Active Directory Change Reporter 7.0 BETA
August 19, 2010NetWrix is proud to unveil the BETA version of Active Directory Change Reporter 7.0, which is fully equipped with a broad range of new features that make this our most comprehensive change auditing solution yet. We kindly invite you to try it out and provide your feedback as we work hard to deliver this brand new release. Your help is greatly appreciated and your thoughts will be taken into serious consideration as we continue to work on this major release of Active Directory Change Reporter. This is a unique opportunity to have your thoughts addressed within the solution. Check out what’s in store for the next generation of Active Directory Change Reporter.
Download the new BETA version now
Major New Features:
* Real-time alerting on AD changes – now you can subscribe yourself and other people to receive instant alerts regarding specific AD changes (e.g. changes to membership of admin groups). Customizable alerts are sent by e-mail immediately after a change is detected, allowing for instant visibility (Enterprise Edition only, but included in this beta).
* Report subscriptions – allows you to automatically receive Advanced reports by e-mail. Before 7.0 you could only receive basic “ad-hoc” reports daily with the full list of changes. Now you can select any reports you want to get and get them daily, weekly, monthly, etc (Enterprise Edition only, but included in this beta).
* Static reporting on Active Directory – now you can report on current Active Directory contents (AD snapshots) vs. reporting on “dynamic” changes. Examples of reports: “All Members of Domain Admins group”, “All Security Groups in AD” etc. You can report on both the current state and historical data—e.g. “All members of Domain Admins group as of December 31, 2008” (Enterprise Edition only, but included in this beta).
* All reports are extended with ‘Where’ field containing domain controller name where the changes were made.
* Integration with Microsoft System Center Operations Manager (management pack will be provided later).
* Visual charts in addition to standard reports provide illustration to aid better change auditing.
* Browsing of Advanced Reports is improved. Now it is possible to specify filters before report generation starts, helping save significant time (Enterprise Edition only, but included in this beta).
Other Enhancements:
* Significantly improved and optimized AD change tracking technology, with less overhead on DCs and much better performance. The new version also provides precise tracking of values changed and reverted back during the same day (before 7.0 it was limited).
* Custom Report Builder to create custom reports easily (Enterprise Edition only, but included in this beta).
* Performance optimization of SQL DB operations.
* Simplified management of all installed license codes (Enterprise Edition only, but included in this beta).
*Automatic Advanced Reporting installation and configuration locally for Windows Vista, Windows Server 2008 and above.
*Ability to send e-mails through SMTP server with SSL support (including the implicit SSL mode).
* Improved reliability of Enterprise Management Console (Enterprise Edition only, but included in this beta).
* Easy-to-use taskpad with basic functions on the welcome page of the Enterprise Management Console (Enterprise Edition only, but included in this beta).
e-Discovery Challenges
August 19, 2010E-discovery, a government regulation that mandates record of a business or agency’s electronic communication for presentation in case of court order, has catalyzed a need for dedicated legal research teams and qualified E-discovery solutions. The ever-expanding data archives of modern businesses place an impractical burden on lawyers and their review teams who are now expected to filter through documents and E-mails at incredible rates, which just a few years ago, would have been unrealistic. The necessity to break down the relevant data and cast aside the irrelevant within pre-defined time frames places a lot of pressure on legal teams. That being the case, legal teams are often left with no choice but to rely heavily, and often times imprudently, on E-discovery tools to ease the burdens of their research efforts.
Unfortunately, however, a large majority of E-discovery tools used were not created with E-discovery in mind, but rather, were intended to offer a simple method for sifting through a limited amount of documents. As a result, there are an abundance of issues that make E-discovery a costly endeavor.
First, because of excessive time constraints, research teams are often tempted to generate keyword lists too early, before they understand the subtleties of the case and before they know exactly what is at stake. As with most cases, it is a constant race to the finish and researches want to be the first to get the pertinent information. As a result, keyword lists often include irrelevant listings and exclude relevant listings.
Searcher over-confidence is another problem. According to the Blair and Moran Study conducted in 1985, searches are often convinced that they have discovered 75 percent of the relevant data when in reality, they have only discovered 20 percent. Even when legal teams consider their efforts comprehensive, they leave many stones unturned.
Overly inclusive keyword terms bring back too many documents and make finding the relevant information impossible. It can be hard to pinpoint exactly what keywords to search for, and as a result, including too many is sometimes necessary, but nonetheless, costly.
By the same token, under-inclusive keywords can hamper a keyword search as well. Terms too specific for their own good filter out critical data and leave much to be desired.
Language is another barrier that hinders the effects of E-discovery. Single-term words with many meanings can bring back hordes of irrelevant data during a keyword search because of their multiple meanings and can make finding appropriate information seem like looking for a needle in a haystack.
