SlideShare une entreprise Scribd logo

Active Directory Change Auditing in the Enterprise

Netwrix Corporation
Netwrix Corporation

Changes can introduce untested conditions, or produce unpredictable errors and problems. Change auditing is a means whereby both IT administrators and management can readily distribute, secure and manage resources to ensure accountability and operational stability. This white paper explains why change auditing is important and covers features required for Active Directory change auditing.

Technologie
1  sur  12
Télécharger pour lire hors ligne
Active Directory Change Auditing in the Enterprise White Paper Written by Chris Rich, Senior Director of Product Management
Active Directory Change Auditing in the Enterprise Whitepaper Table of contents What is Change Auditing? ....................................................................................................................................... 3 Why is Change Auditing Important? ....................................................................................................................... 4 Change Auditing: A Real-World Example ............................................................................................................ 4 Change Auditing to Reduce Risk ......................................................................................................................... 4 Change Auditing to Improve Security ................................................................................................................. 5 Change Auditing to Sustain Compliance ............................................................................................................. 5 Change Auditing to Improve Manageability ....................................................................................................... 5 Required Features for Active Directory Change Auditing ...................................................................................... 7 Automatic Data Collection .................................................................................................................................. 7 Efficient and Centralized Data Storage ............................................................................................................... 7 Scalability............................................................................................................................................................. 8 Advanced Reporting Capabilities ........................................................................................................................ 8 Real-Time Alerts .................................................................................................................................................. 9 Robust Disaster Recovery Options ...................................................................................................................... 9 Additional Considerations ................................................................................................................................... 9 SIEM, IT Governance, Risk-Management and Active Directory Change Auditing ................................................ 10 NetWrix approach to Active Directory auditing ................................................................................................... 11 About NetWrix Corporation.................................................................................................................................. 11 About the Author .................................................................................................................................................. 12 Additional Resources ............................................................................................................................................ 12 2
Active Directory Change Auditing in the Enterprise Whitepaper What is Change Auditing? Change Auditing is an auditing procedure for mitigating risks associated with the changes to IT systems, services and applications. Limiting unauthorized or undesired changes and having appropriate segregation of duties and management controls in place is essential to reduce the risks associated with implementing IT changes in production environments. Changes can introduce untested conditions, or produce unpredictable errors and problems. Proper change auditing can reduce the risk of security features being disabled or turned off, harmful code distributed to end-users, sensitive data loss or compromise, and non-compliance with internal and external regulatory requirements. Proper change auditing is determined by measuring the risks associated with managing a production IT environment and addressing those risks in a secure and controlled audit trail of all changes across the entire enterprise 24x7x365. Change auditing is a means whereby both IT administrators and management can readily distribute, secure and manage resources to ensure accountability and operational stability. 3
Active Directory Change Auditing in the Enterprise Whitepaper Why is Change Auditing Important? Change Auditing: A Real-World Example The importance of change auditing is best illustrated by a real-world example. Consider a company that recently relocated an employee. This employee was provided with extensive access to important systems and information as part of their past duties, however they are no longer appropriate in their new role. Upon relocation, their access should have been modified to remove prior privileges and access, however, no formal process existed to secure resources following an employee experiencing a relocation. Four months later, the employee, still with extensive rights, gains unauthorized access to the environment remotely. Having prior knowledge of the company’s systems and resources, they navigate to a server housing the company’s financial data secured by Active Directory to resolve a technical issue they were experiencing, modifying a number of important settings. As a result, the company’s financial data becomes unavailable causing anger, frustration, panic, and finger-pointing. After many hours of investigation, the inappropriate modifications are discovered and corrected in Active Directory. Unfortunately, the damage was done and now IT must spend more time correcting the problem. This type of situation is rare but does happen. Without change auditing, there was no way for the company to protect itself. Even if there had been a procedure in place, a human had to follow that procedure. Human error can occur and that is to be expected, however, without a proper change audit solution in place to confirm access and permissions in Active Directory had been adjusted properly, the company suffered serious harm. Change auditing is important primarily because without it, an organization is incapable of reducing the risks of human behavior. Change Auditing to Reduce Risk Change auditing provides accountability thereby reducing risk through detailed collection and analysis of event information. A setting made today may not be appropriate at some point in the future. Change auditing is the vehicle by which changes made to the environment today can be measured against predetermined risk factors and mitigated accordingly. Establishing risk factors is the single most important step in securing any IT environment. Doing so will ensure that everyone involved from end-users to senior management understands what is at risk. This creates a conscious awareness of all things critical to sustaining normal business operations. Regularly revisiting these risk factors will serve to adjust them as needs and conditions change. Once the risk factors have been identified, the next step is to secure them. For Active Directory, users are provided with rights to access data and applications locally and remotely. Group memberships and policies are setup to control specific behaviors when accessing data and applications. Effectively managing every aspect of user interaction with the environment reduces risk while granting the appropriate access needed to perform job responsibilities. Change may sometimes have unpredictable results, one of which is unintentionally 4
