Archive for the ‘Auditing’ Category

In view of the rapidly increasing security risks IT enterprises are facing, securing the Active Directory from privilege misuse and abuse has become a global concern. Domain administrator rights are often granted to Active Directory users with to allow them to accomplish various tasks inside or outside of the network. However, giving large numbers of users privileged access can be problematic – occasionally leading to privilege abuse in the form … Read more

Domain, Schema and Enterprise administrators hold the keys to your Active Directory (AD) kingdom, but it’s not uncommon to find organizations routinely issuing new IT hires with domain administrator privileges to expedite access for support purposes, or at best a proliferation of privileged accounts lying dormant and unaudited, giving attackers a potential way in to your systems. If it’s a revelation that domain administrator privileges aren’t required to add, delete, … Read more

In 2016, a lot of emphasis was put on organizations protecting themselves against external security threats – especially in the light of high profile security breaches, including the FBI and World Anti-Doping Agency. However, most enterprise security executives in 2016 experienced a higher amount of attempted theft or corruption of data from internal sources rather than external ones. With this in mind, don’t repeat the same mistakes in 2017 that … Read more

The role of the IT department is multifaceted and constantly evolving. One are that has remained a very important part of the IT department’s role is the regular auditing of critical IT systems. Regular, in-depth auditing helps to streamline systems management, strengthen security and meet regulatory compliance mandates. Given below is a list of points, based on the US government’s NIST (National Institute of Standards and Technology) Cyber Security framework … Read more

Anyone in charge of regularly auditing their organization’s Active Directory knows how difficult it can be to log, filter and recover event details from mountains of raw log data. If you’re reading this, then it is likely that you have decided to go for an automated solution to make things easier. There are many solutions on the market that claim to do similar things so it is important that you … Read more

Is auditing important? With the rising number of security threats, and increasing regularity and strictness of compliance mandates, auditing your IT environment is more important than it has ever been. Effective auditing will help you to fix IT problems faster and give you a better understanding of what’s happening in your IT environment. Modern organizations must have a mature approach to auditing to ensure adequate systems management, security and compliance. … Read more

Massive data breaches often work the same way. The hacker gains access by exploiting a software security weakness or installing malware through phishing links. Then the hacker grants themselves elevated access so they can login to a database directly. Often this is done with stolen credentials, using user ids that are shipped with software, or brute password dictionary attacks against systems that do not lock accounts when this happens. This … Read more

Despite the presence of sophisticated security solutions, often organisations struggle to answer the most basic security questions – who, what, where and when (the 4 W’s). This is particularly pertinent when it comes to the most critical IT systems such as Active Directory, SQL Server, Exchange Server, and SharePoint. Trying to answer these 4 questions using native audit logs alone can be challenging. The importance of the 4 W’s If … Read more

In this blog I will discuss some of the common problems facing IT teams today and how 10 of the most useful reports in LepideAuditor Suite can help you overcome them. LepideAuditor Suite is a simple, cost-effective and scalable solution to auditing Active Directory, Group Policy, Exchange Server, SharePoint, SQL Server, and File Server. It also allows you to manage User Password Expiration Reminders, clean-up Active Directory and perform Permission … Read more

Discovering that sensitive data has been compromised or deleted often happens by chance. But the longer an incident goes undetected, the more potential there is for damaging fallout. In a perfect world, the best way to prevent unwanted change, whether by authorized users or hackers, is to follow security best practices, such as managing privileged access, user permissions, restricting the use of domain admin accounts, and implementing a change control … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.