Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Beyond Backup: Identity Resilience for the Modern Enterprise

  • Wed, Apr 22, 2026
  • 1:00PM - 2:00PM EDT
  • English
  • Matt Bromiley
  • Industry Research Presentation
Login to register
Webcast Hero

Thank You To Our Sponsor

Identity compromise now drives 80% of cyber intrusions—making it the primary attack vector in modern cybersecurity. When Active Directory fails, entire business operations halt: employees can't authenticate, applications fail, and critical services go dark. Yet traditional approaches create dangerous gaps: monitoring that relies on logs attackers can clear, recovery processes requiring 22+ error-prone manual steps, and visibility blind spots across non-human identities like service accounts and OAuth tokens.

In this webcast, SANS Analyst Matt Bromiley shares findings from his comprehensive evaluation of Rubrik Identity Resilience—a platform combining proactive identity protection and rapid recovery across Active Directory, Entra ID, and Okta. Matt will examine how modern identity resilience solutions address critical gaps that legacy approaches miss, including tamper-resistant monitoring that attackers can't disable and surgical rollback capabilities that preserve business operations while reverting malicious changes.

What You Will Learn

  • Why identity has become "ground zero" for modern attacks—and how 90% of attacks on critical infrastructure now begin with identity compromise rather than network perimeter breaches
  • The multi-IdP challenge organizations face today: why protecting only Active Directory leaves Entra ID and Okta-based SaaS applications exposed, and what unified recovery across multiple identity providers looks like in practice
  • How surgical rollback changes the game: selectively reverting attacker modifications (GPO changes, group memberships, privilege escalations) while preserving legitimate business changes made during the compromise
  • The tamper-resistant monitoring advantage: why traditional tools that depend on Windows event logs fail when attackers clear those logs, and how independent monitoring with immutable event data provides more reliable threat detection
  • Reducing recovery from days to hours: how modern orchestration transforms the 22-step AD forest recovery process into streamlined workflows with clean room testing before production deployment
  • The non-human identity blind spot: discovering and securing the service accounts, API keys, and OAuth tokens that outnumber human identities and drive increasingly sophisticated supply chain attacks

Meet Your Speaker

Matt Bromiley
Matt Bromiley

Matt Bromiley

Security R&D

Matt Bromiley is a Lead Solutions Engineer at LimaCharlie and SANS Certified Instructor. He serves as a GIAC Advisory Board member, a SME for the SANS Security Awareness, and a technical writer for the SANS Analyst Program.

Read more about Matt Bromiley