Active Directory Change Auditing in the Enterprise Whitepaper increasing risk to IT assets. Active Directory change auditing provides actionable and historical forensic information to ensure risk factors are managed appropriately while delivering services to operationally diverse end-user populations. Change Auditing to Improve Security Accountability will always keep the honest users and administrators honest, however, internal threats pose a more immediate danger than those external to the organization because of trust. Change auditing provides the ability to establish a robust check-and-balance record for all Active Directory changes. Security improvements in Active Directory are most often reactionary. Flaws and holes are discovered after the fact and the reason for this is that without auditing daily activity there is no way to predict how a change will impact the environment. Environments that rely on tickets, or other change approval processes may still experience security problems if the information submitted is later found to have been inaccurate or intentionally misleading. The only way to know security has been compromised is to extract change and setting information directly from Active Directory. Change Auditing to Sustain Compliance Regulations such as SOX, PCI, FISMA, HIPAA each have their own detailed explanations of what needs to be tracked and recorded. They also will explicitly define how information is to be accessed and by whom. These regulations exist to establish (IT) change auditing standards to protect both business and consumers. At the end of the day, these regulations and their enforcement want to confirm the organization is recording and monitoring events that control access to sensitive information such as banking information, social security numbers, and health records. Demonstrating compliance is an exercise in presenting this information to auditors upon request and to the level of details as is interpreted by the law or standard and subject to the individual auditor’s discretion. Change auditing in Active Directory provides the Who, What, When, and Where information most frequently requested by auditors and almost equally important is the need to store this information for sometimes up to 7 years or more to be considered compliant. For Active Directory, this is extremely difficult with native tools and thus gives rise to the demand for additional tools. Change Auditing to Improve Manageability Making changes to Active Directory is performed easily when provided sufficient access. The consequences of changes however require thought and planning to avoid problems. Even if a lab environment is used to test changes, unexpected results can still occur, making the need for change auditing essential to effectively managing Active Directory. Change auditing offers the opportunity to see before and new values for modified configuration settings and permissions that can greatly improve an administrator’s ability to recover from changes that result in harm or that introduce unnecessary risks. Additionally, by maintaining an historical record of changes over time, further analysis can be used to uncover hidden problems that may not be 5
Active Directory Change Auditing in the Enterprise Whitepaper obvious during normal Active Directory activities. Being able to make changes is necessary to adjust to meet business and operational goals however, the ability to look back at the impact those changes had is the difference between ensuring a consistent, stable and safe environment for users and loosing visibility and control over mission critical resources and sensitive data. The ease with which changes are made can create a false sense of security with regards to the impacts those changes may bring and thus reinforces the need to have robust change auditing policies, procedures and tools to improve overall Active Directory manageability. 6
Active Directory Change Auditing in the Enterprise Whitepaper Required Features for Active Directory Change Auditing Change auditing for Active Directory is the process of gathering information, reporting the information, analyzing the information, taking action and evaluation. Active Directory natively has the capability to output audit information. This information however is stored local to each domain controller and is not centrally stored. Reporting is also unavailable for audit data making the collection and reporting steps of change auditing for Active Directory difficult and time consuming. There is also a risk of losing audit data if event log settings are not set properly to handle the volume of information logged and running out of disk space on domain controllers if too much information is being captured and not cleared after it’s been archived properly. Once native information is analyzed by an administrator experienced with system events and messages, the interpretation then would need to result in a decision to act or, accept the change and information as having met the intended goal and did not result in a deficiency or unacceptable compromise. Evaluating using native resources requires the same activity as collecting the information and thus requires similar investments in time. Combine these factors and the result is native change auditing is not feasible except for very small environments with a handful of servers and under 100 users. The following information is a collection of the required features change auditing for Active Directory in the Enterprise must have. Additional deployment considerations are provided as well. Automatic Data Collection In order to maximize the efficiency of collecting audit information, the process must be automated through scripting or 3rd-party tools. Without it, collecting the information in a timely manner is not feasible. This is especially true as the size of the organization will have a great impact on the raw volume of information collected. Special steps must also be taken on servers and domain controllers throughout the environment to facilitate auditing of the information which is by default not enabled. Additional scripting and 3 rd-party tools may also be employed to pre-configure systems in preparation of collecting event data. Furthermore, if audit data is not collected regularly, there is a risk of losing this information due to event log automatic overwrites or disk space issues. This is an important required feature to change auditing because without it, timely auditing is not feasible. Efficient and Centralized Data Storage Automation of any kind typically requires additional resources and may negatively impact system performance which can lead to bigger problems. For this reason, it’s important that the impact of the method employed to automatically collect data is minimal. Furthermore, storage of data must also be a consideration during implementation. While it is possible to store event and audit data exclusively on the local system where the events are taking place, the preferred method will be to centralize the information. This will lead to 7
Active Directory Change Auditing in the Enterprise Whitepaper numerous additional benefits over time as the need to analyze and report on this information becomes part of daily routine for the IT administrator or group responsible. Collection of information must also be reliable. Occasionally, each piece of the change auditing system should have a periodic check to ensure information is consistent when collected. The most advanced methods of reliably collecting this information will also have the ability to pre-screen data and filter for only essential data and the ability to compress this information to further add to overall efficiency. During collection, preference should be given to methods that leverage the existing Windows Event Log and audit information as opposed to injected agents or modified core system code for event extraction. Doing so will eliminate any potential system stability issues or future incompatibility problems. Relying solely on event log data introduces problems because this information is frequently incomplete. To completely understand an event, information from all sources involved must be aggregated and analyzed as a whole. Securing this information for short and long-term storage is also an important consideration and thus best-practices for securing audit data should be included pre-deployment such that no single power-user has access to or the ability to delete or tamper with information. Access to this information should be heavily restricted and monitored. Scalability Change auditing for Active Directory must be scalable to adjust to changes without the need for dramatic or drastic steps. Implementation and ongoing use of change auditing will be simplified when no additional software or extensive reconfigurations are required to accommodate changes within the organization. Auditing should keep pace with all granular changes as the overall topology of the network and Active Directory changes it to ensure consistent optimal configuration to best serve end-users and be administered by IT and Help Desk staff. Advanced Reporting Capabilities Once data collection is automated, reliable and stored securely, change auditing for Active Directory can assume a proactive posture. Advanced reporting is necessary to provide IT administrators, management and auditors with summarized information on any aspect of the Active Directory deployment and for any time period. Without the ability to produce clear information on change history for day-to-day modifications to Active Directory, sustaining compliance will be impossible and many opportunities will be lost to better secure the environment. For Windows environments, using SQL to store data and leverage Advanced Reporting Services are obvious choices for storing and reporting on data. SQL Server with Advanced Reporting can be downloaded for free from Microsoft. The ability to customize ad-hoc and predefined 3rd-party reports will accelerate an effective change auditing implementation by saving time and providing configuration options to suit the majority of needs. Using reports on a daily basis ensures complete visibility over the entire IT infrastructure providing opportunities to improve security and sustain compliance. Additional reporting services including e-mail 8
