Active Directory Monitoring and Security

DATA SECURITY PODCAST

In a recent podcast interview with Hillarie McClure, Multimedia Director of Cybercrime Magazine,  Robert E. Johnson III, Cimcor CEO/President, discusses the latest views on Securing Active Directory in today's cybersecurity climate. The podcast can be listened to in its entirety below.

Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak

Q: Rob welcome it's so great to have you back on the show.
A: Hillary, it is great to be back with you.

Q: So, Robert let's start off by talking about the importance of securing Active Directory and directory services, and the risk of not effectively monitoring.  Can you kind of set that stage for us?

A: Sure sure. You know, Active Directory is that core component of authentication and other authorization that's used by many enterprises. So that means that Active Directory authenticates that the user is who they claim they actually are. And in addition, all of those attributes in Active Directory can be used to authorize a user to gain access to different resources in an enterprise. So we're talking about two different things — authentication and authorization— and together that's identity access management. And that is exactly the function that Active Directory provides.
Now,  we take a little bit further and we think about it.

If you add users, or if somehow users are added to Active Directory— and no one realizes it— or if a user has provided additional privileges/access to resources that the administrator doesn't realize,  this can have a real material effect on your business. This means new users may have access to information they shouldn't have access to or resources with an organization that they may not have access to. Ultimately the results could be catastrophic for an organization.

Q: Okay, thanks for that.  So what are some of the challenges with Active Directory and the monitoring of directory services in general? 
A: Monitoring Active Directory can actually be quite difficult if done manually. If you were to try to accomplish it manually, auditing Active Directory manually would be extremely tedious and very error-prone. To do it manually would involve identifying if new users have been added or modified,  perhaps you dump out all of those users into an excel spreadsheet and try to compare over time. And then they have all of these attributes associated with each user, and other resources within Active Directory. Checking all of those manually,  and seeing if they're new users, or if there are new privileges have there been changes of any sort, just accomplishing that In the manual fashion it's just a massive challenge.

And as you could probably imagine Hillary,  if you were to try to manually audit Active Directory, especially on a timely basis, in a medium to large organization— well it's practically impossible. 

Q: That sounds impossible so we can certainly see the need or importance for Active Directory monitoring. Are there specific best practices that organizations can implement?

A: Sure. From a best practice perspective, I believe you should try to implement controls that will allow you to monitor your Active Directory on a very frequent basis and at frequent intervals.  To me, that means at least once a day and ideally even once an hour to ensure that there haven't been unexpected changes. Now obviously if you're going to do it manually that's impossible. So as a result, really in any production-type system,  directory service system, I think the entire process should be automated.

And it's possible.  I mean an active directory monitoring tool such as our product, CimTrak can help you identify unexpected changes to Active Directory and other directory services,  such as freeIPA.
And it can provide you detailed forensics on exactly what has changed. If there was a new user-added, you would know. If privileges have been altered, you would know.

The bottom line is active directory is the heart of your organization. If you were to add a next-gen integrity monitoring tool like The CimTrak Integrity Suite, it is kind of like adding an EKG machine to your network.  Monitoring the heartbeat of your network and helping you to quickly identify when something has gone wrong.

Q: Excellent analogy and excellent recommendation Rob.  Thank you so much for joining us, this has been great.

A: It's been great to be with you again, Hillary can't wait to join real again .

Learn more about Active Directory with CimTrak in the CimTrak Technical Summary, or see a demo of CimTrak for Active Directory today. 
New Call-to-action

Jacqueline von Ogden

Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".