Continuidade do negócio e recuperação do sistema de identidade

Hi, everyone. My name is Annie with RedmondMag, and I’d like to thank you all for joining us. The topic of today’s webcast is Business Continuity and Identity System Recovery sponsored by Semperis. Before we begin, I’d like to cover a few housekeeping details. We will have a Q and A session at the end of the event, so please ask any questions you may have in the Q and A box on your console. And Semperis has provided some resources, which correspond with today’s event, so please take a moment to check those out as well. And today’s webcast is being recorded, so keep an eye out for a link in your email to rewatch the presentation or share with a colleague. And now I’d like to introduce you to our speaker. Today, we have the pleasure of hearing from James Ravenell, Senior Solutions Architect at Semperis. So we are in for a great event. And with that, I’ll pass the time over to James to get us started. Thank you. Thank you. Thank you. I appreciate all of you joining today. I hope that you’re having a good afternoon and good morning. I’m really excited today about leading this discussion on business continuity and identity system recovery, because I am personally, really invested in helping to empower organizations and institutions to both prevent and also recover from identity cyber events, cyber attacks and ransomware attacks. So we’re gonna talk about a couple of, I’m gonna discuss a couple of stories that you probably have heard of, in this space and talk to you more about some details and ways that you can craft your own disaster recovery plan in the event, that you or your institution does get attacked. So thanks for going on this journey with me, and we’re gonna get going. So the first thing is, I like numbers. I always like to say to people, you know, what does the math say? And when we look at this slide, we’re talking about by the numbers, the cost of cyber attacks. Now, I pulled in an older slide here. You can tell it’s old, I have a little bit of a typo at the end of my major number up there. But I wanted to just show you that this amount, which should be reading as eight trillion dollars is the predicted cost, well was at the time, the predicted cost of cybercrime to the world in 2023. It doesn’t require you to have some very sophisticated calculator to see that anything that could be costing two hundred and fifty five thousand dollars per second is really expensive. And you see the note there at the bottom that if cybercrime were a country, it would be the third largest economy in the world after the United States and China. So that means that this is a significant impact on the world around us. We often hear in the news about these different types of events. And sometimes they’re small and sometimes they’re, much larger. And usually the larger ones, you hear about them and you’re like, wow. I can’t believe they’re gonna pay that ransom. I can’t believe they were attacked. I can’t believe they lost this much money because of this attack. In many cases, you don’t hear about these attacks. And those also get added to this value. One of the more, I’d say, nefarious attacks was on a company called Maersk. That’s M A E R S K. Sometimes if you’re driving on a highway or near open ports, you may see a giant Maersk sign. They’re a large shipping company. And back in 2017, they were impacted by a cyber attack that was not even directed at them. They were actually collateral damage to an attack on Ukraine, which was a state sponsored attack, and it ended up impacting Maersk and many other large companies. The attack, once it commenced, it took seven minutes for it to proliferate through Maersk’s entire network. Thousands of endpoints, all of their Active Directory domain controllers, all of their servers, their laptops, it was very significant for them to the point they thought that their entire network had been completely wiped out. And I wanna say that the, just again, to talk about the number, this is approximately fifty five thousand devices that became unusable in a very short amount of time. Seven minutes is very significant. The time that it took for them to even start communicating with each other took a lot of time because when your systems are down and you are a data dependent industry company, well, how do you make a phone call if you’re using something like voice over IP for instance? Or even nowadays, Teams or, you know, your email is down, it’s inaccessible. All of the applications and systems and services that rely on your network being unavailable may also make it very difficult for you to call someone. Think about this, when was the last time you memorized someone important to you? When was the last time you memorized their telephone number? And think about this as being a large organization, and now you’re having to call around to your company to find out if we’re completely down. This was the situation with Maersk. It took them about eleven days to get their Active Directory back online. And it took eleven days and also it took an infinite amount of luck, literally that they had one domain controller. And this is, when I first heard this story, that I was, I thought it was a joke. I thought that it’s just someone making a fantasy out of this story. They were romanticizing it. But they found that during this outage that had essentially wiped out their entire network, you know, there were some small machine there were some instances where they had some devices that weren’t impacted. But as far as their Active Directory environment, they had a