• Overview
  • Specifications
  • Real-Time Change Auditing for Microsoft Active Directory

    Directory services hold the keys to the kingdom when it comes to authentication and access control throughout your organization. So it’s no surprise that directory services are the focus of hackers and auditors alike. With just one set of compromised credentials, hackers can escalate privileges, gain a foothold in your organization, and put your sensitive data in jeopardy. Imperva SecureSphere Directory Services Monitor effectively identifies suspicious behavior to help prevent lateral movements and shield your organization from incurring non-compliance fees.

    Key Capabilities

    • Immediate Visibility into Active Directory Changes

      SecureSphere Directory Services Monitor keeps a detailed audit trail of critical changes, and allows you to demonstrate compliance with Active Directory reporting. Show auditors you’re in full control by having immediate visibility into all high-impact changes—such as those performed by privileged users—and the ability to report precisely what changes were made.

    • Real-Time Notifications Put You in Control

      Find out immediately when suspicious changes pop up in Active Directory. Since directory services determine data access rights, overlooking a problematic change can have serious security and compliance implications. Sophisticated SecureSphere security policies trigger notifications in real-time so that you can quickly investigate and take care of potential issues.

    • Identify Lateral Movement by Attackers

      Uncover early warning signs of an attack by keeping close tabs on your critical IT resources. With SecureSphere, you can continuously monitor for suspicious Active Directory changes—like privilege escalations—that occur during an advanced targeted attack. Ensure that your data is protected from advanced threats that compromise directory services to navigate throughout your organization.

    • Streamline Forensic Investigations

      SecureSphere Directory Services Monitor simplifies incident response by gathering all Active Directory changes in one convenient spot. Get immediate insight into your security status with interactive analytics that let you slice and dice the audit trail for thorough forensic investigations. And with flexible Active Directory reporting templates, keeping your records up to date is that much easier.

  • Directory Services Monitor Specifications

    Specification Description
    Directory Services Supported
    • Microsoft Active Directory 2003, 2008, 2008R2, 2012
    Directory Service Activity Audit
    • User name
    • Domain
    • Object name
    • Groups
    • Operation (add/remove/delete)
    • Object type
    • Attribute
    • Before and after value
    • Source and Destination IP
    Tamper-Proof Audit Trail
    • Audit trail stored in a tamper-proof repository
    • Optional encryption or digitally signing of audit data
    • Role based access controls to view audit data (read-only)
    • Real-time visibility of audit data
    Deployment Modes
    • Domain Controller: lightweight agents
    • Web User Interface (HTTP/HTTPS)
    • Command Line Interface (SSH/Console)
    • MX Server for centralized management
    Events and Reporting
    • SNMP
    • Syslog
    • Integration with leading SIEM vendors
    • Email to data owners and other stakeholders
    • Custom followed action
    • SecureSphere task workflow
    • Integrated graphical reporting
    • Real-time dashboard
    Related Products