Active Directory Change Auditing in the Enterprise Whitepaper subscription capabilities, and the ability to produce Active Directory snapshot reports will also add to the impact advanced reporting will have on overall systems management effectiveness. Once established, advanced reporting will be the main driver behind sustained Active Directory change auditing success and will become an important part of day-to-day management of the IT environment. Real-Time Alerts Closely related to advanced reporting, Real-Time Alerts offer instant awareness to changes made on critical objects or data. Having the ability to dispense real-time alerts empower administrators to proactively respond to potentially harmful incidents that were previously unavailable. Before Active Directory change auditing, knowledge of a harmful change would come in the form of an administrator or end user stumbling upon it as part of their daily activities. In many cases, bad changes have led to unscheduled downtime, financial losses, and legal liabilities. Having a real-time alert capability will further reduce the risk of bad changes having costly consequences and may even prevent them entirely. Real-time alerting should be a required feature for any Active Directory change auditing implementation. Robust Disaster Recovery Options Active Directory offers a number of restore functions though they require reboots and backup resources to function properly and also carry the added requirement of testing these options in the event a restoration is needed. Change auditing for Active Directory needs a more robust solution in order to recover from a damaging change therefore is a required feature to any implementation. Furthermore, native restore features are limited in the level of detail with which objects can be restored. For example, modified attributes are not restorable unless a backup is available. Having a granular restore capability that can reverse unwanted changes to include attribute-level detail is necessary to ensure systems stability and service availability. This will enable the administrator to undo a change completely without the need for a backup or having to shut down a domain controller to minimize impact. Having a robust and granular restore function is an invaluable asset to have when managing Active Directory. An example of this would be when there is a need to restore specific security group memberships recently modified to their original states while retaining other recent and approved modifications. Additional Considerations Most Windows environments contain systems that are capable of utilizing Active Directory for a variety of functions and these too must be considered as part of overall IT governance and risk-management directives. For this reason, it is important to consider what options are available to integrate these systems into a larger role of change auditing in the enterprise. Preferred solutions (and providers) should offer plug-in or add-on modules and software to help form a cohesive and comprehensive management suite to make the most of 9
Active Directory Change Auditing in the Enterprise Whitepaper change auditing. Some additional types of systems may include firewalls, switches, database servers, SANs, storage appliances and other Microsoft technologies such as Exchange and SharePoint. SIEM, IT Governance, Risk-Management and Active Directory Change Auditing These common buzzwords appear frequently when discussing security and change auditing and represent a broader view of IT management. SIEM, which stands for Security Information and Event Management is related to change auditing, however, with some important differentiators. SIEM encompasses real-time analysis of security alerts and events generated through the entire enterprise, extending to all applications and devices at all corners of the organization. Change auditing is a critical information collection and reporting layer to overall SIEM objectives and must have a high level of interoperability with SIEM systems and services in order to achieve maximum effectiveness. SIEM implementations range from in-house, customized systems to massive modular deployments providing management capabilities for nearly all IT resources in an environment. IT Governance is a term often used to describe the overall mission of an IT organization within the broader context of the organization as a whole. It’s meant to provide a means by which core activities and services provided by IT align with overall organizational directives and goals. Risk-Management is a term found more and more frequently in press and publications to challenge the status of security for appropriately describing how organizations approach keeping their resources stable and secure. More recently, the increased visibility of mobile devices and cloud computing as part of an organization’s IT strategy present new challenges to traditional models of thought on security and how best to provide that in an increasingly mobile world where borders to IT infrastructure have blurred greatly. Keeping these new terms in mind while approaching Active Directory change auditing will help keep IT objectives in line with organizational objectives and needs as requirements change. 10
Active Directory Change Auditing in the Enterprise Whitepaper NetWrix Approach to Active Directory Auditing The NetWrix approach incorporates all the necessary features for achieving effective Active Directory auditing in a software solution. NetWrix Active Directory Change Reporter is an Active Directory auditing tool that tracks changes made to the Active Directory across the entire organization. It generates audit reports and real-time e-mail alerts that include the four W’s: Who, What, When, and Where for every audited AD change including users, OUs, groups, domain controller, configuration, schema partition, and all other change activity. In addition, it automatically provides before and new setting values for each AD object change to improve security and AD change control. The automatic collection and reporting on Active Directory changes not only surpasses native capabilities in Windows but expands upon them eliminating the time and effort spent collecting AD change audit information manually or through complex scripting thereby makes this information actionable. Furthermore, it has the ability to sustain compliance through historical reporting for up to 7 years and more and extent AD auditing into SIEM systems such as SCOM for improved IT control. Download free 20 day trial of NetWrix Active Directory Change Reporter to see how NetWrix can help with your auditing and compliance needs. Download link: http://www.netwrix.com/requeste.html?product=adcr About NetWrix Corporation NetWrix Corporation is a highly specialized provider of solutions for IT infrastructure change auditing. Change auditing is the core competency of NetWrix and no other vendor focuses on this more extensively. With the broadest platform coverage available in the industry, innovative technology and strategic roadmap aiming to support different types of IT systems, devices and applications, NetWrix offers award-winning change auditing solutions at very competitive prices, matched with great customer service. Founded in 2006, NetWrix has evolved as #1 for Change Auditing as evidenced by thousands of satisfied customers worldwide. The company is headquartered in Paramus, NJ, and has regional offices in Los Angeles and Boston. 11
Active Directory Change Auditing in the Enterprise Whitepaper About the Author As Senior Director of Product Management for NetWrix, located in the Boston office, I oversee all aspects of product management for the NetWrix family of products. I have been involved in numerous aspects of IT for over 16 years including help desk, systems administration, network management, network architecture, telecom and software sales and sales engineering, and product management. I am also a certified technical trainer, MCSA, Certified IBM Domino Administrator, avid runner, musician and happily married father of two. Additional Resources Information security professionals and trends - www.infosecisland.com Articles and commentary on a wide array of IT related topics - www.techrepublic.com Community focused on Windows technologies - www.windowsitpro.com Editorial resource for technology professionals - www.redmondmag.com Innovative tool and active community of IT practitioners - www.spiceworks.com Focused community on Windows security needs, trends, and information -www.windowssecurity.com 10 Immutable Laws of Security - http://technet.microsoft.com/en-us/library/cc722487.aspx Popular explanation and resources for Change Management and Change Auditing concepts and terminology - http://en.wikipedia.org/wiki/Change_management_auditing Excellent resource for Windows Administrators - www.petri.co.il NetWrix Corporate Blog - http://blog.netwrix.com ©2011 All rights reserved. NetWrix is trademark of NetWrix Corporation and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners. 12