Conversely, many words with a single meaning can be just as daunting an obstacle when using E-discovery. Because so many words can be used to express one meaning, identifying those exact words can be impossible.
Misspellings and abbreviations can also cause problems for E-discovery. Even if a researcher has identified the correct word, any misspelling on his part or the part of words used in the document will render his identification meaningless.
Lastly, the use of code words in the documents in question can make discovering the desired content impossible. Often times, perpetrators who know they are doing something illegal or unethical will use code words to cover their tracks.
Clearly, when it comes to E-discovery, human error and human nature make the compliance process mistake-prone at best. Without an efficient way to account for those human factors in a precise manner, the same issues will always place a limit on the benefits of E-discovery.
That is where tools like the NetWrix Exchange Mail Archiver, a solution that provides IT teams with the methodology to provide all the required information to legal teams and researchers quickly and efficiently, come in to ease the burden. With the NetWrix Exchange Archiver, legal teams have convenient search capabilities that allow them to specify their searches by keywords, key phrases, synonyms and so on, sorting through all archived records of communication. With the tool, legal teams have a simpler way to comply with the demands of E-discovery and in the end, that can be the difference between a win and a loss in the court room.
What has been your experience with E-discovery and E-discovery solutions? Were you able to find a tool that eased the process? What were some of the challenges to finding the necessary information? Please share your thoughts with other readers.
Posted in Articles | 1 CommentNative Active Directory Auditing Falls Short
August 4, 2010There is a lot riding on the healthy preservation of a clean and regularly monitored Active Directory. More specifically, Active Directory, the first point of user authentication after log-in, is what supplies authentication and access control for all users and applications.
Active Directory is the foundation of many security operations in the modern business world. Because so many sectors of any business’ IT infrastructure rely so heavily on Active Directory, a highly-monitored, healthy Active Directory is paramount to complete company functionality. Aside from the crucial ability to discover and react to high-impact changes in Active Directory, organizations are constantly at the mercy of PCI, HIPAA, SOX and FISMA compliance auditors, and thus, must be able to maintain compliance with all regulatory requirements while being able to produce an audit trail that verifies their efforts. Naturally, then, Active Directory, for reasons of both company security and complete compliance, must be heavily audited from within.
There are an abundance of tools that enable some level of Active Directory infrastructural auditing and most Windows Server versions provide very basic Active Directory auditing capabilities. The native Microsoft auditing capabilities, which provide account management and directory service access, provide administrators with a very rudimentary capacity. In short, Microsoft’s built-in tools allow for the monitoring of Active Directory modifications, creations and deletions, while allowing identification of the object that was accessed and by whom it was accessed. While free and convenient with Microsoft Servers, the native tools limitations are, however, quite vast.
Specifically, the Microsoft Active Directory auditing tools provide no centralized audit trail, no reporting analysis, incomplete data, an excessively high quantity of events, and susceptibility to poor-intentioned privileged administrators.
While the native tools do provide information necessary to know that Active Directory was changed, they often do not explain exactly what was changed, or how it was changed. Clearly, while free to Microsoft customers, the built-in tools leave organizations vulnerable to security breaches and failed compliance.
That is where the NetWrix Active Directory Change reporter comes in, mending the cracks that often lead to Active Directory lapses and failed compliance. Essentially, the NetWrix Active Directory Change Reporter picks up where Microsoft left off, providing for a solution that does exactly what the native Microsoft tools do, and much more.
Active Directory Change Reporter collects audit data from each domain controller on the Change Reporter server for consolidated analysis and reporting, showing the who, what, when and where, as well as the before and after values of all those changes, even across multiple Active Directory controllers.
NetWrix Active Directory Change Reporter also provides administrators with the opportunity to identify exactly what changes they want to get reports on, limiting the amount of audit volume by automatically disregarding Active Directory events selected by the administrator as negligible. NetWrix Active Directory Change Reporter provides precise and automatic reporting analysis, making efficient and consistent Active Directory auditing very simple while also providing compliance reports for HIPAA, SOX and GLBA auditors. Moreover, the Change Reporter never misses any Active Directory changes, regardless of who changed what, where or when they changed anything. Additionally, the NetWrix Active Directory Change Reporter tracks changes made to Group Policy.
It is clear that change auditing is a necessary undertaking to ensure a secure and compliant Active Directory. And while native Active Directory tools do provide administrators with rudimentary capabilities to perform the task, the NetWrix Active Directory Change Reporter provides a complete and precise change auditing solution that ensures Active Directory security and satisfies the compliance requirements.