hundred and forty seven domain controllers worldwide. One had been offline at the time due to a power failure at that specific site. This was in Accra, Ghana. And once they made contact with the IT team there, they said, Hey, can you check and see if it’s still up and running? It was. And you know, this makes for a story of legend because they wanted to take the admin, have him take those drives out of that device and then fly him to the UK to reseed their entire environment. This person didn’t have a visa to get to the UK. And so he had to drive to Lagos, Nigeria. And then from there, that person, met him, took the drives and they flew him to the UK in order for him to get those drives there. That’s just part of the story because now they still had to rebuild their entire environment. And that takes a lot of time. And so part of the moral of the story with them, and it’s a fascinating case to read up on for your own environment in your own organization. But one of the morals is even if you are not the direct target, you could end up being collateral damage. In this case, Maersk wasn’t the target. They had a software that was an accounting software that many other companies across the world used for tax updates, tax rules. That state actor that state sponsored attack actually infected the update server that they were getting those rules from. And that is, the application I believe is called, Emidoc or Medoc, I’m not sure of the pronunciation. But, that caused them to proliferate once they infected it across the globe for anybody that was using that application that got a standard update. Something that if you were, just like if you were updating your virus signatures, something that is very common, a very common activity is what caused them to be taken out of service. So you may be wondering, well, is my company a target? Well, they may or may not be a target, but it doesn’t mean that you should not be prepared. We’re getting to a point where, the inevitability of your systems being breached is almost one hundred percent. Ninety three percent, as you can see, of ransomware is Windows based. And also, as you see here, ninety percent of Fortune one thousand companies use Active Directory hospitals, state and local governments, federal governments. So many organizations use Active Directory in their environment, and it is one of the most attacked, identity systems in the world, as you can see here. So what does this mean for you, right? Because, these attacks, they’re these ransomware attacks, they’re highly coordinated. They’re strategically timed. There are times where they may have breached your organization and be embedded for days, for weeks, for months. I haven’t heard about years, but I would not be surprised if there are instances where someone is in your environment doing intel for an extensive period of time. So it’s time for us to get to a point where we no longer think that it’s a thing that cannot happen to us. We must expect it. It’s time to expand what we call the assume breach mindset, and that you must be ready for either one or multiple attempts and successes of your institution or company being breached. You see the stats here, that seventy four percent of the organizations that were attacked were targeted more than one time, And that’s pretty significant. A lot of times there are companies who will pay a ransom and they’re like, great, I paid this ransom and, you know, I got my system back, so, you know, they’re not gonna do it again. But there are so many things that go into that statement. It’s possible that you won’t be breached again, but it doesn’t mean that you will not be attacked again. And so it’s very important for you along the way that you learn from the lesson if you have ever been breached or before you’re breached, do what you can to build out a plan to prevent you from being breached if possible, but then to recover your infrastructure and your most critical systems that lend to the success or failure of your company and also your brand. We look at, the perimeter differently now. So what does this mean? Well, we used to look at physical security as being our perimeter. When you when you’re home, right, you think of your front door, your back door being secured, your basement or your your garage. That’s how you secure your home. You set up cameras and you do things that are required for you to protect your home. In your industry, in your business, your companies, your institution, you may be doing something like, I’m sorry. You may be doing something where you’re protecting your assets in the old way. You have your workstations. You have your phone system, everything is behind the doors of the company. And that has changed. We have a new security perimeter, and that’s called identity. Here, you know, we say that cyber attacks, they start with the compromise of your identity system. And in many of your cases, especially if you’re on this call, you’re probably using, Active Directory. That is very typical. And if you’re using Active Directory, that is your identity system. And you may feel that you have all of the resilience, but keep in mind, Active Directory is very old. Many of the people who are managing, in operations and architecture for Active Directory, many of the people who created it are no longer there, and the people who are there now have inherited it. So I talked a little while ago about the time that someone, a bad actor, could be inside of, may have breached you. And that’s just the first stage. The second stage of that is when they act on that breach and they do something like encrypt