Recommandé

Defining Segregation of Duties
Defining Segregation of DutiesDefining Segregation of Duties
Defining Segregation of DutiesWill Kelly
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal ControlsBharath Rao
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Auditvelcomerp
 
Process discovery and mining the digital way
Process discovery and mining the digital wayProcess discovery and mining the digital way
Process discovery and mining the digital wayHappiest Minds Technologies
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 

Recommandé

Defining Segregation of Duties
Defining Segregation of DutiesDefining Segregation of Duties
Defining Segregation of DutiesWill Kelly
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal ControlsBharath Rao
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Auditvelcomerp
 
Process discovery and mining the digital way
Process discovery and mining the digital wayProcess discovery and mining the digital way
Process discovery and mining the digital wayHappiest Minds Technologies
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftPennonSoft
 
Sod remediation best practices for isaca
Sod remediation best practices for isacaSod remediation best practices for isaca
Sod remediation best practices for isacapooshu
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
AcceleTest HIPAA Whitepaper
AcceleTest HIPAA Whitepaper AcceleTest HIPAA Whitepaper
AcceleTest HIPAA Whitepaper Meridian
 
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringIT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringShiv Koppad
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesSharing Slides Training
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3aGene Kim
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsDan Aldridge, ERP Software Evangelist, LION
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Managementicomply
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects SecuritySebastien Goiffon
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Sharing Slides Training
 
Data Protection Governance IT
Data Protection Governance ITData Protection Governance IT
Data Protection Governance ITCristina Villavicencio
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Sharing Slides Training
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Economia e diritto_del_terziario(2)
Economia e diritto_del_terziario(2)Economia e diritto_del_terziario(2)
Economia e diritto_del_terziario(2)Fabio Sibio
 
Ch. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonyCh. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonydavaughnmiller
 
Edugalaxy 2012 1
Edugalaxy 2012 1Edugalaxy 2012 1
Edugalaxy 2012 1ekaterina_a
 

Contenu connexe

Tendances

Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftPennonSoft
 
Sod remediation best practices for isaca
Sod remediation best practices for isacaSod remediation best practices for isaca
Sod remediation best practices for isacapooshu
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 CA CISA Jayjit Biswas
 
AcceleTest HIPAA Whitepaper
AcceleTest HIPAA Whitepaper AcceleTest HIPAA Whitepaper
AcceleTest HIPAA Whitepaper Meridian
 
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringIT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringShiv Koppad
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesSharing Slides Training
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3aGene Kim
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Managementicomply
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Sharing Slides Training
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 

Tendances (19)

Sap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoftSap security compliance tools_PennonSoft
Sap security compliance tools_PennonSoft
 
Sod remediation best practices for isaca
Sod remediation best practices for isacaSod remediation best practices for isaca
Sod remediation best practices for isaca
 
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015 Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
 
AcceleTest HIPAA Whitepaper
AcceleTest HIPAA Whitepaper AcceleTest HIPAA Whitepaper
AcceleTest HIPAA Whitepaper
 
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringIT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software Engineering
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development Strategies
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Management
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects Security
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
 
Data Protection Governance IT
Data Protection Governance ITData Protection Governance IT
Data Protection Governance IT
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 

En vedette

Economia e diritto_del_terziario(2)
Economia e diritto_del_terziario(2)Economia e diritto_del_terziario(2)
Economia e diritto_del_terziario(2)Fabio Sibio
 
Ch. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonyCh. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonydavaughnmiller
 
Edugalaxy 2012 1
Edugalaxy 2012 1Edugalaxy 2012 1
Edugalaxy 2012 1ekaterina_a
 
Photoshop booklet
Photoshop bookletPhotoshop booklet
Photoshop bookletAdam Caplan
 
Meta forum 2012 - Presentation on big data
Meta forum 2012 - Presentation on big dataMeta forum 2012 - Presentation on big data
Meta forum 2012 - Presentation on big dataTomas Pariente Lobo
 
Estefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by stepEstefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by stepeacosta007
 
BEHRENDT Brodnica
BEHRENDT BrodnicaBEHRENDT Brodnica
BEHRENDT BrodnicasalonyVi
 
Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013ryanvong
 
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)Percy Lopez
 
9 Tips to Ensure Your Insurer Pays Up
9 Tips to Ensure Your Insurer Pays Up9 Tips to Ensure Your Insurer Pays Up
9 Tips to Ensure Your Insurer Pays Upmitoaction
 
Resource1
Resource1Resource1
Resource1grosi
 
A tutorial of Gale Literature Resource Center
A tutorial of Gale Literature Resource Center A tutorial of Gale Literature Resource Center
A tutorial of Gale Literature Resource Center Helen Tang
 
Progress report orientation
Progress report orientationProgress report orientation
Progress report orientationAdam Caplan
 
