BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Comparing Active Directory Auditing Solutions? Here are 7 Things You Can’t Afford to Overlook

Posted May 15, 2014    Gail Ferreira

If you’re responsible for your organization’s Active Directory environment, you probably know how time-consuming it can be to audit and recover AD changes. Maybe there was a particular incident where manually tracking down an errant change and putting things back in order involved too much blood, sweat and tears – or maybe you’ve simply spent too much time locating problem changes in reports from your current auditing solution.

Auditing-blog-pencilReady to make your life easier? Here are seven things to look for when evaluating solutions for Active Directory auditing and recovery:

  1. Real-time auditing and alerting
    Many Active Directory auditing solutions still rely on native event logs, forcing you to manage system access control lists (SACLs). On the other hand, real-time auditing solutions can gather and centralize “who, what, when and where” information as changes happen. Combined with alerting features, this allows you to immediately act on abnormal changes before they cause security risks or jeopardize compliance.
  2. Continuous backup capabilities
    One of the biggest benefits an Active Directory auditing solution can offer is the ability to quickly recover from changes made at any point in time. Rather than relying on scheduled backups, look for a continuous backup capability that will provide you with a granular level of control to roll back specific changes to minimize the impact of a recovery.
  3. Efficient recovery and rollback
    Traditionally, recovering a former state would require searching for “before” and “after” properties, and then manually reverting things – a process that can eat hours. If you can’t efficiently recover and rollback unwanted changes to Active Directory, you’ll waste time on top of an emergency. Efficient change recovery and rollback allows you to reverse changes or deletions with one click and as little downtime as possible.
  4. Ability to audit several objects or attributes by default
    When time is money, efficient auditing and data collection is a priority. Your Active Directory auditing solution should be able to audit several objects or attributes by default, without requiring additional, manual auditing.
  5. Reporting designed for communication and compliance
    An Active Directory Auditing solution is only as good as the information you get out of it. While it should provide the technical information needed for IT to understand and act on AD events, it should also provide information in plain language that can be comprehended by management, compliance officers, and other stakeholders.
  6. Central management console
    You’ve got far too much going on to need to monitor and review separate modules for auditing, recovery, protection, and reporting. A single management console for your Active Directory activity allows you to analyze and control your AD environment from a single location, enabling you to be as efficient as possible.
  7. Efficient storage options
    An ideal Active Directory auditing solution has low event storage requirements, combined with the ability to easily access large amounts without slowing performance.

You know the cost of a service disruption, and you know the stress of that service disruption being caused by an elusive and obscure Active Directory change. When the time comes to choose an auditing solution, go for the one that provides visibility, granularity and control you need to keep your AD environment operating securely and efficiently. This checklist will help you ask the right questions when looking for an Active Directory auditing solution.

> Learn about BeyondTrust’s solutions for Active Directory Auditing and Recovery
> Download a PDF overview of our Active Directory Auditing and Recovery solutions

Tags:
, , , , , ,

Leave a Reply

Additional articles

red-thumbprint

Why big data breaches won’t always be so easy

Posted September 19, 2014    Byron Acohido

This blog post is republished with the permission of ThirdCertainty. See the original post here. – By: Byron Acohido, Editor-In-Chief, ThirdCertainty Some day, perhaps fairly soon, it will be much more difficult for data thieves to pull off capers like the headline-grabbing hacks of Home Depot and Target. That’s not a pipe dream. It’s the projected outcome…

Tags:
, , , , ,
pbps-blog2

8 Reasons Your Privileged Password Management Solution Will Fail

Posted September 18, 2014    Chris Burd

Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organization. But if passwords are such a no-brainer, why do two out of three data breaches tie back to poor password management? The fact is that not all privileged password management strategies are created equal, so it’s critical…

Tags:
, , , , , ,
pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,