Once attackers get in, the real work begins—and it’s almost always identity-driven. Modern intrusions rely less on noisy malware and more on abusing legitimate credentials, trusted relationships, and native protocols that security teams must allow to keep the business running. When coverage is uneven across Active Directory, cloud identity providers, non-human identities, and emerging AI agents, adversaries can quietly pivot, escalate privileges, and expand their foothold while “looking” like normal authentication traffic.
In this Real Training for Free session, we’ll take a deep technical look at how adversaries exploit identity gaps after the breach and then show how identity security controls can be applied inline and at runtime to detect, contain, and stop identity-driven attacks without endpoint agents or application changes. We’ll also address AI agents as a first-class identity type, requiring the same visibility, governance, and runtime enforcement as human and machine identities.
Up first, 4-time Microsoft MVP Nick Cavalancia takes my seat and set the stage, as he discusses:
- The evolution of identity as the new perimeter—and why lateral movement is the “real breach”
- Where commodity controls help (IAM/PAM/MFA)—and where enforcement gaps still persist – especially when it comes to AI
- How hybrid identity sprawl (AD + cloud + SaaS + NHIs) changes attacker economics
- What security teams should be measuring to understand identity exposure and movement risk
Up next, we’ll hear from Roy Akerman, VP of Identity Security Strategy at Silverfort.
Roy will lead both the technical walkthrough and the case study analysis, tying attacker behavior directly to defensive identity controls. Topics will include:
- How Attackers Move Laterally Through Identity After Initial Access
- How legitimate credentials and native protocols are used to blend in
- Common post-compromise paths across AD, cloud identity providers, and service accounts
- Case Study: A Real-World Intrusion Involving Scattered Spider (Octo Tempest)
- Help desk social engineering and impersonation
- Credential theft and MFA reset abuse
- Privileged access abuse and PAM bypass attempts
- Lateral movement using RDP, PowerShell, SMB, and NTLM
- Identity-Oriented Threat Protection and Incident Response Playbook
- Rapid authentication telemetry analysis across AD and cloud IdPs
- Detecting and disrupting live lateral movement attempts
- Inline runtime enforcement to contain compromised identities
- Securing privileged access and preventing PAM bypass
- Preserving business continuity while containing the threat
By the end of this session, attendees will walk away with a technical, actionable understanding of what happens after initial access—and a clear strategy for preventing attackers from expanding a foothold into full environment compromise.
Join us to learn how to stop lateral movement in real time by turning identity into a control plane defenders can actually enforce—from Active Directory all the way to AI.
This Real Training for Free Session will be full of real-world practical application.