World heritage
World heritageWorld heritage
World heritageKevin Ng
 
Vos Olie en Gas BV
Vos Olie en Gas BVVos Olie en Gas BV
Vos Olie en Gas BVRickhoekstra
 
Html shows 1213
Html shows 1213Html shows 1213
Html shows 1213crazymen
 

En vedette (20)

Economia e diritto_del_terziario(2)
Economia e diritto_del_terziario(2)Economia e diritto_del_terziario(2)
Economia e diritto_del_terziario(2)
 
Ch. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophonyCh. 1 plainchant & secular monophony
Ch. 1 plainchant & secular monophony
 
Edugalaxy 2012 1
Edugalaxy 2012 1Edugalaxy 2012 1
Edugalaxy 2012 1
 
Photoshop booklet
Photoshop bookletPhotoshop booklet
Photoshop booklet
 
Sccc mathematics
Sccc mathematicsSccc mathematics
Sccc mathematics
 
Meta forum 2012 - Presentation on big data
Meta forum 2012 - Presentation on big dataMeta forum 2012 - Presentation on big data
Meta forum 2012 - Presentation on big data
 
Estefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by stepEstefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by step
 
Market Update5 2012
Market Update5 2012Market Update5 2012
Market Update5 2012
 
BEHRENDT Brodnica
BEHRENDT BrodnicaBEHRENDT Brodnica
BEHRENDT Brodnica
 
Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013
 
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
 
Christmas in the uk
Christmas in the ukChristmas in the uk
Christmas in the uk
 
9 Tips to Ensure Your Insurer Pays Up
9 Tips to Ensure Your Insurer Pays Up9 Tips to Ensure Your Insurer Pays Up
9 Tips to Ensure Your Insurer Pays Up
 
Resource1
Resource1Resource1
Resource1
 
A tutorial of Gale Literature Resource Center
A tutorial of Gale Literature Resource Center A tutorial of Gale Literature Resource Center
A tutorial of Gale Literature Resource Center
 
Progress report orientation
Progress report orientationProgress report orientation
Progress report orientation
 
World heritage
World heritageWorld heritage
World heritage
 
Vos Olie en Gas BV
Vos Olie en Gas BVVos Olie en Gas BV
Vos Olie en Gas BV
 
Html shows 1213
Html shows 1213Html shows 1213
Html shows 1213
 
Get Got NBA 2013
Get Got NBA 2013Get Got NBA 2013
Get Got NBA 2013
 

Similaire à Active Directory Change Auditing in the Enterprise

The Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperThe Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperNetIQ
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseNetwrix Corporation
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Challenges of Active Directory User Management
Challenges of Active Directory User ManagementChallenges of Active Directory User Management
Challenges of Active Directory User ManagementNetIQ
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for SecurityTripwire
 
UCMDB _Predictive Change Impact Analysis circa 2009
UCMDB _Predictive Change Impact Analysis circa 2009UCMDB _Predictive Change Impact Analysis circa 2009
UCMDB _Predictive Change Impact Analysis circa 2009djasso7494
 
Business-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersBusiness-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersEMC
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesNetwrix Corporation
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachProtected Harbor
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfaotmp2600
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components iiAshish Desai
 
Change Management - ITIL
Change Management - ITILChange Management - ITIL
Change Management - ITILconnorsmaureen
 

Similaire à Active Directory Change Auditing in the Enterprise (20)

The Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White PaperThe Top 7 Active Directory Admin Challenges Overcome White Paper
The Top 7 Active Directory Admin Challenges Overcome White Paper
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the Enterprise
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Optimize Change Management
Optimize Change ManagementOptimize Change Management
Optimize Change Management
 
Challenges of Active Directory User Management
Challenges of Active Directory User ManagementChallenges of Active Directory User Management
Challenges of Active Directory User Management
 
Dit yvol3iss33
Dit yvol3iss33Dit yvol3iss33
Dit yvol3iss33
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for Security
 
UCMDB _Predictive Change Impact Analysis circa 2009
UCMDB _Predictive Change Impact Analysis circa 2009UCMDB _Predictive Change Impact Analysis circa 2009
UCMDB _Predictive Change Impact Analysis circa 2009
 
Business-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach MattersBusiness-Driven Identity and Access Governance: Why This New Approach Matters
Business-Driven Identity and Access Governance: Why This New Approach Matters
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy Changes
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended Enterprise
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
Dit yvol4iss27
Dit yvol4iss27Dit yvol4iss27
Dit yvol4iss27
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdf
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components ii
 
Change Management - ITIL
Change Management - ITILChange Management - ITIL
Change Management - ITIL
 

Plus de Netwrix Corporation

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and whereNetwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsNetwrix Corporation
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsNetwrix Corporation
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsNetwrix Corporation
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceNetwrix Corporation
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingNetwrix Corporation
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaNetwrix Corporation
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Netwrix Corporation
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerNetwrix Corporation
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementNetwrix Corporation
 

Plus de Netwrix Corporation (16)

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutions
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases Auditors
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users Accounts
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable Media
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange Server
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
File auditing on NetApp Filer
File auditing on NetApp Filer File auditing on NetApp Filer
File auditing on NetApp Filer
 

Dernier

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 

Dernier (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Active Directory Change Auditing in the Enterprise