your environment and encrypt your hard drives, you know, exfiltrate the information that is inside of, like, your Active Directory database, which is essentially like the keys to your kingdom. And, you know, nowadays, these attackers, they’re so sophisticated. I was just reading a story the other day about this AI voice that was being used to sound very familiar to a person that was, to an end user, and actually tricked them into getting you know, this through social engineering. They actually tricked them into getting their login. So attackers don’t necessarily have to break in anymore. Sometimes they just log in because they’ve done phishing. They’ve done, all of the again, all of these different and, successful but very skilled techniques to get the information that they want from you. So I talked about that perimeter. And, the old perimeter being like the on-site users, endpoints, servers, and the apps that, you know, they probably ran on some servers that were in your building or in your your network of buildings. That old perimeter is gone. What do we have now? We have hybrid working, hybrid cloud, enterprise applications, mobile devices, and cloud applications, and remote, remote, remote, remote. That is the new world that we live in. And what a lot of our organizations did during COVID, which rapidly accelerated the adoption of our new modern workplace, is that projects like, you know, adding MFA and creating VDI to support that workplace were now set up, but even those come with their own subset of, vulnerabilities. So you still have to understand that there’s risk and that new risk typically starts with your new perimeter, which is identity. Again, Active Directory is being used by ninety percent of the organizations, ninety percent of organizations. And the breaches, like eighty percent of those breaches that happen include some form of credential abuse. That’s just the facts of it, folks. Like, if I can get the keys to your kingdom, then I don’t have to be nice about when I’m going to attack you. I could just kinda sit and watch and see what’s happening. And this is what bad actors do. And we hear often, well, I’m in the cloud, so I’m protected. Yes. But in hybrid environments, you’re likely still sending what you have on your on prem up to the cloud. So you also may be, you know, copying some of those misconfigurations and those delegations that have been sitting out there forever that are not actually needed. They’re just misconfigurations. And sometimes we don’t wanna I remember as a AD ops engineer that I didn’t necessarily wanna touch something that was already in place because it was working. But those types of, misconfigurations in Active Directory or delegations of access could have been there, you know, grandfathered for ten, fifteen years before I got to that company. And we have to find ways of mitigating that. And if, again, we are somehow breached, how do we respond and recover from it? So this report is the Five Eyes, AD security report. And Five Eyes, just so you know, is a group of countries, countries and entities, US, UK, Canada, Australia, and New Zealand. And they come together to kind of share their intelligence, security intelligence, around what is happening in their respective countries, respective environments. And some of the key points that I want you to pay attention to here is that they said security isn’t optional. It’s essential. Securing AD rather isn’t optional. It’s essential. It’s not enough to just say, hey. I have, you know, I have XDR. I’m securing my endpoints. That’s great. But securing your endpoints is not going to help you to recover your identity, which is Active Directory, in the event that it becomes compromised. You know, the persistence is hard to detect. Attackers getting into your system, like I told you, they can dwell in there for a very long time. You’re if you’ve been breached and you have not detected it because you don’t have the right tools available and the right people to be monitoring those tools and the right skill set of those people to monitor those tools, you may go for a long time being breached and having no clue. So these things are important that you start giving your attention to them if you haven’t in the past. These the complexity of relationships, like, these hidden relationships in Active Directory, we have a product called, Forest Druid, and that helps to, look at your tier zero, which is, again, your like, your identity is kinda like the new tier zero. This is where if they breach it, they get the keys to your kingdom. So Forest Druid will look and say, hey. How is someone gaining access to my most privileged accounts? Those keys to the kingdom. How from maybe someone’s workstation in HR or someone’s workstation out in a factory, how can they get a path to owning my domain controllers? Those types of hidden relationships, you can use tools to assess that and help you to mitigate it. And our Forest Druid, you’ll see it later on in another slide, but our Forest Druid is one of the things that are are able to help you with that. And then recovery is very expensive, especially if you’re not prepared. If you had to pay a ransom of upwards of millions of dollars, five, ten, some I heard, I think in the last couple of weeks, I’ve heard people paying ransoms of over twenty five million dollars I promise you, if you were using Semperis tools, of course, depending on your scale. But I haven’t heard of us charging any customer twenty five million dollars yet in order to provide to security tools, the security and recovery tools that we have as