Any User Can be An Insider Threat
Any employee, ex-employee, contractor, business associate or third-party with a user account in Active Directory has the potential to be an insider threat. Such threats arise when these users gain authorized access to systems/data or attempt to breach IT security. Any of these people can leak sensitive data either accidentally or maliciously. LepideAuditor allows you to see patterns that may indicate when users have become an insider threat. It allows you to track permissions/permission changes, audit critical on-premises systems and track file/folder level activity. You can apply real-time or threshold alerts on assigning administrative privileges, granting access to a data folder, deleting a file/folder, successful/failed attempts to read a file and other critical events.
See Who is Logging on to Your Systems
Determining user logon and logoff details with the Event Viewer generates a lot of noise and may lead to you losing valuable time and information. LepideAuditor offers various pre-defined logon and logoff reports for Active Directory users. You can check which users have logged on at which computers and when a particular user has logged out. Using numerous reports, you can determine the time of first logon and last logoff of any user. If a user is trying to perform multiple logins at the same time on different computers, that can be an indication of a possible malware attack (especially when all of these attempts are being displayed in a “Failed Logon” report). With pre-defined logon reports, you can analyze which user accounts have been logged on at multiple computers at the same time even when they are in different locations.
Help Prevent Privilege Abuse
If someone is misusing or abusing the privileges delegated to their Active Directory account, you need to know. LepideAuditor enables you to detect the signs of privilege abuse in many ways, including: auditing all server components permissions, auditing all permissions to an object, comparing permissions of an object between two dates, historical permission analysis (of Active Directory, Exchange Server and File Server) and current permission reports (to show the currently effective permissions of Shared Folders).
Mitigate the Risks of Inactive Accounts
Active Directory acts as the backbone of the IT Infrastructure. Having a large number of inactive user and computer accounts in Active Directory can pose an insider threat. Inactive accounts can provide a way for users to gain access to critical servers or data in order to delete or leak it. Therefore, obsolete accounts should be treated as a security threat and dealt with accordingly. The in-built Active Directory Cleaner feature of LepideAuditor scans the Active Directory periodically, lists all unused user and computer accounts and enables you to take pre-defined actions to remove them. Its reports can be scheduled to be delivered to the intended recipients through email.