NetVision Solution for Active Directory
Is Microsoft Active Directory at the heart of your network? If so, security across your network is primarily managed via the objects and attributes contained within Active Directory. Improving the security of Active Directory and responding to external and internal audits of Active Directory infrastructure are at the top of AD administrative concerns. And NetVision can help make those goals easier to reach.
The Challenge with Active Directory Administration
Administrators leverage AD security groups and file system Access Control Lists (ACLs) to grant or deny access to various network resources. And because Active Directory has such a far reach throughout organizations, there are a number of common security concerns:
- Technical staff needs to have full rights throughout the network in order to effectively manage the environment but some information should be protected from technical staff.
- Multiple technical staff members don't know what each other is doing.
- It's difficult to manage a historical view of changes to user accounts, group memberships and file system ACLs.
- There's no understanding of dormant or unused accounts, or when inappropriate rights are granted via group memberships or ACLs.
- There's no way for management to know when domain GPOs have been changed.
Managing Active Directory in a dynamic organization can be a complicated task. And due to Active Directory's architectural design and common security policies, there are some basic security risks that most AD implementations share. In a sentence,
Administrators have too much control and there's no system of checks and balances.
Fortunately, NetVision solves these problems with simple and effective solutions that are quick to implement, easy to use, and significantly reduce organizational risk.
Solutions for Active Directory Reporting & Monitoring
Although it's unpleasant to get the support calls when an inappropriate change is made, the more alarming question
is what if they didn't call? How confident are you that user accounts throughout the Active Directory tree aren't in
inappropriate groups? Or that there are no accounts left from previous employees or associates? Or that people
aren't accessing files that they shouldn't be?
NetVision's solutions for AD make life easier for Active Directory administrators while making the
environment more secure for executive management and the rest of the organization. We do that by providing
state-based assessment reporting and real-time monitoring of changes to user accounts,
group memberships, file system Access Control Lists, and more. Here are a few examples of what we can do:
- Monitor files and folders for create, read, write, modify and delete events. Capture the user account being used along with the date, time and file or folder name.
- Monitor Active Directory user accounts for create, modify and delete events. Capture the user account being used along with the affected user, time and date.
- Monitor group memberships and provide reports or alerts in real time when memberships change on important groups like the domain admins group.
- Provide reports on file system ACLs so you know who has access to what files and folders.
- Provide a report of dormant accounts so that administrators or management can review and take action when necessary.
- Provide email alerts when domain GPOs are changed – ensure that you stay within policy.
Active Directory Real-Time Monitoring with NetVision NVMonitor
NVMonitor automates real-time security event auditing and monitoring on Microsoft Windows and Active Directory.
By comparing events to policy in real-time, it serves as a centralized platform for auditing of identity-related
security controls, user behavior and the power granted to users on the network. It also enables independent event
sampling, forensics, real-time response to serious security violations and detection of transient activity. The
end result is reduced costs, improved audit integrity and increased security.
NVMonitor Features
- Policy Templates – NetVision supplies templates based on industry expertise and ISO 27002.
- Real-time – With the use of patented agent technology NVMonitor can pick up events as they happen.
- Alerting – When policy violations occur alerts can be sent with the information needed.
- Extensibility – Call other applications and processes to further filter data and perform actions.
- Flexible Data Management – Event data can be recorded in a file, sent to a database for future reporting or used for immediate alerts.
- File System Monitoring – Keep an eye on sensitive data that is widely available by watching for access or changes to files and folders.
- Directory Object Monitoring – Actively monitor, alert and report on changes to user objects, account status, group memberships or virtually any combination of objects and attributes.
Active Directory Assessment Reporting with NetVision NVAssess
NVAssess automates periodic security audits of Active Directory and the Windows file system by comparing the
actual information stored within Active Directory and Windows file servers to organizational security policies.
User provisioning, role management, access control, password management and other identity management processes
can all be automatically audited from a single, unified console. NVAssess reports analyze passwords, access history,
group memberships, system configurations, and a range of other identity variables. By auditing actual identity
information stored within Active Directory – rather than the individual systems (provisioning, etc.) and
applications (SAP, etc.) designed to control those values – NVAssess reduces costs, improves audit integrity, and
reduces organizational risk.
NVAssess Features
- Policy Based Assessment – Policy driven data collection is the key to providing information relevant to corporate controls.
- Automation – Policies can be scheduled to evaluate your environment and record findings at regular intervals.
- Detailed reporting – Reports can be defined based on any attribute within the monitored system, many of which are not available in vendor-provided system logs.
- Extensibility – External processes can be called to gather additional information, filter collected evidence or call other applications and processes.
- Scheduled Execution – Audits for compliance with defined policies can be scheduled to execute and be published without human intervention.
Please contact NetVision or visit our products page to learn more about how NetVision solutions can be implemented to support improved security and simplified audit of your organization's Active Directory infrastructure!
