Active Directory Auditing Headaches (and How to Solve Them) John O’Neill Sr. - Petri Nick Cavalancia - Netwrix
About the Speakers John O’Neill Sr. Nick Cavalancia During his 20+ years in the IT industry, John has enjoyed the opportunity to work as a consultant, architect, executive, speaker, and author. He's been involved in multi-national networking, messaging, and communications projects as well as finding solutions for small businesses allowing them to use technology to increase business opportunity and decrease operational complexity. Nick Cavalancia Nick Cavalancia, is VP of Marketing with Netwrix, where he assists in driving innovation and the evangelism of Netwrix solutions. He has over 20 years of enterprise IT experience and is an accomplished consultant, trainer, speaker, columnist, and patent holder. He has authored, co-authored and contributed to over a dozen books on Windows, Active Directory, Exchange and other Microsoft technologies.
You Can’t Manage What You Can’t Measure Why Audit? Security Compliance Documentation Change Management Understanding You Can’t Manage What You Can’t Measure
Security AD is many organization’s front line when it comes to AAA Authentication Authorization Accounting When you suspect a compromise, the faster response the better!
Compliance Understand the who, what, when, where, and why for events in your AD Necessary for public AND private organizations Know your requirements
Because it’s going to happen! Requests for audit data are never timely Do you shutdown the IT department to sift through mountains of data? Does the data even exist?
What to Audit Security context changes Computer account activities Passwords Group memberships Enable, disable, or delete Computer account activities Added or removed OU shift
An Oft Forgotten One OU Management “OU’s Gone Wild” OU “sprawl” Managed OU structure is critical to proper operation “OU’s Gone Wild”
Free Help Is Available! Event Logs Event Log Subscriptions (http://url2open.com/CW) AD Auditing Freeware
Netwrix Change Notifier for Active Directory Formerly Active Directory Change Reporter Freeware Edition Completely Free Tool Provides Change Detail: Adds, Deletes, Modifications Object Changed Any Change Details
What’s Missing from Log-Based Solutions? Change detail Consolidation of events to a single change An easy way to report on criteria-based changes Insight into state-in-time of changes
Netwrix Auditor Change and configuration auditing for IT security, compliance and operations. Provides detection, visibility and intelligence into organizational changes in security, systems and data. Allows organizations to monitor, audit and report on changes in critical systems and applications impacting adherence to compliance, access to sensitive data, and operational efficiency.
Netwrix Auditor for Active Directory Scheduled and on-demand Alerting and Reporting Complete Change Detail Schema, objects, security, Group Policies State-in-Time Reporting Object Recovery down to attribute level Also Includes Password Expiration Alerting Inactive User Tracking Windows Server Auditing Event Log Management User Activity Video Recording
About Netwrix Core Competency Established in 2006 Change and Configuration Auditing of Critical Systems Simple, Efficient & Affordable Established in 2006 Recognized in the Inc. 5000 two years running
Customers Federal, State, Local Financial Government WebMD Healthcare & Pharmaceutical Industrial/Technology/Other
Awards & Recognitions PRODUCT AWARDS Windows IT Pro Community Choice Awards - 2012 Best Active Directory / Group Policy Product Best Auditing/Compliance Product 4th Year in a Row Best Messaging Product 2nd Year in a Row Best SharePoint Product 3rd Year in a Row Best Virtualization Product 3rd Year in a Row Best Security, Auditing, Compliance Product Redmond Magazine Editor’s Choice Award Info Security Products Guide Global Excellence Awards – 2013 Gold Award in Auditing Silver Award (2): Forensics, Fraud Prevention/Auditing Bronze Award (2): Best Security Software Products and Solution for Small Business & SOHO 40+ awards , SC Magazine, WinITPro, Windows Security.com and more… CORPORATE AWARDS Inc. 5000 - Ranked 2nd Year in a Row as one of the Top 100 software companies in 2013
Solutions from Netwrix Netwrix Change Notifier for Active Directory Free Basic report-based notification of AD changes http://url2open.com/CX Netwrix Auditor for Active Directory Paid Solution Advanced Auditing, Reporting State-in-Time Windows Server Auditing http://url2open.com/CY
Conclusion You can’t manage what you can’t measure It’s going to happen Solutions do exist to ease the pain Netwrix has Free and Paid solutions
Thank You