Strengthening Identity Management System Defense at Global Telecom Altice Portugal

Speakers: Jose Alegria, Chief Security Officer of Altice Portugal; Pedro Inacio, Head of Cyber Security and Privacy of Altice Portugal Altice Portugal is the fifth largest company in Portugal, and the number one operator. We have, around 50 percent of market share in the telecommunication sector. We have around 20,000 people working for us, which is quite important for the size of Active Directory because all of them have an account. Active Directory is very important because we are using that as the main ecosystem for authentication. We don’t have properly a product, like Okta or Ping Identity, to provide authentication to the users. We understood that we had a lot of gaps because Altice Portugal is the result of a lot of merge and acquisitions, different companies, different Active Directory ecosystems, with different levels of maturity, and our challenge is to put all of them in the same level. My concern is not being attacked because we have attacks every day. My concern is that one of those attacks becomes catastrophic. But it’s important for a CISO to understand what type of attacks. For an operator, the number one is ransomware, which behind it, typically someone stole credentials to enable the attack. The second level is espionage. So attack the operator to reach one of our workers. Third is fraud. Fraud in terms of the telecommunication service. But the most important one the one that makes me lose my sleep at night is ransomware or wipeware, whichever works. And that’s the reason you must make sure your critical infrastructures like Active Directory are completely secure and resilient. We made a decision to invest in a technology that, number one, will speed up the recovery. Number two, we’ll have the functionality to detect anomalous behavior. But the number one dimension was recoverability. The reason we moved to Semperis is that the ADFR module of Semperis guaranteed me that the backup is segregated from the normal backup ecosystem. And then I can recover from the backups from Semperis directly in a couple of hours. Our main concerns were to deal with the huge number of events that the Microsoft Active Directory ecosystem produces. It was quite difficult to plan use cases to detect some kind of attacks or potentially dangerous situations. DSP was the right tool, for us because it’s simplifies a lot the work of our technical guys, and it is always working and producing the information that we need. DSP is a very simple and seamless technology. It helps our team to understand what is going on. It helps to understand misconfigurations. It helps to comply with best practices that we need to apply in our Active Directory ecosystems. In the case of the Semperis solution, we have the DSP module integrated with our cybersecurity operation center so that an anomalous behavior is automatically pinpointed to the analysts so that they can counter-respond. And finally, perhaps most importantly for our discussion in terms of the Active Directory resilience is recoverability. And that was the main reason we acquired Semperis, the ADFR module, to make sure that our recoverability of the Active Directory is segregated from the normal backups, and we can guarantee that we recover the Active Directory in far faster time than before.