Directory service monitoring

ꄴPrevious： SecureSphere for Amazon Web Services

Real-time change audit for Microsoft Active Directory

directory service controls the gate key to the entire organization's authentication and access control kingdom. Therefore, it is not surprising that directory services have become the core of the common concern of hackers and auditors. By simply stealing a set of credentials, hackers can upgrade permissions, which in turn root in your organization and put your sensitive data at risk. The directory service monitoring function can effectively identify suspicious behaviors, help prevent roundabout intrusion activities, and avoid organization expenses due to violations.

to learn about ACTIVE DIRECTORY changes immediately

issue a detailed change audit trail to the auditor to prove that Active Directory is completely under your control. With the help of the directory service monitoring function, you can immediately understand all changes that have a large impact (for example, changes performed by privileged users) and accurately report specific changes.

let everything be under control with real-time notification.

discovered immediately. Since directory services determine the company's data access rights, ignoring problematic changes may have serious security and compliance implications. SecureSphere provide sophisticated security policies that trigger notifications in real time, allowing you to quickly investigate and deal with potential problems.

identifies the attacker's roundabout intrusion activities

helps to detect early signs of attacks by paying close attention to key IT resources. SecureSphere enables you to continuously monitor suspicious Active Directory changes, such as privilege escalation, during advanced targeted attacks. This helps ensure data security and prevents advanced threats from invading directory services and spreading to your entire organization.

Simplify Forensic Investigation

directory service monitoring function can collect all Active Directory changes in a convenient location, thus simplifying event response. Through interactive analysis, the audit trail can be refined, which helps to carry out a comprehensive and detailed forensic investigation, so that you can immediately understand your own security situation. With SecureSphere flexible report templates, records can be updated in a timely manner more easily.

Specifications

Directory service monitoring specifications

Specifications	Description
Supported directory services	Microsoft Active Directory 2003, 2008, 2008 R2, 2012
Audit of Catalog Service Activities	Username domain object name group (Add, Remove, and Delete) object type attribute values before and after Source and destination IP addresses
Tamper-proof audit trail	Audit trails are stored in a tamper-proof repository. You can choose to encrypt audit data or set a digital signature. View audit data through role-based access control (read-only) Real-time audit data
deployment mode	domain controllers: lightweight agents
management	Web user interface (HTTP/HTTPS) The command line interface (SSH/console)
management	Implement centralized management through MX Server
Events and Reporting	SNMP Syslog and LeadingSIEM supplierintegration email data owners and other stakeholders Conformed operations Conformed operations Integrated Graphics Report Real-time dashboard
related products	File activity monitoring File Firewall SecureSphere for SharePoint Database activity monitoring Database Firewall

Pre-sales advice：021-60739232 Business Cooperation：linlin.yang@ky-tech.cn