Every IT team inherits technical debt—aging systems, risky protocols, and legacy processes that quietly accumulate until they become tomorrow’s incident. Nowhere is this more visible than in Active Directory (AD), where service accounts have multiplied across environments without clear ownership, password visibility, or lifecycle governance. Add in lingering NTLM authentications, shadow accounts, and stale credentials, and you’ve got an attacker’s roadmap hiding in plain sight.
The urgency is real. Windows 10 is approaching end-of-support, compliance obligations are tightening, and legacy platforms need modern controls—while cloud expansion keeps stretching the identity attack surface. Traditional tools often miss what blends in as “normal” AD behavior, leaving gaps that enable lateral movement and privilege abuse across on-prem and cloud.
This Real Training for Free session shows how to treat AD tech debt as a strategic security project: discover what you don’t know, fix what you can’t see, extend MFA and access policies to places they’ve never reached, and put guardrails around privileged and non-human identities before they’re weaponized.
Up first, 4-time Microsoft MVP Nick Cavalancia takes my seat, as he covers:
- The harsh reality of the presence of AD tech debt
- The resulting hybrid identity-driven risk delima
- Mapping your tech debt to MITRE
- Where “commodity” controls help—and where they don’t
Up next, special guest speaker Steve Rennick – IAM Architect from Ciena (sponsored by Silverfort) joins us to bring a practitioner’s view of turning AD tech debt into a security modernization roadmap. Steve’s topics will include:
- From Tech Debt to Risk Register
- Real-world risks behind NTLM, PrintNightmare fallout, misaligned authentications, and privilege creep
- How unmanaged service accounts, stale credentials, and shadow identities enable lateral movement
- Finding and Fixing What You Can’t See
- Discovering unmanaged privileged and service accounts (and establishing clear ownership)
- Determining which accounts are actually in use—and safely deprecating the rest
- Extending Modern Controls to Legacy Paths
- Enforcing adaptive MFA and access policies on protocols and systems that historically couldn’t support them
- Segmenting identities, restricting account access, and cleaning up NTLM usage
- Modernizing for Hybrid Reality
- How hybrid lateral movement works across on-prem AD and cloud identities—and the steps to shut it down
- A sequenced plan to reduce exposure while keeping business operations smooth
We’ll also welcome Dor Segal, one of Silverfort's lead researchers, who's uncovered several NTLM and Active Directory vulnerabilities. In his demo, Dor will take you through how to surface NTLM authentication and how to craft scalable policies to eliminate it.
Join us to stop hauling yesterday’s tech debt into tomorrow’s security strategy—and start using it as a catalyst to modernize, strengthen, and future-proof your Active Directory.
This Real Training for Free session will be loaded with practical real-world application to your cybersecurity strategy and execution.