Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Directory Security Through Privilege Tiering

Netwrix
07/15/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


The answer lies in tiering, separating privileges to minimize risk and prevent catastrophic breaches. Let's break it down. I'm gonna start off this presentation by talking a little bit about some magic numbers from the previous year. So the first number is two hours and two hours is the time on average that it takes for a malicious actor to get from the first initial breach. Let's say they breach your VPN router, for example, or VPN gateway. Two hours is the average time that it takes from that event to full domain compromise or full Azure AD tenant compromise. So I would say that's a relatively short time. And the next number is very contradicting because 180 days on the other hand is the average that they use before they show up anything on your screen saying that you're ransom door. So 180 days and two hours, very different. What can we learn from this? Well, one thing I think you should learn is that 180 days is the time of logs you should have at least. So compared to the defaults of Microsoft Defender for endpoint for 30 days, for example, that's very low. Now, why is it 180 days? That's because of how the industry is built. So now previous years, almost as big as ransomware has been, which is credential harvesting and access harvesting. This means that they actually go into your environments. They figure out a username and password for your router. And then they sell that information to someone else because it's easier to let someone else do the heavy lifting. Why would you go through all the trouble of keeping your customer engaged with your ransomware event? So just sell it to someone with 10th of the price but have 10 of them and you get the same money. Simplify, secure, succeed. Learn how tiering can safeguard your organization. Watch the full webinar now.

TL;DR

  • Threat actors can compromise entire domains or Azure AD tenants in an average of two hours from initial breach, highlighting the speed of modern attacks.
  • Organizations should maintain at least 180 days of security logs, significantly exceeding Microsoft Defender for Endpoint's 30-day default retention period.
  • Credential harvesting and access brokering have become as significant as ransomware, with attackers selling compromised credentials to other threat actors rather than executing attacks themselves.

Summary

This promotional clip highlights the critical importance of privilege tiering in directory security, emphasizing the stark contrast between attack speed and detection timelines. The presenter reveals that threat actors can achieve full domain or Azure AD compromise in an average of just two hours from initial breach, yet remain undetected for approximately 180 days before deploying ransomware. This disparity underscores the need for extended log retention—at least 180 days compared to Microsoft Defender for Endpoint's default 30-day retention—to enable effective forensic investigation. The content also addresses the evolution of the threat landscape, noting that credential and access harvesting has become nearly as prevalent as ransomware itself, with attackers increasingly selling compromised credentials rather than executing attacks directly. The clip serves as a teaser for a full webinar on implementing practical tiering models to prevent lateral movement and contain breaches.

Chapters

0:00 - Introduction to Privilege Tiering
0:10 - Attack Speed Statistics
1:00 - Log Retention Requirements
1:20 - Credential Harvesting Trends

Key Quotes

0:15 "Two hours is the average time that it takes from that event to full domain compromise or full Azure AD tenant compromise."
0:47 "... 180 days on the other hand is the average that they use before they show up anything on your screen saying that you're ransom door."
1:20 "Now previous years, almost as big as ransomware has been, which is credential harvesting and access harvesting."

FAQ

Why do organizations need 180 days of log retention when attacks happen in hours?

While attackers can compromise a domain in two hours, they typically wait an average of 180 days before deploying ransomware or revealing their presence. This extended dwell time means organizations need sufficient log history to investigate the full attack chain and identify the initial breach point, which may have occurred months before detection.

How does privilege tiering help prevent rapid domain compromise?

Privilege tiering separates administrative access levels to contain breaches and prevent lateral movement. By implementing proper security controls at each tier—from domain admins to workstation admins—organizations can stop attackers from escalating privileges and moving from an initial breach point to full domain compromise within the critical two-hour window.


Categories:
  • » Webinar Library » Netwrix
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Identity & Access
  • Threat Intelligence
  • Best Practices
  • Getting Started
  • Webinar
  • Privilege Tiering
  • Identity Threat Detection
  • Active Directory Security
  • Azure AD Security
  • Credential Harvesting
  • Ransomware Defense
  • Log Retention
  • Lateral Movement Prevention
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Directory Security Through Privilege Tiering

              XStreaminars (watch here)

              • Jul
                28

                Illumio + Netskope: Zero Trust in the Age of AI Autonomy

                07/28/202601:00 PM ET
                • Jul
                  29

                  Ask Your Cloud Anything: Unlocking Governance Silos in your Environments

                  07/29/202601:00 PM ET
                  More events

                  Industry Events (watch there)

                  • Jul
                    22

                    Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                    07/22/202601:00 PM ET
                    • Aug
                      19

                      Becoming Agent Ready: Insights from Cyera's Expertise

                      08/19/202612:00 PM ET
                      More events

                      Upcoming Webinar Calendar

                      • 07/21/2026
                        04:00 AM
                        07/21/2026
                        Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                        https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
                      • 07/22/2026
                        06:30 AM
                        07/22/2026
                        Insights and Strategies for Effective Data Privacy and Protection
                        https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
                      • 07/22/2026
                        01:00 PM
                        07/22/2026
                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                        https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
                      • 07/28/2026
                        01:00 PM
                        07/28/2026
                        Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                        https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
                      • 07/29/2026
                        04:00 AM
                        07/29/2026
                        Real-Time Strategies for Safeguarding Against Prompt Injections
                        https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
                      • 07/29/2026
                        01:00 PM
                        07/29/2026
                        Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                        https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
                      • 08/19/2026
                        12:00 PM
                        08/19/2026
                        Becoming Agent Ready: Insights from Cyera's Expertise
                        https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
                      • 09/02/2026
                        12:00 PM
                        09/02/2026
                        Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                        https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
                      • 09/30/2026
                        04:00 AM
                        09/30/2026
                        AI Command Center: Optimizing Visibility and Control in Your Operations
                        https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/
                      Truth in IT
                      • Sponsor
                      • About Us
                      • Terms of Service
                      • Privacy Policy
                      • Contact Us
                      • Preference Management
                      Desktop version
                      Standard version