offerings. So if you are prepared, recovery is less costly than the disruption of your enterprise systems, the disruption of your identity, the disruption in impact on your brand. Because we don’t always think about the business side, especially if you’re a technical person on this call, but your brand can be severely impacted if you are breached and it causes things like people’s personal identifiable information becoming public on the dark web, for instance. So you have to think about those things when you’re considering what your, disaster recovery plan, your identity services recovery plan is going to be. And just one last thing on here. Zero trust relies on identity. In most of your cases, that’s gonna be Active Directory. So how do you know that you can trust your AD if it may or may not have been breached and you have no visibility into that? So these are things that I want you to be thinking about, because I see some of the questions in the chat, and I’m gonna get to them later, but I just want you to think about that when you’re considering what to do. Planning ahead of time makes a huge difference on how disruptive or how costly a breach can be. So, you know, you could be starting your day as a good day going bad. You come into work and you’re in operations and, you know, maybe you’re on this call and you’re, you know, a local admin and your end users are saying, hey, we can’t log on, what’s going on? And initially, you may think nothing of it or your good day has gone really bad and you realize that you have been breached. And, you know, in a case like this, yes, this could be your end point, but this could also be your, your domain controller. This could be, you know, your file server. It it could be anything. And you’d want, especially for your identity, that if you saw this, that you were quickly able to recover from it. This is an example now that, hey the AD ops team is like, hey. We well, we do see something’s going on here, and I don’t know how well you can see this. It might be a little tiny on screen, but they’re getting some replication errors, which means that some of their domain controllers are probably offline. And the the fear is that more of this is going to happen. So what happens in as a, like, a direct result of of an attack? You know? You you start to ask your questions. Can you actually trust your Active Directory? And you might say, well, of course I can. I have backups. But do you know if your backups are malware free? Because a typical backup is going to let’s say it’s your domain controller. I’m just gonna keep this simple. And a typical domain controller is, you’re gonna back if you’re gonna back that up, that device, you’re probably using either a system state backup or a BMR backup. Right? And that means that, yeah, you’re backing up your Active Directory, but you’re probably also backing up your operating system and probably any malware that has already impacted the system, and that’s problematic for you. You know, in that case, even if you are able to recover, are you sure your AD service can be trusted, because there are things like malware and backdoors, that could be in the OS portion of Active Directory. And there are ways to, you know, to recover from this. But even if you have backups and you said, you know what? I’m gonna go back, you know, three months. The amount of changes that happen in your Active Directory on a daily heck, on an hourly basis, even for very small organizations, the amount of changes that happen really make it difficult for you to start doing recoveries of Active Directory, the service, if you go beyond, like, fourteen days. And of course, your mileage may vary. Right? But the truth of the matter is it gets very daunting to have the older your backup is, the more daunting it is for you to recover from. And, you know, like I said, if you’re using a regular format for backups, yeah, that’s gonna most likely have some type of, malware still on it. So in that case, your AD service just cannot be trusted. This is just I wanna say this is like a high level of what the cyberattack recovery timeline looks like. And I wanna say, like, this dwell time that’s over here, that’s changed. I think when, when I originally did this slide that this was kinda accurate. But as I mentioned to you, these bad actors are becoming more sophisticated. They’re much smarter in the way that they approach, you know, infiltrating your system, finding doing their own reconnaissance. So this dwell time is just not the same. The last when I was doing some research, it’s more like sixteen to about twenty one days nowadays. So you could have someone in your system not be there a very long time and be ready to act, to breach you. That would be something like an encryption event. And it could take you hours just to identify it. And then, you know, if you haven’t already created a plan throughout your own disaster recovery for Active Directory, you know, it could take you hours to start doing a response plan. And then you have to, hopefully you have cyber insurance, you know, you’re gonna have to let them know what’s going on, and maybe they help you or maybe they don’t help you to get, you know, additional forensics, you know, to have you get people to assist you with that. But just keep in mind that there are a lot of steps to get through all of these things. Once you can even start rebuilding some of your primary IT functionality, that still takes a good amount of time. And then you still gotta recover a lot of the data. One to three months is not unheard of in this type of scenario. And, know, I