Pass Compliance Audits with Pre-Set Reports
Some common compliance regulations applicable to the finance sector include: FISMA, GLBA, SOX, ISO, PCI and GDPR. To help you address these requirements, LepideAuditor includes numerous pre-set compliance reports that can be used to pass compliance audits more easily. These reports include tracking logon and logoff activity, changes to privileged security groups, successful file reads, audit policy modifications and more.
Spot Potential Fraud with a Complete Audit Trail
On a fundamental level, one of the most important measures that can be taken is to ensure you know how users are interacting with files and folders. Specifically, ensuring that there’s a proactive way of monitoring user behaviour and interaction with files and folders. Tracking aspects such as file copy, file access, file modified, file deletion and file renamed, ensures you have a detailed audit trail to help spot and prevent inappropriate interaction with critical data stored on file shares.
Prevent Inappropriate Access to Customer Data
A significant challenge for many banking and finance companies is preventing privilege-based issues such as permission sprawl. For instance, when a user moves department the permissions are not always properly re-evaluated. Handling issues such as permission inheritance and being proactive when tracking changes to permissions and groups is essential in maintaining appropriate access. LepideAuditor offers alerting and reporting on when permissions are changed or modified. It also enables you to pick a file or folder and show who has which permissions, how long they’ve had them for and how these were granted. Our solution lets you reverse Active Directory permission changes using its proprietary technology to help you maintain a policy of least privilege.
Detect and Prevent Ransomware Spread
Banks remain a hot target for ransomware attacks, so ensuring you have a proactive means of keeping track of interactions with files, folders and systems that surround critical data is essential. LepideAuditor offers a means of alerting and reporting on trends around file access and file modification (encryption) which will help you identify events symptomatic of a ransomware attack. You can also automate the execution of a script of your choosing, triggered by any alert, to respond upon the detection of such an attack. Actions such as change user account credentials, enable a firewall policy or terminate a specific process are a few examples of the actions that could be invoked from the script.
Audit Multiple Platforms in Your IT Environment
Data is almost never solely stored on the Windows File System. The majority of finance organizations also make use of SharePoint (on-premise or online), OneDrive for Business, Dropbox, SQL (with its exceptional RDBMS capabilities to store data) and Exchange (on-premise and online) to improve communication. LepideAuditor gives you complete visibility on all these components, Windows File Systems and NetApp Filers. Similarly, you can track changes being made to Windows Active Directory, Azure AD, Group Policy Objects and Dropbox, to name a few.
Enhance the Security of Critical SQL Databases
A wide range of accounting, finance and banking software applications, either by default or manually, use SQL Server as their preferred backend partner for storing data. These third-party applications link to SQL Server through a SQL login or SQL user. What would happen if that login, user or database is deleted? LepideAuditor audits every change in the configuration of SQL Server and its databases and allows you to continuously keep monitor the health of your SQL environment. You can create real-time alerts for both configuration changes and health monitoring events using the advanced filtration and threshold limit.
Track Account Lockouts to Identify Suspicious Activity
The policies for locking a user account are in place to improve the security of the IT environment. If multiple accounts are being locked out, it’s a red flag. It could be a sign that an attacker, with a list of your Active Directory usernames, is trying to get access to your computers, data and the rest of your IT infrastructure. LepideAuditor delivers real-time alerts (also as per threshold limit) whenever one or multiple user accounts are locked out. You can use LepideAuditor to investigate the reasons behind account lockouts and even use the solution to unlock the accounts or reset their passwords.
Spot Suspicious User Account Behaviour
Using LepideAuditor, you can track privileged user activities across multiple platforms and see who is doing what, when, and from where. The reports can be sorted by user, to determine the most active privileged user making changes in multiple server components. LepideAuditor also allows you to check changes in the user account status. Improve your User Behaviour Analytics by auditing user logon events at domain controllers and computers of Active Directory and SQL Server. Failed login events clearly indicate that somebody is using a trial-and-error method to access your IT environment. You can also set real-time alerts (with advanced filtration and threshold limits) for critical changes by users, changes in user status and logon or logoff events.
Ensure Inactive Accounts are Handled Properly
Inactive user and computer accounts are a common threat vector that leads to many security concerns in the finance and banking sector. Keeping your Active Directory clean of such accounts is a critical part of any IT security plan. Using LepideAuditor, you can identify inactive users and inactive computers in Active Directory and automate actions such as change password, disable the account, move to separate Organizational Unit and delete the account.