If thinking of a set of keys, in which each key secures an area of your organization’s infrastructure, it makes sense to have each area only accessible via the key(s). However, what if the key ring itself, the pathway to all the keys that secure your organization, is available? Perhaps this is how organizations need to think about Active Directory(AD).
Active Directory: "The Keymaster"
As a distributed service, AD relies upon many interdependent services distributed across many devices and in many remote locations. Monitoring of AD configurations becomes crucial as environments will just continue to grow.
Derek Melber’s thought on controlling privileged access of AD boils down to one main point, how can you restrict the privileges within an AD environment if you are not aware of who has access?
From Best Practices to Strategy
As previously discussed in Change Monitoring vs. Control vs. Management: What’s the Difference?, change management is the process of making decisions about your network, which is decided upon by a combination of effective security policy and change monitoring.
Five years ago, organizations may have been monitoring AD configurations because of best practices, or from a compliance perspective adhering to a government specific regulation. In today’s technology climate, monitoring for changes might need to be part of the organization’s security culture. Skyport’s latest research states that AD mismanagement can be to blame for 90 percent of enterprise security breaches.
Challenges with security and compliance maintenance can include designation of administrative user privileges, change management, change reversal, troubleshooting, and comprehending audit information. Securing Active Directory isn't easy.
However, we need to go back to the beginning: The large-scale problem with Active Directory is knowing who has privileges, and when or how to restrict those privileges.
Monitor Directory Services For Any Deviation
Monitoring for Active Directory configurations for changes is critical. If you don't, the costs can be significant. Within the retail industry alone, Laura Minning notes the current cost per record breached is $172. For $172 per record, can your organization afford the risk?
Tips For Monitoring Active Directory
- Using a file integrity monitoring tool can allow you to assess if changes are negative, positive, or neutral.
- Changes made through active directory should be reviewed via daily audits, even if made by an administrative account.
- Start with an “unsecured mindset”. As communicated by Ryan Francis, assume you are breached. Create and model scenarios if your Active Directory has been compromised.
- Built-in processes for administration and implementation of changes is critical for organizations of any size, even if your network is not complicated.
- Third-party tools can introduce automation into the audit review process by notifying administrative users when a suspicious change has occurred.
CimTrak For Active Directory
CimTrak for Active Directory helps organizations monitor their directory services for deviations, with sensitivity to common issues that often go undetected in large environments. With human-readable logs, built-in intelligence, and accountability, CimTrak is designed for awareness. For more information, click here.
