OVERVIEW

Real-Time Change Auditing for Microsoft Active Directory

Directory services hold the keys to the kingdom when it comes to authentication and access control throughout your organization. So it’s no surprise that directory services are the focus of hackers and auditors alike. With just one set of compromised credentials, hackers can escalate privileges, gain a foothold in your organization, and put your sensitive data in jeopardy. Directory Services Monitor effectively identifies suspicious behavior to help prevent lateral movements and shield your organization from incurring non-compliance fees.

SPECIFICATIONS

Directory Services Monitor Specifications

SPECIFICATION DESCRIPTION
Directory Services Supported
  • Microsoft Active Directory 2003, 2008, 2008R2, 2012
Directory Service Activity Audit
  • User name
  • Domain
  • Object name
  • Groups
  • Operation (add/remove/delete)
  • Object type
  • Attribute
  • Before and after value
  • Source and Destination IP
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Deployment Modes
  • Domain Controller: lightweight agents
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Administration
  • MX Server for centralized management
Events and Reporting
  • SNMP
  • Syslog
  • Integration with leading SIEM vendors
  • Email to data owners and other stakeholders
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Related Products
  • File Activity Monitor
  • File Firewall
  • SecureSphere for SharePoint
  • Database Activity Monitor
  • Database Firewall

Key Capabilities

 

IMMEDIATE VISIBILITY INTO ACTIVE DIRECTORY CHANGES

Show auditors you’re in full control of Active Directory with a detailed audit trail of changes. With Directory Services Monitor, you have immediate visibility into all high-impact changes – such as those performed by privileged users – and the ability to report precisely what changes were made.

REAL-TIME NOTIFICATIONS PUT YOU IN CONTROL

Find out immediately when suspicious changes pop up in Active Directory. Since directory services determine company data access rights, overlooking a problematic change can have serious security and compliance implications. SecureSphere’s sophisticated security policies trigger notifications in real-time so that you can quickly investigate and take care of potential issues.

IDENTIFY LATERAL MOVEMENT BY ATTACKERS

Uncover early warning signs of an attack by keeping close tabs on your critical IT resources. With SecureSphere, you can continuously monitor for suspicious Active Directory changes – like privilege escalations – that occur during an advanced targeted attack. Ensure that your data is safe from advanced threats that compromise directory services to navigate throughout your organization.

STREAMLINE FORENSIC INVESTIGATIONS

Directory Services Monitor simplifies incident response by gathering all Active Directory changes in one convenient spot. Get immediate insight into your security status with interactive analytics that let you slice and dice the audit trail for thorough forensic investigations. And with SecureSphere’s flexible report templates, keeping your records up to date is that much easier.