Real-Time Change Auditing for Microsoft Active Directory
Directory services hold the keys to the kingdom when it comes to authentication and access control throughout your organization. So it’s no surprise that directory services are the focus of hackers and auditors alike. With just one set of compromised credentials, hackers can escalate privileges, gain a foothold in your organization, and put your sensitive data in jeopardy. Imperva SecureSphere Directory Services Monitor effectively identifies suspicious behavior to help prevent lateral movements and shield your organization from incurring non-compliance fees.
Immediate Visibility into Active Directory Changes
SecureSphere Directory Services Monitor keeps a detailed audit trail of critical changes, and allows you to demonstrate compliance with Active Directory reporting. Show auditors you’re in full control by having immediate visibility into all high-impact changes—such as those performed by privileged users—and the ability to report precisely what changes were made.
Real-Time Notifications Put You in Control
Find out immediately when suspicious changes pop up in Active Directory. Since directory services determine data access rights, overlooking a problematic change can have serious security and compliance implications. Sophisticated SecureSphere security policies trigger notifications in real-time so that you can quickly investigate and take care of potential issues.
Identify Lateral Movement by Attackers
Uncover early warning signs of an attack by keeping close tabs on your critical IT resources. With SecureSphere, you can continuously monitor for suspicious Active Directory changes—like privilege escalations—that occur during an advanced targeted attack. Ensure that your data is protected from advanced threats that compromise directory services to navigate throughout your organization.
Streamline Forensic Investigations
SecureSphere Directory Services Monitor simplifies incident response by gathering all Active Directory changes in one convenient spot. Get immediate insight into your security status with interactive analytics that let you slice and dice the audit trail for thorough forensic investigations. And with flexible Active Directory reporting templates, keeping your records up to date is that much easier.
Directory Services Monitor Specifications
Specification Description Directory Services Supported
- Microsoft Active Directory 2003, 2008, 2008R2, 2012
Directory Service Activity Audit
- User name
- Object name
- Operation (add/remove/delete)
- Object type
- Before and after value
- Source and Destination IP
Tamper-Proof Audit Trail
- Audit trail stored in a tamper-proof repository
- Optional encryption or digitally signing of audit data
- Role based access controls to view audit data (read-only)
- Real-time visibility of audit data
- Domain Controller: lightweight agents
- Web User Interface (HTTP/HTTPS)
- Command Line Interface (SSH/Console)
- MX Server for centralized management
Events and Reporting
- Integration with leading SIEM vendors
- Email to data owners and other stakeholders
- Custom followed action
- SecureSphere task workflow
- Integrated graphical reporting
- Real-time dashboard