just want you to just really hone in on just how long it takes to just get some primary, a k a, basic IT functionality during that process. And you have to answer this question. How long can you afford to be without your identity system and the systems that rely on it? Now asking this question to some companies, they said, you know, in order to recover to just minimal IT functionality, it took them under six hours or under five hours here. Some said five hours to a day. Some said one to seven days. Some said seven to twelve days. And this is just to get minimum, IT functionality. In the case of Maersk, one of the things, a couple of years after that event, which occurred in 2017, 2019, the CISO and the CTO were interviewed, and one of the things they said was they decided that moving forward, it was unacceptable for any plan of recovery to last more than twenty four hours. I’m paraphrasing what they said, but they expected their systems to be up in twenty four hours in the case that they are breached again. And again, they’re using assume breach mindset now because they had the worst happen to them. And many other companies don’t even have the initial awareness of how important identity is to their environment to even get to the point where they can even answer this initial question of how long it takes, how long you can afford to be without your AD. So I want you to understand that your critical business functions require you to be transparent internally. One of the questions that came in, was how can organizations prioritize identity system recovery during a major disruption or cyber attack? Well, my answer to you is you have to plan. You have to plan and exercise that plan. So it’s not enough to just say, hey, I have documented what I want to do. You actually have to take that and then implement it. But let me show you something here. In the event that you have to do an Active Directory Forest Recovery, Microsoft has its, official process. And for many of us, we call it the boogeyman of AD operations because it is a long, multithreaded process that includes about twenty eight twenty nine steps to just do a rebuild of a minimal AD infrastructure. It recovers it like it says here down to the essence. But in the middle of the night, going back to your question of, you know, what do you do during a major disruption or cyber attack, this is not the time during an attack that you want to go for the first time and look at Microsoft’s ADFR. You’d want to have already have these processes. But I can tell you that even if you do, it’s entirely manual, and I still I have it here that it’s about a hundred fifty pages long. I didn’t even include the ancillary documents that are linked in some of these initial documents. When you print all of that out, it’s literally a book. It’s upon a hundred and seventy five, hundred seventy nine pages. That is substantial that if you are in the middle of a cyber attack, you don’t want to have to be learning how to do this and during that period. And, hopefully, even if you feel like this is something you can do, you would be hard pressed to even have a very experienced AD engineer who’s been doing it for a long time to be able to pull it off successfully for all of those steps multiple times because those steps are typically for one domain controller of one domain. There are many of the steps, including looking to see if you have been breached and how do you do the forensics on that, it is very complex, especially during a company wide outage. So this type of unplanned Active Directory Forest Recovery, that’s what we’re talking about. If you have not already figured out what your plan is, have the tools in place, have the people in place in order for you to successfully recover your forest. Right? So something like this recovery time object, objective, it can take you multiple days, but you really don’t even know. Like you cannot truly assume what the time is to recover if you have not done the work ahead of time. And what does that look like? Again, I talked about the technology. I talked about the process and the people. So what is the technology? In a breach, if you have already planned this, you’re going to know very quickly that you need the right tools. So you probably need to create new VLANs, and you probably need some clean VMs. But what about the other technology? Well, Semperis, we have our Active Directory Forest Recovery product. And if you also had this in your environment, you would be able to recover ninety percent faster than if you were doing an Active Directory Forest Recovery using the Microsoft hundred and fifty plus, hundred seventy five page manual, which is a manual process. Why? Because there’s a couple of things that we do with our product, and one of them is that we separate the service from the server, and we then automate that playbook that Microsoft, has for recovery. We automate that playbook, which allows you to recover a lot faster. And because one of the most important things that we do is that we decouple Active Directory service from the server itself, when you’re doing your, backups, we are not backing up things that are unnecessary, like the operating system, which probably includes the malware that got your forest into trouble in the first place. So your your recovery includes, you know, your identity recovery. Right? So you got your AD back, but is everything accounted for? And this is both in the hybrid, environments for your on prem and your, and your cloud environments, keeping in mind that typically what you’re seeing in the cloud is being replicated from