  • 1. Active Directory Change Auditing in the Enterprise White Paper Written by Chris Rich, Senior Director of Product Management
  • 2. Active Directory Change Auditing in the Enterprise Whitepaper Table of contents What is Change Auditing? ....................................................................................................................................... 3 Why is Change Auditing Important? ....................................................................................................................... 4 Change Auditing: A Real-World Example ............................................................................................................ 4 Change Auditing to Reduce Risk ......................................................................................................................... 4 Change Auditing to Improve Security ................................................................................................................. 5 Change Auditing to Sustain Compliance ............................................................................................................. 5 Change Auditing to Improve Manageability ....................................................................................................... 5 Required Features for Active Directory Change Auditing ...................................................................................... 7 Automatic Data Collection .................................................................................................................................. 7 Efficient and Centralized Data Storage ............................................................................................................... 7 Scalability............................................................................................................................................................. 8 Advanced Reporting Capabilities ........................................................................................................................ 8 Real-Time Alerts .................................................................................................................................................. 9 Robust Disaster Recovery Options ...................................................................................................................... 9 Additional Considerations ................................................................................................................................... 9 SIEM, IT Governance, Risk-Management and Active Directory Change Auditing ................................................ 10 NetWrix approach to Active Directory auditing ................................................................................................... 11 About NetWrix Corporation.................................................................................................................................. 11 About the Author .................................................................................................................................................. 12 Additional Resources ............................................................................................................................................ 12 2
  • 3. Active Directory Change Auditing in the Enterprise Whitepaper What is Change Auditing? Change Auditing is an auditing procedure for mitigating risks associated with the changes to IT systems, services and applications. Limiting unauthorized or undesired changes and having appropriate segregation of duties and management controls in place is essential to reduce the risks associated with implementing IT changes in production environments. Changes can introduce untested conditions, or produce unpredictable errors and problems. Proper change auditing can reduce the risk of security features being disabled or turned off, harmful code distributed to end-users, sensitive data loss or compromise, and non-compliance with internal and external regulatory requirements. Proper change auditing is determined by measuring the risks associated with managing a production IT environment and addressing those risks in a secure and controlled audit trail of all changes across the entire enterprise 24x7x365. Change auditing is a means whereby both IT administrators and management can readily distribute, secure and manage resources to ensure accountability and operational stability. 3
  • 4. Active Directory Change Auditing in the Enterprise Whitepaper Why is Change Auditing Important? Change Auditing: A Real-World Example The importance of change auditing is best illustrated by a real-world example. Consider a company that recently relocated an employee. This employee was provided with extensive access to important systems and information as part of their past duties, however they are no longer appropriate in their new role. Upon relocation, their access should have been modified to remove prior privileges and access, however, no formal process existed to secure resources following an employee experiencing a relocation. Four months later, the employee, still with extensive rights, gains unauthorized access to the environment remotely. Having prior knowledge of the company’s systems and resources, they navigate to a server housing the company’s financial data secured by Active Directory to resolve a technical issue they were experiencing, modifying a number of important settings. As a result, the company’s financial data becomes unavailable causing anger, frustration, panic, and finger-pointing. After many hours of investigation, the inappropriate modifications are discovered and corrected in Active Directory. Unfortunately, the damage was done and now IT must spend more time correcting the problem. This type of situation is rare but does happen. Without change auditing, there was no way for the company to protect itself. Even if there had been a procedure in place, a human had to follow that procedure. Human error can occur and that is to be expected, however, without a proper change audit solution in place to confirm access and permissions in Active Directory had been adjusted properly, the company suffered serious harm. Change auditing is important primarily because without it, an organization is incapable of reducing the risks of human behavior. Change Auditing to Reduce Risk Change auditing provides accountability thereby reducing risk through detailed collection and analysis of event information. A setting made today may not be appropriate at some point in the future. Change auditing is the vehicle by which changes made to the environment today can be measured against predetermined risk factors and mitigated accordingly. Establishing risk factors is the single most important step in securing any IT environment. Doing so will ensure that everyone involved from end-users to senior management understands what is at risk. This creates a conscious awareness of all things critical to sustaining normal business operations. Regularly revisiting these risk factors will serve to adjust them as needs and conditions change. Once the risk factors have been identified, the next step is to secure them. For Active Directory, users are provided with rights to access data and applications locally and remotely. Group memberships and policies are setup to control specific behaviors when accessing data and applications. Effectively managing every aspect of user interaction with the environment reduces risk while granting the appropriate access needed to perform job responsibilities. Change may sometimes have unpredictable results, one of which is unintentionally 4
