Archive for the ‘Auditing’ Category

Organizations all over the world rely on Group Policy to control the working environment of both user and computer accounts in Active Directory (AD). However, due complex, scalable nature of Active Directory and the hundreds of available settings within Group Policy, it can be very easy to get it wrong – thus potentially leaving security vulnerabilities or leading to downtime. Due to this combination of complexity and importance, it stands … Read more

It’s probably safe for me to assume that your Windows File Servers store critical, sensitive information at this very moment in time. In the modern world, data is more valuable than oil, and is now considered to be the most valuable resource in the world. Ensuring that File Server is secure should be high on the list of priorities for any organization that stores sensitive data. Unfortunately, many of the … Read more

There are two kinds of data that is stored digitally in your organization; structured and unstructured. Unstructured data is data which does not have any sort of pre-defined data model or isn’t organized in a pre-defined way. It usually comprises the majority of the digital information that an organization stores. The problem is, many companies find it tricky to keep their unstructured data secure due to it’s changing nature. Because … Read more

It’s true to say that the modern-day business is reliant on data. Organizations are constantly looking for ways to leverage data intelligence to improve marketing activities, sales and operations. But with this reliance comes a cost; the uncontrollable rise of unstructured data. What is Unstructured Data and Why Does It Pose a Problem? As an organization that deals with this every day, we sometimes assume that everyone understands the threat … Read more

A report by Forrester once claimed that 80% of all security breaches involved the abuse or misuse of privileged credentials. Let’s accept for a moment that Forrester are right, and that privileged user accounts are the common denominator in a large percentage of security breaches. Knowing this, we’d expect to see all organisations well on the path to having clear processes, policy and controls in place to audit, track and … Read more

We talk to thousands of organisations every week about their Active Directory and, more specifically, how secure and protected their Active Directory is. It’s fair to say, I think there is a good deal of education that needs to be done as to what constitutes a secure Active Directory. Whenever we begin any engagement with any potential client we ask questions around their drivers. One of the specific questions we … Read more

Active Directory is used by approximately 90% of organizations, yet keeping your AD secure still presents a significant challenge due to the large amounts of critical data that it handles. According to a recent security assessment of Active Directory carried out by Skyport Systems, poor visibility and weak passwords are the leading cause of Active Directory security breaches. The problems arise as sysadmins struggle to keep track of who has … Read more

According to an IBM Study, 60% of attacks come from inadvertent or malicious insider misuse. The importance of ensuring you’re able to keep track of what your most privileged IT users are doing cannot be understated. So, ensuring you have the appropriate means to track your most privileged users, and ensuring that granting of access rights is appropriate, should be a critical part of all IT security strategies. Here are … Read more

If an attacker enters Active Directory as a privileged user, or somehow manages to escalate their privilege after entering, they can do anything within the organization. An attacker then will have access to all user identities and can go undetected for days, months or in some cases years. When detected, the attacker can collapse the entire Active Directory, leaving the organization helpless, which could lead to a significant business loss. … Read more

It’s an age-old question; can’t I just audit my Active Directory using native processes? Do I need to spend the time and money comparing, evaluating and implementing a third-party solution? In short, I believe the answer is yes. There are numerous reasons why native auditing isn’t stringent and enough to provide you with the information you need to detect and prevent data breaches, as well as meeting regulatory compliance. The … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All Trademarks Acknowledged.