try to get all the information that's locally there and pass off. So maybe it is DC sync detection, that [INAUDIBLE] replication events. If they get that, they get all the information they need to create a golden ticket. Are they actually using a golden ticket? My theory is, if people are going to attack, they're going to sit out there, maybe the [INAUDIBLE] encoder capabilities. People kind of pivot in there and wait to the right time and deploy the payload later on when maybe it's more hectic for your business, it will be a lot more likely to pay. So a lot of companies do that capability to restore, but there's lots of different things we want to try to do to prevent or detect that they are happening right away. Yeah and recently I had a customer ask-- well actually he was kind of very proud of their DR setup. And they were saying that they were creating snapshots on an hourly basis. And they went on and talked about everything that they have configured and set up for different sites, and different geographical locations. And then I just asked one question and it all fell apart. Like what if the ransomware was introduced months ago and it's within your snapshots or your backups? Now what? And then that's when they started to realize that they assumed that they had all their bases covered. But that's one component that gets missed out is what if the ransomware or malware is introduced at a later point and it's within your backups, then how do you recover? Yeah. I feel like it's always a catch up game between hackers and organizations. And the more that's out there, the more aware you can become, and the better secured you can be. But it's not unending game. You're always going to be looking for what else can I do to improve my security postures. All the time. And obviously Quest can definitely help with that. Anything else? That's it. Thank you guys.