  • 5. Active Directory Change Auditing in the Enterprise Whitepaper increasing risk to IT assets. Active Directory change auditing provides actionable and historical forensic information to ensure risk factors are managed appropriately while delivering services to operationally diverse end-user populations. Change Auditing to Improve Security Accountability will always keep the honest users and administrators honest, however, internal threats pose a more immediate danger than those external to the organization because of trust. Change auditing provides the ability to establish a robust check-and-balance record for all Active Directory changes. Security improvements in Active Directory are most often reactionary. Flaws and holes are discovered after the fact and the reason for this is that without auditing daily activity there is no way to predict how a change will impact the environment. Environments that rely on tickets, or other change approval processes may still experience security problems if the information submitted is later found to have been inaccurate or intentionally misleading. The only way to know security has been compromised is to extract change and setting information directly from Active Directory. Change Auditing to Sustain Compliance Regulations such as SOX, PCI, FISMA, HIPAA each have their own detailed explanations of what needs to be tracked and recorded. They also will explicitly define how information is to be accessed and by whom. These regulations exist to establish (IT) change auditing standards to protect both business and consumers. At the end of the day, these regulations and their enforcement want to confirm the organization is recording and monitoring events that control access to sensitive information such as banking information, social security numbers, and health records. Demonstrating compliance is an exercise in presenting this information to auditors upon request and to the level of details as is interpreted by the law or standard and subject to the individual auditor’s discretion. Change auditing in Active Directory provides the Who, What, When, and Where information most frequently requested by auditors and almost equally important is the need to store this information for sometimes up to 7 years or more to be considered compliant. For Active Directory, this is extremely difficult with native tools and thus gives rise to the demand for additional tools. Change Auditing to Improve Manageability Making changes to Active Directory is performed easily when provided sufficient access. The consequences of changes however require thought and planning to avoid problems. Even if a lab environment is used to test changes, unexpected results can still occur, making the need for change auditing essential to effectively managing Active Directory. Change auditing offers the opportunity to see before and new values for modified configuration settings and permissions that can greatly improve an administrator’s ability to recover from changes that result in harm or that introduce unnecessary risks. Additionally, by maintaining an historical record of changes over time, further analysis can be used to uncover hidden problems that may not be 5
  • 6. Active Directory Change Auditing in the Enterprise Whitepaper obvious during normal Active Directory activities. Being able to make changes is necessary to adjust to meet business and operational goals however, the ability to look back at the impact those changes had is the difference between ensuring a consistent, stable and safe environment for users and loosing visibility and control over mission critical resources and sensitive data. The ease with which changes are made can create a false sense of security with regards to the impacts those changes may bring and thus reinforces the need to have robust change auditing policies, procedures and tools to improve overall Active Directory manageability. 6
  • 7. Active Directory Change Auditing in the Enterprise Whitepaper Required Features for Active Directory Change Auditing Change auditing for Active Directory is the process of gathering information, reporting the information, analyzing the information, taking action and evaluation. Active Directory natively has the capability to output audit information. This information however is stored local to each domain controller and is not centrally stored. Reporting is also unavailable for audit data making the collection and reporting steps of change auditing for Active Directory difficult and time consuming. There is also a risk of losing audit data if event log settings are not set properly to handle the volume of information logged and running out of disk space on domain controllers if too much information is being captured and not cleared after it’s been archived properly. Once native information is analyzed by an administrator experienced with system events and messages, the interpretation then would need to result in a decision to act or, accept the change and information as having met the intended goal and did not result in a deficiency or unacceptable compromise. Evaluating using native resources requires the same activity as collecting the information and thus requires similar investments in time. Combine these factors and the result is native change auditing is not feasible except for very small environments with a handful of servers and under 100 users. The following information is a collection of the required features change auditing for Active Directory in the Enterprise must have. Additional deployment considerations are provided as well. Automatic Data Collection In order to maximize the efficiency of collecting audit information, the process must be automated through scripting or 3rd-party tools. Without it, collecting the information in a timely manner is not feasible. This is especially true as the size of the organization will have a great impact on the raw volume of information collected. Special steps must also be taken on servers and domain controllers throughout the environment to facilitate auditing of the information which is by default not enabled. Additional scripting and 3 rd-party tools may also be employed to pre-configure systems in preparation of collecting event data. Furthermore, if audit data is not collected regularly, there is a risk of losing this information due to event log automatic overwrites or disk space issues. This is an important required feature to change auditing because without it, timely auditing is not feasible. Efficient and Centralized Data Storage Automation of any kind typically requires additional resources and may negatively impact system performance which can lead to bigger problems. For this reason, it’s important that the impact of the method employed to automatically collect data is minimal. Furthermore, storage of data must also be a consideration during implementation. While it is possible to store event and audit data exclusively on the local system where the events are taking place, the preferred method will be to centralize the information. This will lead to 7
  • 8. Active Directory Change Auditing in the Enterprise Whitepaper numerous additional benefits over time as the need to analyze and report on this information becomes part of daily routine for the IT administrator or group responsible. Collection of information must also be reliable. Occasionally, each piece of the change auditing system should have a periodic check to ensure information is consistent when collected. The most advanced methods of reliably collecting this information will also have the ability to pre-screen data and filter for only essential data and the ability to compress this information to further add to overall efficiency. During collection, preference should be given to methods that leverage the existing Windows Event Log and audit information as opposed to injected agents or modified core system code for event extraction. Doing so will eliminate any potential system stability issues or future incompatibility problems. Relying solely on event log data introduces problems because this information is frequently incomplete. To completely understand an event, information from all sources involved must be aggregated and analyzed as a whole. Securing this information for short and long-term storage is also an important consideration and thus best-practices for securing audit data should be included pre-deployment such that no single power-user has access to or the ability to delete or tamper with information. Access to this information should be heavily restricted and monitored. Scalability Change auditing for Active Directory must be scalable to adjust to changes without the need for dramatic or drastic steps. Implementation and ongoing use of change auditing will be simplified when no additional software or extensive reconfigurations are required to accommodate changes within the organization. Auditing should keep pace with all granular changes as the overall topology of the network and Active Directory changes it to ensure consistent optimal configuration to best serve end-users and be administered by IT and Help Desk staff. Advanced Reporting Capabilities Once data collection is automated, reliable and stored securely, change auditing for Active Directory can assume a proactive posture. Advanced reporting is necessary to provide IT administrators, management and auditors with summarized information on any aspect of the Active Directory deployment and for any time period. Without the ability to produce clear information on change history for day-to-day modifications to Active Directory, sustaining compliance will be impossible and many opportunities will be lost to better secure the environment. For Windows environments, using SQL to store data and leverage Advanced Reporting Services are obvious choices for storing and reporting on data. SQL Server with Advanced Reporting can be downloaded for free from Microsoft. The ability to customize ad-hoc and predefined 3rd-party reports will accelerate an effective change auditing implementation by saving time and providing configuration options to suit the majority of needs. Using reports on a daily basis ensures complete visibility over the entire IT infrastructure providing opportunities to improve security and sustain compliance. Additional reporting services including e-mail 8