Have you ever failed your compliance audit? If so, what was the result and how did you resolve the issue to ensure future compliance? Please join the discussion below.
Posted in Uncategorized | 1 CommentChallenges of SOX Compliance
July 26, 2010SOX compliance has become an increasingly important issue for organizations of all kinds. Intended to assign a quantifiable level of accountability to organizations and the IT controls that impact financial reporting operations, the act includes two sections that affect IT departments—section 302 (Corporate Responsibility for Financial Reports) and section 404 (Management Assessment of Internal Controls). Of course, failure to meet these, or any other requirements levied by SOX standards, can result in serious penalties and loss of credibility.
Predictably, the problem here is that SOX compliance is not easy. There are many obstacles that stand in the way of ensuring proper adherence to the multitude of regulatory compliance expectations, which among other things, require monitoring of failed login and database activities, user privilege escalation, privileged user actions and sensitive data access. Section 404, in particular, demands that IT administrators assess the level of internal regulations as they relate to financial reporting, initiate new controls as needed, and evaluate such controls on a yearly basis. Moreover, organizations must be able to prove that they have put these controls into practice at all times.
One of the biggest challenges here lies within the very nature of privileged users, who are often important and trusted company employees—the type who don’t appreciate being questioned for possible fraudulent activity. To decrease the likelihood of this type of necessary and uncomfortable questioning, IT departments often manage privileges by restricting and segregating them (if an employee can do X, he cannot do Y; conversely, if an employee can do Y, he cannot do X). Unfortunately, by restricting administrator permissions, organizations are indirectly limiting productivity.
Monitoring privileged-user database access is difficult in that the very users being monitored often have the credentials necessary to “beat the system” by deleting fraudulent logs that they do not want to be seen. Again, however, restricting those credentials hinders efficiency, as administrators often use database log facilities as a debugging mechanism.
Another difficulty surrounds the necessity to audit access failures, whether they be invalid login attempts or failed efforts to retrieve privileged files. Either way, these types of activities are potential warning signs of fraudulent activities and must be tracked to appease SOX auditors.
Additional challenges include monitoring of schema modifications to ensure the veracity of the data structures being audited, and monitoring of privilege changes to maintain visibility into the user directory. It is also important to audit access to sensitive system and data tables, such as SQL server events.
Other obstacles that stand in the way of SOX compliance include insufficient database logs, ineffective data reporting and poor event alerting. The necessity to reproduce events by identifying major happenings within the audit trail, archive each event for future audits, ensure audit log security, produce scheduled reports for auditors, and be consistently aware of potential warnings of fraudulent activity (such as repeated failed login attempts) makes life more than difficult for IT administrators.
The need to monitor multiple databases for multiple auditors of multiple compliance regulations can make for a confused IT department. Unconsolidated and inconsistent reports generated by different programs can result in non-compliance. Furthermore, the segregation of credentials and duties amongst IT administrators managing the network of varying systems can cause additional problems. Auditors demand that privileged user monitoring information be maintained beyond the scope of the users being monitored, so the massive system of juggled rights and contradictory expectations can result in one giant nightmare for administrators tasked with managing SOX compliance endeavors.
Fortunately, the NetWrix SOX Compliance Suiteautomates the process, simplifying an otherwise strenuous and mistake-prone task. For example, the NetWrix SOX Compliance Suite includes a cast of proven change management solutions, such as the Active Directory, SQL Server, Group Policy, File Server, Exchange and VMware change Reporters, as well as Inactive Users Tracker, Event Log Manager, password Expiration Notifer, Password Manager and Account Lockout Examiner. In short, products like the NetWrix SOX Compliance Suite help maintain established controls by tracking and reporting all changes in IT infrastructure for auditing purposes and implementing secure identity management practices to ensure system security.
All public companies in the U.S. are subject to Sarbanes Oxley (SOX) compliance without exceptions, and regardless of what measures they take, must find ways to adhere to regulation standards. SOX compliance requirements apply to overseas operations of U.S. public companies and international companies listed on U.S. exchanges. Failure to comply with SOX can result in fines of up to 5 million dollars and up to 20 years of imprisonment of C-level executives accountable for SOX implementation. Other countries have similar laws—for example, Canada enacted a regulation known as Bill 198, Japan established aptly named J-SOX, and both are very similar to the “American” SOX.
Posted in Articles | Tagged Compliance, Compliance Audit, IT management, Regulatory Compliance, SOX, SOX audit, SOX Comppliance | 1 CommentUser Provisioning: Right Access at the Right Time
July 12, 2010User provisioning has revolutionized the practice of identity management, as it was once known. Essentially, user provisioning is what enables organizations to better manage their infrastructures in a way that promotes security by allowing employees to see and access precisely what they need to execute within their roles, but nothing more.
