BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Comparing Active Directory Auditing Solutions? Here are 7 Things You Can’t Afford to Overlook

Posted May 15, 2014    Gail Ferreira

If you’re responsible for your organization’s Active Directory environment, you probably know how time-consuming it can be to audit and recover AD changes. Maybe there was a particular incident where manually tracking down an errant change and putting things back in order involved too much blood, sweat and tears – or maybe you’ve simply spent too much time locating problem changes in reports from your current auditing solution.

Auditing-blog-pencilReady to make your life easier? Here are seven things to look for when evaluating solutions for Active Directory auditing and recovery:

  1. Real-time auditing and alerting
    Many Active Directory auditing solutions still rely on native event logs, forcing you to manage system access control lists (SACLs). On the other hand, real-time auditing solutions can gather and centralize “who, what, when and where” information as changes happen. Combined with alerting features, this allows you to immediately act on abnormal changes before they cause security risks or jeopardize compliance.
  2. Continuous backup capabilities
    One of the biggest benefits an Active Directory auditing solution can offer is the ability to quickly recover from changes made at any point in time. Rather than relying on scheduled backups, look for a continuous backup capability that will provide you with a granular level of control to roll back specific changes to minimize the impact of a recovery.
  3. Efficient recovery and rollback
    Traditionally, recovering a former state would require searching for “before” and “after” properties, and then manually reverting things – a process that can eat hours. If you can’t efficiently recover and rollback unwanted changes to Active Directory, you’ll waste time on top of an emergency. Efficient change recovery and rollback allows you to reverse changes or deletions with one click and as little downtime as possible.
  4. Ability to audit several objects or attributes by default
    When time is money, efficient auditing and data collection is a priority. Your Active Directory auditing solution should be able to audit several objects or attributes by default, without requiring additional, manual auditing.
  5. Reporting designed for communication and compliance
    An Active Directory Auditing solution is only as good as the information you get out of it. While it should provide the technical information needed for IT to understand and act on AD events, it should also provide information in plain language that can be comprehended by management, compliance officers, and other stakeholders.
  6. Central management console
    You’ve got far too much going on to need to monitor and review separate modules for auditing, recovery, protection, and reporting. A single management console for your Active Directory activity allows you to analyze and control your AD environment from a single location, enabling you to be as efficient as possible.
  7. Efficient storage options
    An ideal Active Directory auditing solution has low event storage requirements, combined with the ability to easily access large amounts without slowing performance.

You know the cost of a service disruption, and you know the stress of that service disruption being caused by an elusive and obscure Active Directory change. When the time comes to choose an auditing solution, go for the one that provides visibility, granularity and control you need to keep your AD environment operating securely and efficiently. This checklist will help you ask the right questions when looking for an Active Directory auditing solution.

> Learn about BeyondTrust’s solutions for Active Directory Auditing and Recovery
> Download a PDF overview of our Active Directory Auditing and Recovery solutions

Tags:
, , , , , , ,

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,