Security and Compliance for Microsoft Active Directory
Directory services such as Active Directory are the critical system of record for the user accounts and group memberships used for authentication and access control. Active Directory plays a central role in defining data access rights for enterprise data assets such as Microsoft SharePoint, file servers and NAS devices. Increasingly, organizations are using Active Directory to provision database access rights as well. Changes within Active Directory therefore can have broad security and compliance impacts for sensitive business data. The centralized, highly leveraged nature of directory services requires that organizations have real-time visibility and control over changes made within Active Directory.
To learn more, click on the Capabilities tab.
Audit for Security and Compliance
Comprehensive change auditing is necessary to secure Active Directory and demonstrate compliance with regulatory requirements. Active Directory plays a core role in controlling user and group access to enterprise IT resources such as critical applications and files servers, thus all Active Directory administration and changes demand governance. Organizations must also maintain a high-integrity audit trail of change activity to meet compliance mandates and monitor privileged users.
Natively, Active Directory offers basic auditing capabilities that do not provide a centralized audit trail across domain controllers or provide enough detail to explain precisely what changes were made. SecureSphere provides continuous monitoring and detailed auditing of changes made within Active Directory so that enterprises have a complete audit trail showing the “Who, What, When, Where and How” of each activity. This enables security and compliance teams to understand exactly who accessed, moved, changed or deleted objects in Active Directory.
Discover and Respond to Critical Activity in Real-Time
Material changes, such as a modification to configuration settings, can have significant security impacts on an organization. Therefore, enterprises need to have the ability to monitor for, and respond immediately to, high-impact changes in Active Directory.
- Monitor Privileged Users: The users and groups in Active Directory are used across the enterprise to provision access to critical applications and sensitive data. The simple act of adding a user to a group effectively grants that user access to all of the resources the group has access to. Active Directory administrators therefore are privileged users that have significant power and control over user rights. The compliance implication is that Active Directory changes must be monitored to be in line with separation of duties requirements of virtually all regulations.
- Reinforce Internal Controls: Businesses need to quickly assess and respond when Active Directory changes deviate from corporate policy or security best practices. Enterprise best practices demand real-time alerting, notification and external actions to drive remediation efforts.
- Protect Against Malware and Targeted Attacks: From a security standpoint, the centralized role that directory services play in access control makes them an attractive target for hackers. Advanced threats like malware and targeted attacks seek to compromise IT resources, such as Active Directory, that give attackers access to sensitive business data. Monitoring for unwanted Active Directory changes can help provide early signs of an attack.
Analyze and Report on Active Directory Activity
Despite being one of the most important assets for the IT organization, Active Directory changes are challenging to analyze. Active Directory’s out-of-the-box auditing generates large quantities of raw activity data, which requires dedicated storage in addition to analysis and reporting applications to extract value.
SecureSphere provides greater visibility into Active Directory change activity by aggregating and consolidating audit data into a secured, actionable repository. Interactive audit analytics allow administrators to slice and dice the audit trail for forensic investigations and identify data relevant for compliance reporting. SecureSphere’s flexible reporting framework allows organizations to easily understand security status, automate the auditing process and demonstrate compliance.
Deploy with Confidence
DSM agents sit on Microsoft Active Directory domain controllers to monitor change activity and SecureSphere offers simple, drop-in deployment through virtual or physical appliances. Centrally managed, SecureSphere meets the needs of any environment – from small organizations with a single domain controller to large enterprises with geographically distributed data centers.
Directory Services Monitoring Specifications
|Directory Services Supported|
|Directory Service Activity Audit|
|Tamper-Proof Audit Trail|
|Events and Reporting|