“How exposed is my data?” It’s a question that security professionals should be constantly asking themselves. Make no mistake – your organization is a target. We’ve seen from numerous high profile security breaches over the last few years that data breaches are costly and prevalent. According to the 2017 Black Hat survey, accessing privileged accounts was considered to be the easiest and fastest way to gain access to critical assets. Hackers can easily blend in with legitimate traffic, making it difficult for experts to identify them. The respondents of the 2017 SANS Data Protection Survey consider user credentials and privileged accounts to be the most common access data types prized by cybercriminals.
Privilege abuse – a growing threat
When this year’s Data Breach Investigation Report (DBIR) was compiled, over 100,000 security incidents and 2,260 confirmed breaches were found. This report includes a separate section on credentials, indicating the growing importance of Privilege Account security.
When in the hands of an external attacker, privileged accounts can be misused to take control of the network, steal confidential information, commit financial fraud, disable security controls and disrupt normal operations.
In the 2017 Verizon Data Breach Investigations Report (DBIR), 14% of breaches reported were the result of privilege misuse. The report concluded that privilege misuse was the #3 breach pattern and the #2 incident pattern in 2016. The confirmed data losses also increased by 61%, to 277 breaches.
Privilege account security reports
With privileged accounts having emerged as a significant security threat, continuous auditing of all accounts seems to be the logical reaction. The following security reports, contained within LepideAuditor, help reduce the risk of attackers getting their hands on your network assets:
Report on Privileged users
Accounts with administrative privileges are the ultimate goal for cyber criminals, as they have unlimited access to valuable information. If left unchecked, it leaves your enterprise open to all manner of attacks.
LepideAuditor includes eight pre-defined reports that can be generated instantly to identify, monitor and track users with privileged access to your data assets. The “Administrative Group” report can be generated with just one click, and offers you a holistic view of the group membership details of all privileged users in your organization.
Report on Inactive Computer Accounts
This report allows you to identify computers that no longer exist in the domain, or those that have been decommissioned. You can ensure accurate inventory only when such systems are removed on time, and valid accounts are being managed only on the target computers.
Active Directory Cleaner is an in-built component of LepideAuditor that offers automated removal of obsolete computer accounts to keep your network infrastructure clean.
Report on Unused Privileged accounts
Inactive user accounts are threats to IT security, as they can be used to gain access undetected. It is essential to address such accounts by renaming them, removing them, moving them to a separate Organizational Unit or by deleting them altogether. With a state-of-the-art auditing solution like LepideAuditor, you can apply automated actions to clean unused accounts. The report generated by LepideAuditor lets you identify users who no longer use their account to login and access the IT environment.
Report on Password policies
Lepide User Password Expiration Reminder simply automates password expiration notifications by sending notifications to users periodically. It also delivers password status reports with fine-grained details; such as soon to expire passwords, logon failures, password changes and much more. Periodically reviewing and analyzing this report lets you track modifications made to credentials outside the scope of the applied policies.
Report on Permission Changes
The level of access given to each of the employees in your organization needs to be regularly monitored. A robust auditing solution like LepideAuditor generates permission change reports for all components; including Active Directory, Exchange Server, SQL Server, Windows File Server, NetApp, SharePoint Server, and Office 365 (Exchange Online and Office 365). These reports gives you insight into modifications made by privileged users or groups to various components in your network.
Current Permission Analysis Report
The “Current Permissions” report generated by LepideAuditor provides a summary of all permission-related information. You can use this report to see permissions held by users on files and folders instantly.
Historical Permission Analysis
This report displays the historical changes made in the permissions of Active Directory, Exchange and File Server. You can also use the details in this report to compare permissions for selected objects between two dates and time.
LepideAuditor captures backup snapshots of objects in Active Directory and Group Policiy. The reports display the state of an object at a specific date and time. You can view what permissions a user had at that particular time.
There are instances when excessive privileges are granted to users or groups that have to be revoked. After you have analyzed the excessive privileges assigned to users and groups, you need a way to revoke them and reinstate the idle stage of permission allocation.
LepideAuditor regularly captures backup snapshots of Active Directory and Group Policy at periodic intervals. It takes just a few clicks to revert to the previously captured stage.