Anyone in charge of regularly auditing their organization’s Active Directory knows how difficult it can be to log, filter and recover event details from mountains of raw log data. If you’re reading this, then it is likely that you have decided to go for an automated solution to make things easier. There are many solutions on the market that claim to do similar things so it is important that you carefully consider what your needs are and which solution is the correct fit for you.
Here are the six major things you should keep in mind when choosing an Active Directory auditing solution:
1. Nonstop monitoring and real-time alerting: Real-time alerts and continuous monitoring are probably the main things to look for in your Active Directory auditing solution. Look for a solution that can instantly show you ‘Who’, ’What’, ‘When’ and ‘Where’ information regarding changes from across the network. Some solutions will even push real time alerts through to specified email addresses when required.
2. Rollback changes: Validating every Active Directory change before the event is almost impossible. Therefore, it is important to be able to restore the entire database or just the unwanted changes granularly. Regular backups ensure you have the option to rollback changes to any state in the past. The ideal auditing solution should show both before and after values of each change to give context to it – making it easier to see if it needs to be restored.
3. Audit everything: You never know from which part of your IT system security breaches are going to come from, so it’s very important that you regularly audit every aspect of your Active Directory. You should look for a solution that offers auditing across all critical IT systems that will display all the necessary information contained within the generated log files.
4. Easily presentable information: Raw log files can often be difficult to read. The solution you opt for should be able to display all the critical information you require over a specified time range in a presentable format. Some auditing solutions even come with pre-defined reports to meet all manner of systems management and compliance requirements.
5. A central console to audit everything: Depending on the size of the organization, there may be thousands of systems belonging to different domains. Some of them need to be audited more meticulously than others and different computers in the domain may require different auditing policies. Your auditing solution should ideally have a single console from which to control, audit, report and protect your entire Active Directory environment.
6. Secure storage options: In a more targeted insider attack, someone inside your organization may even try to cover their tracks by deleting event logs. A good auditing solution will ensure that the event logs are stored in a secured location so that they cannot be easily deleted. Many solutions use SQL Server to centrally store logs in order to keep them more secure.
Conclusion: A single unwanted change in your Active Directory environment has the potential to bring the entire service down – leading to unwanted downtime and disruption. The primary things to look for in an Active Directory auditing solution are; how quickly you can detect unwanted changes, how quickly you can rollback changes and how much visibility and control you have over your Active Directory environment.
One such solution is LepideAuditor Suite – a simple, cost effective and scalable solution to audit and monitor changes that take place across Active Directory, Group Policy, Exchange, SQL Server, SharePoint and File Servers. It provides the easiest yet most comprehensive means of answering critical questions pertaining to ‘who, what, where and when’ changes are made. It provides audit detail in a single log showing a single change in either a meaningful report direct to the console or a secure web portal or through a series of detailed real time alerts. This solution will help you instantly get a better handle on security, systems management and compliance – all at a reasonable cost.