BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Comparing Active Directory Auditing Solutions? Here are 7 Things You Can’t Afford to Overlook

Posted May 15, 2014    Gail Ferreira

If you’re responsible for your organization’s Active Directory environment, you probably know how time-consuming it can be to audit and recover AD changes. Maybe there was a particular incident where manually tracking down an errant change and putting things back in order involved too much blood, sweat and tears – or maybe you’ve simply spent too much time locating problem changes in reports from your current auditing solution.

Auditing-blog-pencilReady to make your life easier? Here are seven things to look for when evaluating solutions for Active Directory auditing and recovery:

  1. Real-time auditing and alerting
    Many Active Directory auditing solutions still rely on native event logs, forcing you to manage system access control lists (SACLs). On the other hand, real-time auditing solutions can gather and centralize “who, what, when and where” information as changes happen. Combined with alerting features, this allows you to immediately act on abnormal changes before they cause security risks or jeopardize compliance.
  2. Continuous backup capabilities
    One of the biggest benefits an Active Directory auditing solution can offer is the ability to quickly recover from changes made at any point in time. Rather than relying on scheduled backups, look for a continuous backup capability that will provide you with a granular level of control to roll back specific changes to minimize the impact of a recovery.
  3. Efficient recovery and rollback
    Traditionally, recovering a former state would require searching for “before” and “after” properties, and then manually reverting things – a process that can eat hours. If you can’t efficiently recover and rollback unwanted changes to Active Directory, you’ll waste time on top of an emergency. Efficient change recovery and rollback allows you to reverse changes or deletions with one click and as little downtime as possible.
  4. Ability to audit several objects or attributes by default
    When time is money, efficient auditing and data collection is a priority. Your Active Directory auditing solution should be able to audit several objects or attributes by default, without requiring additional, manual auditing.
  5. Reporting designed for communication and compliance
    An Active Directory Auditing solution is only as good as the information you get out of it. While it should provide the technical information needed for IT to understand and act on AD events, it should also provide information in plain language that can be comprehended by management, compliance officers, and other stakeholders.
  6. Central management console
    You’ve got far too much going on to need to monitor and review separate modules for auditing, recovery, protection, and reporting. A single management console for your Active Directory activity allows you to analyze and control your AD environment from a single location, enabling you to be as efficient as possible.
  7. Efficient storage options
    An ideal Active Directory auditing solution has low event storage requirements, combined with the ability to easily access large amounts without slowing performance.

You know the cost of a service disruption, and you know the stress of that service disruption being caused by an elusive and obscure Active Directory change. When the time comes to choose an auditing solution, go for the one that provides visibility, granularity and control you need to keep your AD environment operating securely and efficiently. This checklist will help you ask the right questions when looking for an Active Directory auditing solution.

> Learn about BeyondTrust’s solutions for Active Directory Auditing and Recovery
> Download a PDF overview of our Active Directory Auditing and Recovery solutions

Tags:
, , , , , , ,

Leave a Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,