More specifically, user provisioning is in place to guarantee that all the necessary resources will be available for all the necessary people at all times– and no on else. As a result, when used correctly, it can trigger productivity and limit risk.
The effects of user provisioning are felt every day—any time you are granted access to a program, any time you are denied access to a folder, and so on. But the act of delegating the rights that make user provisioning work occur much less frequently, and are generally catalyzed by events that take place within your profession.
The first instance of user provisioning occurs on the first day at a new job. Administrators welcome you to the organization by bestowing upon you a welcome mat of access rights and permissions. They give you the permissions necessary to do your job, but nothing more.
The second occurrence of user provisioning takes place any time an employee role changes within a given organization. If a promotion results in more responsibility, more tasks and more power, it generally requires more, or at least different, user provisions. The access permissions once necessary to enable you to carry out your job may no longer be required, but new ones take its place. As a result, you are given new rights, but the old, now obsolete provisions once required to do your job, are no longer accessible, thus limiting the possibility that you will abuse or inappropriately take advantage of the old permissions.
The final instance of user provisioning occurs any time an employee’s relationship with an enterprise no longer exists. Should someone retire, quit or get fired, their access permissions are of course deleted, along with any other special user provisions that they may have had. This is necessary to prevent disgruntled, or any other former employees, from accessing sensitive data following their departure.
Posted in Articles | Tagged Active Directory, Enterprise identity management, User provisioning | 1 CommentWhy the Microsoft Active Directory Recycle Bin feature falls short?
July 1, 2010The need for an Active Directory object restoration tool has become of growing concern for IT professionals across the world and it is no coincidence, as a result, that the recently released Windows Server 2008 R2 includes a feature that Microsoft hoped would appease technological and infrastructural administrators everywhere—unfortunately for Microsoft, however, it did not.
According to Bridget Botelho of SearchWindowsServer.com, “IT pros excited about the recycle 
bin feature for Active Directory should prepare for disappointment.” What Microsoft delivered, according to Botelho, “is a watered-down version of existing third-party back up tools.” Essentially, the Microsoft Active Directory recovery mechanism works similar to the Windows recycle bin—if, for any reason, an Active Directory object is deleted, all of its attributes are preserved and the object is placed in a new state called a logically deleted object. The deleted object is then moved to the Deleted Objects container, where it stays for recovery by administrators, until the end of the deleted object’s lifetime. At the end of the deleted object’s lifetime, it essentially sits on the system and continues to take up valuable space.
Unfortunately, however, getting the Active Directory Recycle Bin is not as easy as it sounds. For starters, the feature will not work unless all domain controllers have been upgraded to Windows Server 2008 R2. In other words, getting the native feature may wind up costing what an expensive third-part tool might cost anyway. Furthermore, once the feature is turned on, it cannot be turned off, creating compromising situations in instances, businesses and governments where security and compliance regulations do not permit retention of personally identifiable information. The feature, nonetheless, cannot be turned off, so organizations need be aware of all pertinent policies before turning it on.
In addition to the above shortcomings, there are hoards of other feature problems that keep the Active Directory Recycle Bin from appeasing IT professionals the way Microsoft hoped it would. For starters is the fact that the feature is not at all intuitive—the deleted object container isn’t even displayed within the familiar recycle bin icon without substantial scripting work, a task that many administrators wouldn’t even know how to undertake. This makes simply finding the deleted objects an arduous task in itself.
Furthermore, not all states can be restored. The feature doesn’t offer the rollback capabilities that third-party tools do. While deleted objects can be restored in case of accidental or mistaken removal, previous modifications cannot be restored. It other words, administrators trying to salvage Active Directory by reverting unwanted modifications will not be able to roll back because previous values of AD attributes were already overwritten.
Lastly, the Recycle Bin only works on objects that reside in Active Directory. The feature does not work for example, for Group Policy objects that reside on a disk.
That is where the tools such as the NetWrix Active Directory Object Restore Wizard do things that native tools cannot. Through an easy-to-use interface, administrators can quickly restore all Active Directory deletions and modifications, allowing for granular restoration that enables administrators to select precisely what objects or individual attribute values they want to restore.
NetWrix Active Directory Object Restore Wizard still offers the convenience, efficiency and capabilities that native tools cannot. In what ways has an object restore solution helped you, and if applicable, how did the NetWrix Restore Wizard get the job done? Can you name in instance when the NetWrix Active Directory Object Restore Wizard or other 3rd party recovery tools would have been beneficial to you?
Posted in Articles | Tagged Active Directory, Active Directory Rollback, AD Object Restore, Microsoft, NetWrix | Leave a comment