your on prem AD. And things that also have to happen in order to get you back up and running, right, resetting, you know, account privileged account passwords and service accounts and admin accounts and your, you know, Kerberos, ticket granting ticket. Things like that that I’m sure very smart individuals can do, but keep in mind that you have the added pressure of making sure that your business gets back online sooner than later. So you don’t wanna be caught unprepared in that type of instance. When you have planned and you have the right technology, then you can do tabletop exercises when you’re doing your disaster recovery. I can tell you in my past, in many of the, organizations I’ve worked for, we were doing things with our domain controllers and trying to restore them, but we didn’t separate Active Directory service. We didn’t isolate just identity. And you could be restoring a copy of a domain controller that you think is valid only to find out that it doesn’t work or it is compromised because it has misconfigurations that caused you to be in a situation that you were in already. And also, accidents happen. You know, your your domain controller or, you know, many of them being offline, it could just be, an admin fat fingered something. That happens. They maybe someone wrote a script that’s problematic that, you know, deleted something, deleted, an OU or deleted some partition or a bunch of accounts from a partition that it shouldn’t have. And you don’t wanna be in a position that you have to now try to find out some archive that you have or some backup to see if you can get that back. You should be well positioned to quickly get that back online. And, you know, the truth is that if you don’t have any if you don’t have AD in in the instance that you lose access to all of your domain controllers, well, if you lose your Active Directory and your domain controllers, then there is no recovery for you because guarantee that the majority of the systems that you’re using are reliant on Active Directory. Think about your IP phones where you’re using some type of username and login. You may have even you may say, well, you know what? I my team, yeah, we have Windows, but my team uses Linux. Okay. Well, if you’re using Linux, you probably have some LDAP calls to to do your identity access and, and authorization. So guess what that is? That’s typically Active Directory. So Gartner believes so much that this is important that they even created a quadrant called, Identity Threat Detection and Recovery. And this strategy is really if you look at these quotes here, what they’re really saying is, hey. You have to protect your Active Directory. You need to be transparent internally with your company and your planning about the critical systems that you’re using and what is required to get them back online in the event that you need to recover. And have real heart to heart conversations. They will be uncomfortable. They will be awkward. They will make you wanna ring each other’s necks. But what won’t happen is you will not be caught without a plan if you do those things. So it’s very important that and I keep harping on this because planning is a really big part of what is necessary. The problem with AD Forest Recovery right now is what I said. Enumerating all of those steps that I talked about, those twenty eight, twenty nine steps, this is a lot to be trying to figure out in the middle of the night. And trust me, even in a disaster recovery, if you’re trying to do this process manually, this will be a headache for you. And that’s why with Semperis, our Active Directory Forest Recovery product, we automate these tasks. And what you’re gonna see is one of the hardest parts is just for each of your domains is just getting through step number three. And these little clocks that I have next to some of these items, that means that these are timely. Something like waiting for the global catalog to be removed, you know, remediating the malware. And even if you’re good at that, you still have to do things like metadata cleanup, configuring the DNS. Like, this is a lot. And so having a system like our Active Directory Forest Recovery, as I mentioned, we automate the majority of these tasks. And I can tell you that many companies, when we are, deploying this, they’ll say to us, we don’t believe that you can really do it. And then when something takes just a couple of hours to or a couple of minutes in some cases to recover, they are blown away. So this is because of the way that we approach recovering your identity. Again, we separate the service from the server, and that is what allows us to recover so quickly. We also have some community tools that I just wanna point you to. We have a Purple Knight. And this tool is allows you to, without any special privileges, you can do an assessment of your Active Directory. You can do that from a workstation that is connected to your Active Directory, and it will give you a report of what is happening in your environment. And then also our Forest Druid, which is an inside out tier zero attack path. So if you’re sitting at you know, if you wanted to sit at someone’s desk and and run this, this would give you an idea of how an endpoint and an identity on that endpoint can get all the way up to your, to owning your your domain controllers, and those are free tools. So your homework is to think about these things. Do you even have a business continuity and disaster recovery plan? And if you do, does it include Active Directory? Have you tested that recovery? Have you, tested the recovery in the absence of your