BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Comparing Active Directory Auditing Solutions? Here are 7 Things You Can’t Afford to Overlook

Posted May 15, 2014    Gail Ferreira

If you’re responsible for your organization’s Active Directory environment, you probably know how time-consuming it can be to audit and recover AD changes. Maybe there was a particular incident where manually tracking down an errant change and putting things back in order involved too much blood, sweat and tears – or maybe you’ve simply spent too much time locating problem changes in reports from your current auditing solution.

Auditing-blog-pencilReady to make your life easier? Here are seven things to look for when evaluating solutions for Active Directory auditing and recovery:

  1. Real-time auditing and alerting
    Many Active Directory auditing solutions still rely on native event logs, forcing you to manage system access control lists (SACLs). On the other hand, real-time auditing solutions can gather and centralize “who, what, when and where” information as changes happen. Combined with alerting features, this allows you to immediately act on abnormal changes before they cause security risks or jeopardize compliance.
  2. Continuous backup capabilities
    One of the biggest benefits an Active Directory auditing solution can offer is the ability to quickly recover from changes made at any point in time. Rather than relying on scheduled backups, look for a continuous backup capability that will provide you with a granular level of control to roll back specific changes to minimize the impact of a recovery.
  3. Efficient recovery and rollback
    Traditionally, recovering a former state would require searching for “before” and “after” properties, and then manually reverting things – a process that can eat hours. If you can’t efficiently recover and rollback unwanted changes to Active Directory, you’ll waste time on top of an emergency. Efficient change recovery and rollback allows you to reverse changes or deletions with one click and as little downtime as possible.
  4. Ability to audit several objects or attributes by default
    When time is money, efficient auditing and data collection is a priority. Your Active Directory auditing solution should be able to audit several objects or attributes by default, without requiring additional, manual auditing.
  5. Reporting designed for communication and compliance
    An Active Directory Auditing solution is only as good as the information you get out of it. While it should provide the technical information needed for IT to understand and act on AD events, it should also provide information in plain language that can be comprehended by management, compliance officers, and other stakeholders.
  6. Central management console
    You’ve got far too much going on to need to monitor and review separate modules for auditing, recovery, protection, and reporting. A single management console for your Active Directory activity allows you to analyze and control your AD environment from a single location, enabling you to be as efficient as possible.
  7. Efficient storage options
    An ideal Active Directory auditing solution has low event storage requirements, combined with the ability to easily access large amounts without slowing performance.

You know the cost of a service disruption, and you know the stress of that service disruption being caused by an elusive and obscure Active Directory change. When the time comes to choose an auditing solution, go for the one that provides visibility, granularity and control you need to keep your AD environment operating securely and efficiently. This checklist will help you ask the right questions when looking for an Active Directory auditing solution.

> Learn about BeyondTrust’s solutions for Active Directory Auditing and Recovery
> Download a PDF overview of our Active Directory Auditing and Recovery solutions

Tags:
, , , , , ,

Leave a Reply

Additional articles

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

pbps-blog3

7 Reasons Customers Switch to Password Safe for Privileged Password Management

Posted September 24, 2014    Chris Burd

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,…

Tags:
, , , , ,