BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Webcast Recap: Leveraging Active Directory as a Unified Identity Store with Microsoft MVP, Darren Mar-Elia

Posted May 29, 2014    Chris Burd

darren-mar-eliaWith over 15 years of history, Active Directory (AD) is the original source of authentication and authorization as a service, providing businesses with a trusted way to consolidate and manage identity. But how and why companies use AD – from an OS directory to an identity store – has constantly evolved.

BeyondTrust recently partnered with Darren Mar-Elia, Microsoft MVP and Contributing Editor at Windows IT Pro Magazine, for a webcast discussing the advantages and history of consolidating identity on AD. Below are key takeaways from the webcast, followed by an on-demand recording of the presentation.

Active Directory to control access to corporate resources

Mar-Elia notes that, while we may prioritize different aspects of the IT environment today, the main purpose of AD hasn’t changed much over the years. In most enterprise environments, AD is vital in authenticating users (via Kerberos) and controlling access to company resources (think SharePoint and mailbox access).

As the IT industry develops, AD provides greater ongoing control over access to corporate resources such as Windows desktops and servers and Linux/UNIX servers, not to mention applications that run on a variety of platforms like Sharepoint, Weblogic Java, and NAS appliances. The result is the use of AD as the de facto standard for identity in the enterprise, regardless of which device is connected.

Active Directory to reduce your identity footprint

As controlling access and provisioning and de-provisioning become more critical, IT teams place more importance on consolidating the identity stores they need to worry about. But since, for many companies, AD is just one of many identity stores and meta-directories, it’s not always being used to its fullest potential.

In order to protect your data, you need to be able to easily track who has access to which resources. Consolidating identity into AD allows you to reduce the number of directories to synchronize, thereby organizing and reducing your identity footprint. It also reduces the number of places you need to audit and monitor for authentication and authorization, as well as the points of control for provisioning and de-provisioning. Finally, it provides the ability to leverage the same tools you use for managing AD for managing authentication and authorization for most of your IT resources.

AD as a single platform to audit the use of authoritative data makes your life easier – auditing access, changes, and usage across all platforms becomes a matter of collecting and reporting on AD security logs. To improve your internal security processes, consolidate your identity stores and use AD for reporting and auditing. From authentication and authorization for users, to applications for monitoring a variety of platforms, AD can provide a single “source of truth” for identifying people and their functions despite organizational changes.

> Learn about BeyondTrust’s solutions for Active Directory Auditing and Recovery
> Download a PDF overview of our Active Directory Auditing and Recovery solutions

Tags:
, , , , , , ,

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,