使用Player FM应用程序离线!
7MS #472: Interview with Christopher Fielder
Manage episode 295153386 series 1288763
Today our good pal Christopher Fielder from Arctic Wolf is back for an interview three-peat! He joins Joe "The Machine" Skeen (a.k.a. Gh0sthax) and I to talk about all things ransomware, including:
How the Colonial Pipeline incident may have started from a weak VPN cred with no MFA. Silver lining (?) - they got some of the $ back.
Was the federal government's response good enough? What should the government be doing to better handle and manage ransomware?
-
- Common ways ransomware gets in our environments, and some ways to NOT get ransomware'd:
- Use 2FA (make sure that all accounts are using it!)
- Consider having (if possible) your AD user scheme be something like chi-user4920394 instead of Joe.President
- Have users that haven't logged in for X days get automatically locked out
- Train your users - consider Arctic Wolf's managed security awareness offering
- Detect early signs of compromise like Kerberoasting
- Lock down your DNS egress to only specific servers so that it doesn't run "wide open"
- Leverage good threat intel
- Common ways ransomware gets in our environments, and some ways to NOT get ransomware'd:
619集单集
Manage episode 295153386 series 1288763
Today our good pal Christopher Fielder from Arctic Wolf is back for an interview three-peat! He joins Joe "The Machine" Skeen (a.k.a. Gh0sthax) and I to talk about all things ransomware, including:
How the Colonial Pipeline incident may have started from a weak VPN cred with no MFA. Silver lining (?) - they got some of the $ back.
Was the federal government's response good enough? What should the government be doing to better handle and manage ransomware?
-
- Common ways ransomware gets in our environments, and some ways to NOT get ransomware'd:
- Use 2FA (make sure that all accounts are using it!)
- Consider having (if possible) your AD user scheme be something like chi-user4920394 instead of Joe.President
- Have users that haven't logged in for X days get automatically locked out
- Train your users - consider Arctic Wolf's managed security awareness offering
- Detect early signs of compromise like Kerberoasting
- Lock down your DNS egress to only specific servers so that it doesn't run "wide open"
- Leverage good threat intel
- Common ways ransomware gets in our environments, and some ways to NOT get ransomware'd:
619集单集
所有剧集
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。