Active Directory? Because that’s gonna be a fun one for you when you see that most of your systems cannot authenticate, cannot be authorized, and will not work. And can you ensure that it’s malware free? Because with our Active Directory Forest Recovery, we can ensure that your recovery of your identity system is malware free by, quarantining files that may be, executables. So that’s one of the things that we do to help to bridge that gap for you. And you see the rest of these questions. Because if not, you know, the question is, is your CV up to date? Is your resume up to date? These things are important. And so I don’t mean to make any make light of them, but it’s really critical that you pay attention and you really I would hope that you even take a screenshot of this because these are questions that you definitely want to be asking of yourself, of your organization, or your institution. One more thing, and then we’ll be ready for the Q and A. Every year, we have a Hybrid Identity Protection Conference. Hybrid identity, whether it’s your on prem or your cloud, identity solutions. This conference is a great way to come and meet with the brightest minds all over the world who attend this conference. It’s called the you can go to hipconf, h i p c o n f dot com to find out more about it. It’s gonna be a Mardi Gras world in New Orleans this year and hopefully we’ll get to see you there. Thank you so much for taking this trip with me. I hope that you found this valuable, and I am here to answer any of the questions that you might have. Thank you. Let me see in here in the chat. I think I answered a couple of these questions already. So I’m just gonna repeat one or two of them. One was from James, James Lynn. He was asking, how can organizations prioritize identity system recovery during a major disruption or cyber attack? And James, I think, hopefully you heard my answer, and that is that you want to plan for that. You want to plan in this way that I discussed about creating your disaster recovery plan, testing that plan, and seeing what happens if you do that without identity and seeing how it works without and how well it actually does work when you have your identity included. And then your other question was how can a CISO balance security enforcement with fostering a culture of collaboration and trust among employees? Well, that takes some work, right, because in some companies, you’re asking for a culture change. And what I can tell you is that that culture change is uncomfortable for some organizations. But if you are persistent, if you move with kindness and transparency, people are more willing to try to abide by the rules that you’re setting. Make them stake owners in what the company is doing by saying to them, hey, if we are breached because of a phishing scam, this impacts you, but more importantly, it impacts our brand. And if it impacts our brand, it may impact our ability to continue running our business. And if we can’t run our business, then all of us are updating our CVs and resumes. And not as a threat, but just to get them to understand that the actions that they take do matter. I hope that that answers your question, James. I don’t see many other questions here. Let’s see. Why is a dedicated AD backup system necessary is one of the questions that came in. Well, I hope that I answered that during this, during this, webcast. But having having a dedicated, identity system or AD backup system, number one, because of all the things that are reliant on Active Directory, you’d want to get that new perimeter. You’d wanna get that back up and running, that tier zero. You wanna get that up and running so that other applications, the systems that rely on it can also be brought back up. So the sooner you can get identity up, the sooner you can probably get your applications, your phone systems, you know, maybe your your network, appliances. The sooner you can get that up, the sooner you can get, your system up and running. And I think the last question was what about Entra ID? Entra ID I think what the question is asking here is, should you be protecting your Entra ID? What I want to suggest that you do is look at what your responsibility is from Entra. Microsoft is gonna tell you there is a shared responsibility model, and there are some things that they will make sure are online and highly available. And there are things that are your responsibility. And while they will say, Hey, we’re gonna make sure that you know, your maybe identity is up, they may not do things like, backing up the, conditional groups, conditional access that you have available to you. So you have a shared responsibility in what happens in the cloud. And so we also have another product called Disaster Recovery for Entra ID, which is very, similar in its approach to our Semperis Active Directory Forest Recovery for your on prem, our Disaster Recovery Entra Tenant rather, or DRET for short, essentially backs up those things that are critically important to quickly recovering your Entra tenant. So, hey, Annie. Are you still there? Yep. I’m here. Okay. I’m sorry? It looks like we got through all the questions today. Okay. Great. So, thank thank you all. Annie, thank you for hosting Redmond for hosting this. We hope that we will see you at our hip conference. My name is James Ravenell again, and I look forward to servicing you again in the future. Yeah. That was a great presentation, James. Thanks again for being here, and thanks again to Semperis for sponsoring today’s event presented by RedmanMag. Have a great rest of your day, everyone. Thank you.