Large environments can suffer from alterations and changes that fly under the radar. Unexpected AD or LDAP changes may be simple and limited to a single entity, such as adding a new file system, account, or network resource. The broader impact, such as denial of service, could be the result depending upon the hierarchical design. CimTrak provides the awareness to quickly detect and alert when such deviations occur.
Detect changes to objects, attributes, and schema
Side-by-side comparison for easy identification of change
Restore a previous configuration when necessary
When CimTrak detects a changed (or an added or deleted) entity, the entity and its digital signature is then stored in the master repository. The master repository then logs the detected change and sends notifications to the configured emails and/or configured Syslog services and/or SNMP services.
Impact: When the threat actor changes the compromised account's password, that prevents the real user from gaining access again.
Impact: When the actor removes all other domain administrators, this prevents other admins from locking down the environment and stopping the threat actor.
Impact: When the threat actor makes changes to the DNS, this prevents many web tools to stop resolving in the browser preventing user access, and causes many production servers to stop communicating - resulting in downtime.
Impact: When the actor uses the LDAP Injection to increase privileges, this gives them access to all configurations and settings. Information and Resources can be gathered and stolen with this access.
Impact: When the actor adds this account to the NetSec group, this allows the account to pass authentication to particular tools integrated with this access control. The actor would also be able to see and disable all other administrators.