Archive for the ‘Auditing’ Category

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands. As an IT manager; you need to be doing everything you can to ensure the integrity of your data. If you’re wondering how best to do this, I’d suggest you start right here. Listed below are some of our … Read more

Ninety-five percent of the Fortune 1000 companies, and millions of businesses in the SME segment, use Active Directory as the base of their network infrastructure. Ensuring Active Directory security whilst staying compliant to ever evolving regulatory guidelines is starting to become a challenge for many organizations. Thankfully, it doesn’t have to be. In this article, I hope to show you why you need LepideAuditor – a scalable and affordable IT … Read more

Keeping Active Directory clean and secure is a never-ending challenge for IT teams. But worrying about what your users are changing in your critical servers or data shouldn’t be keeping you up at night. Insight-driven actions, taken at the right time, can help to identify and prevent potential attacks/leaks before the damage is done. Arming your infrastructure with a third-party auditing solution is an investment into the future security and … Read more

One specific concept we’ve been talking about a lot recently here at Lepide is the Principle of Least Privilege (PoLP). The principle of least privilege is the process of ensuring a ‘user should only be able to access the information and resources he or she requires for legitimate reasons’. Opportunity Knocks… It’s such an important concept to understand. When we analyse the root causes of data leakage incidents, there are … Read more

Are you able to instantly identify who has access to the sensitive data in your Active Directory? Sometimes, answering “who has access to what?” in your IT environment can be difficult. Knowing who has permission to what enables IT teams to ensure that the right users have the right levels of access to the right data. This is a critical part of ensuring the principle of least privileges, where users … Read more

Separation of duties (SoD) – also referred to as “Segregation of duties” – is a critical, yet often overlooked area of IT security. Essentially, the purpose of SoD is to help organisations protect themselves from fraudulent behaviour by ensuring that no single individual can act alone to subvert a critical process for their own personal gain. SoD is an area that comes under close scrutiny during compliance reviews, and will … Read more

Audit changes to Group Policy to stay secure and provide continuity of IT services. Group Policy is a critical component of Windows Server Active Directory (AD). It can be used to manage the user and system configuration of servers and end-user devices, including registry settings, user environment setup, security, and software configuration. As a powerful tool that can help organizations standardize system configurations across their environment, it also comes with … Read more

People generally think that auditing and monitoring are the same thing and, in some ways, they are. The differences between them are subtle, but important none-the-less. In short, auditing is done by auditors, and it is the auditors responsibility to make use of the available technology to aggregate and present the log data in a way that that can be understood and “monitored” by administrators and managers. While most modern … Read more

Many IT Administrators find it difficult to implement an in-depth and pro-active File Server Audit strategy. If an important event happens and you want to investigate, you may have to wade through gigabytes of event logs on the Windows devices; which can often be like finding a needle in a haystack. Event logs stored on Windows File Systems are so verbose that deriving meaningful information from them can be very … Read more

Misconfigured Domain Controllers (DCs) present a major security risk for Active Directory. To ensure that your Domain Controllers are configured correctly, you will need to closely review the default Domain Controller Policies, create Domain Controller GPOs (Group Policy Objects) and configure Group Policy Settings. Your policy will need to include patching and protecting Domain Controllers, and include an effective DC auditing strategy for monitoring and reporting changes to event logs. … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.