BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Comparing Active Directory Auditing Solutions? Here are 7 Things You Can’t Afford to Overlook

Posted May 15, 2014    Gail Ferreira

If you’re responsible for your organization’s Active Directory environment, you probably know how time-consuming it can be to audit and recover AD changes. Maybe there was a particular incident where manually tracking down an errant change and putting things back in order involved too much blood, sweat and tears – or maybe you’ve simply spent too much time locating problem changes in reports from your current auditing solution.

Auditing-blog-pencilReady to make your life easier? Here are seven things to look for when evaluating solutions for Active Directory auditing and recovery:

  1. Real-time auditing and alerting
    Many Active Directory auditing solutions still rely on native event logs, forcing you to manage system access control lists (SACLs). On the other hand, real-time auditing solutions can gather and centralize “who, what, when and where” information as changes happen. Combined with alerting features, this allows you to immediately act on abnormal changes before they cause security risks or jeopardize compliance.
  2. Continuous backup capabilities
    One of the biggest benefits an Active Directory auditing solution can offer is the ability to quickly recover from changes made at any point in time. Rather than relying on scheduled backups, look for a continuous backup capability that will provide you with a granular level of control to roll back specific changes to minimize the impact of a recovery.
  3. Efficient recovery and rollback
    Traditionally, recovering a former state would require searching for “before” and “after” properties, and then manually reverting things – a process that can eat hours. If you can’t efficiently recover and rollback unwanted changes to Active Directory, you’ll waste time on top of an emergency. Efficient change recovery and rollback allows you to reverse changes or deletions with one click and as little downtime as possible.
  4. Ability to audit several objects or attributes by default
    When time is money, efficient auditing and data collection is a priority. Your Active Directory auditing solution should be able to audit several objects or attributes by default, without requiring additional, manual auditing.
  5. Reporting designed for communication and compliance
    An Active Directory Auditing solution is only as good as the information you get out of it. While it should provide the technical information needed for IT to understand and act on AD events, it should also provide information in plain language that can be comprehended by management, compliance officers, and other stakeholders.
  6. Central management console
    You’ve got far too much going on to need to monitor and review separate modules for auditing, recovery, protection, and reporting. A single management console for your Active Directory activity allows you to analyze and control your AD environment from a single location, enabling you to be as efficient as possible.
  7. Efficient storage options
    An ideal Active Directory auditing solution has low event storage requirements, combined with the ability to easily access large amounts without slowing performance.

You know the cost of a service disruption, and you know the stress of that service disruption being caused by an elusive and obscure Active Directory change. When the time comes to choose an auditing solution, go for the one that provides visibility, granularity and control you need to keep your AD environment operating securely and efficiently. This checklist will help you ask the right questions when looking for an Active Directory auditing solution.

> Learn about BeyondTrust’s solutions for Active Directory Auditing and Recovery
> Download a PDF overview of our Active Directory Auditing and Recovery solutions

Tags:
, , , , , ,

Leave a Reply

Additional articles

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,
PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,