  • 9. Active Directory Change Auditing in the Enterprise Whitepaper subscription capabilities, and the ability to produce Active Directory snapshot reports will also add to the impact advanced reporting will have on overall systems management effectiveness. Once established, advanced reporting will be the main driver behind sustained Active Directory change auditing success and will become an important part of day-to-day management of the IT environment. Real-Time Alerts Closely related to advanced reporting, Real-Time Alerts offer instant awareness to changes made on critical objects or data. Having the ability to dispense real-time alerts empower administrators to proactively respond to potentially harmful incidents that were previously unavailable. Before Active Directory change auditing, knowledge of a harmful change would come in the form of an administrator or end user stumbling upon it as part of their daily activities. In many cases, bad changes have led to unscheduled downtime, financial losses, and legal liabilities. Having a real-time alert capability will further reduce the risk of bad changes having costly consequences and may even prevent them entirely. Real-time alerting should be a required feature for any Active Directory change auditing implementation. Robust Disaster Recovery Options Active Directory offers a number of restore functions though they require reboots and backup resources to function properly and also carry the added requirement of testing these options in the event a restoration is needed. Change auditing for Active Directory needs a more robust solution in order to recover from a damaging change therefore is a required feature to any implementation. Furthermore, native restore features are limited in the level of detail with which objects can be restored. For example, modified attributes are not restorable unless a backup is available. Having a granular restore capability that can reverse unwanted changes to include attribute-level detail is necessary to ensure systems stability and service availability. This will enable the administrator to undo a change completely without the need for a backup or having to shut down a domain controller to minimize impact. Having a robust and granular restore function is an invaluable asset to have when managing Active Directory. An example of this would be when there is a need to restore specific security group memberships recently modified to their original states while retaining other recent and approved modifications. Additional Considerations Most Windows environments contain systems that are capable of utilizing Active Directory for a variety of functions and these too must be considered as part of overall IT governance and risk-management directives. For this reason, it is important to consider what options are available to integrate these systems into a larger role of change auditing in the enterprise. Preferred solutions (and providers) should offer plug-in or add-on modules and software to help form a cohesive and comprehensive management suite to make the most of 9
  • 10. Active Directory Change Auditing in the Enterprise Whitepaper change auditing. Some additional types of systems may include firewalls, switches, database servers, SANs, storage appliances and other Microsoft technologies such as Exchange and SharePoint. SIEM, IT Governance, Risk-Management and Active Directory Change Auditing These common buzzwords appear frequently when discussing security and change auditing and represent a broader view of IT management. SIEM, which stands for Security Information and Event Management is related to change auditing, however, with some important differentiators. SIEM encompasses real-time analysis of security alerts and events generated through the entire enterprise, extending to all applications and devices at all corners of the organization. Change auditing is a critical information collection and reporting layer to overall SIEM objectives and must have a high level of interoperability with SIEM systems and services in order to achieve maximum effectiveness. SIEM implementations range from in-house, customized systems to massive modular deployments providing management capabilities for nearly all IT resources in an environment. IT Governance is a term often used to describe the overall mission of an IT organization within the broader context of the organization as a whole. It’s meant to provide a means by which core activities and services provided by IT align with overall organizational directives and goals. Risk-Management is a term found more and more frequently in press and publications to challenge the status of security for appropriately describing how organizations approach keeping their resources stable and secure. More recently, the increased visibility of mobile devices and cloud computing as part of an organization’s IT strategy present new challenges to traditional models of thought on security and how best to provide that in an increasingly mobile world where borders to IT infrastructure have blurred greatly. Keeping these new terms in mind while approaching Active Directory change auditing will help keep IT objectives in line with organizational objectives and needs as requirements change. 10
  • 11. Active Directory Change Auditing in the Enterprise Whitepaper NetWrix Approach to Active Directory Auditing The NetWrix approach incorporates all the necessary features for achieving effective Active Directory auditing in a software solution. NetWrix Active Directory Change Reporter is an Active Directory auditing tool that tracks changes made to the Active Directory across the entire organization. It generates audit reports and real-time e-mail alerts that include the four W’s: Who, What, When, and Where for every audited AD change including users, OUs, groups, domain controller, configuration, schema partition, and all other change activity. In addition, it automatically provides before and new setting values for each AD object change to improve security and AD change control. The automatic collection and reporting on Active Directory changes not only surpasses native capabilities in Windows but expands upon them eliminating the time and effort spent collecting AD change audit information manually or through complex scripting thereby makes this information actionable. Furthermore, it has the ability to sustain compliance through historical reporting for up to 7 years and more and extent AD auditing into SIEM systems such as SCOM for improved IT control. Download free 20 day trial of NetWrix Active Directory Change Reporter to see how NetWrix can help with your auditing and compliance needs. Download link: http://www.netwrix.com/requeste.html?product=adcr About NetWrix Corporation NetWrix Corporation is a highly specialized provider of solutions for IT infrastructure change auditing. Change auditing is the core competency of NetWrix and no other vendor focuses on this more extensively. With the broadest platform coverage available in the industry, innovative technology and strategic roadmap aiming to support different types of IT systems, devices and applications, NetWrix offers award-winning change auditing solutions at very competitive prices, matched with great customer service. Founded in 2006, NetWrix has evolved as #1 for Change Auditing as evidenced by thousands of satisfied customers worldwide. The company is headquartered in Paramus, NJ, and has regional offices in Los Angeles and Boston. 11
  • 12. Active Directory Change Auditing in the Enterprise Whitepaper About the Author As Senior Director of Product Management for NetWrix, located in the Boston office, I oversee all aspects of product management for the NetWrix family of products. I have been involved in numerous aspects of IT for over 16 years including help desk, systems administration, network management, network architecture, telecom and software sales and sales engineering, and product management. I am also a certified technical trainer, MCSA, Certified IBM Domino Administrator, avid runner, musician and happily married father of two. Additional Resources Information security professionals and trends - www.infosecisland.com Articles and commentary on a wide array of IT related topics - www.techrepublic.com Community focused on Windows technologies - www.windowsitpro.com Editorial resource for technology professionals - www.redmondmag.com Innovative tool and active community of IT practitioners - www.spiceworks.com Focused community on Windows security needs, trends, and information -www.windowssecurity.com 10 Immutable Laws of Security - http://technet.microsoft.com/en-us/library/cc722487.aspx Popular explanation and resources for Change Management and Change Auditing concepts and terminology - http://en.wikipedia.org/wiki/Change_management_auditing Excellent resource for Windows Administrators - www.petri.co.il NetWrix Corporate Blog - http://blog.netwrix.com ©2011 All rights reserved. NetWrix is trademark of NetWrix Corporation and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners. 12