Native Active Directory Auditing Falls Short

There is a lot riding on the healthy preservation of a clean and regularly monitored Active Directory. More specifically, Active Directory, the first point of user authentication after log-in, is what supplies authentication and access control for all users and applications.

Active Directory is the foundation of many security operations in the modern business world. Because so many sectors of any business’ IT infrastructure rely so heavily on Active Directory, a highly-monitored, healthy Active Directory is paramount to complete company functionality. Aside from the crucial ability to discover and react to high-impact changes in Active Directory, organizations are constantly at the mercy of PCI, HIPAA, SOX and FISMA compliance auditors, and thus, must be able to maintain Active Directory compliance with all regulatory requirements while being able to produce an audit trail that verifies their efforts. Naturally, then, Active Directory, for reasons of both company security and complete compliance, must be heavily audited from within.

There are an abundance of tools that enable some level of Active Directory infrastructural auditing and most Windows Server versions provide very basic Active Directory auditing capabilities. The native Microsoft auditing capabilities, which provide account management and directory service access, provide administrators with a very rudimentary capacity. In short, Microsoft’s built-in tools allow for the monitoring of Active Directory modifications, creations and deletions, while allowing identification of the object that was accessed and by whom it was accessed. While free and convenient with Microsoft Servers, the native tools limitations are, however, quite vast.

Specifically, the Microsoft Active Directory auditing tools provide no centralized audit trail, no reporting analysis, incomplete data, an excessively high quantity of events, and susceptibility to poor-intentioned privileged administrators.

While the native tools do provide information necessary to know that Active Directory was changed, they often do not explain exactly what was changed, or how it was changed. Clearly, while free to Microsoft customers, the built-in tools leave organizations vulnerable to security breaches and failed compliance.

That is where NetWrix Active Directory Change reporter comes in, mending the cracks that often lead to Active Directory lapses and failed compliance. Essentially, the NetWrix Active Directory Change Reporter picks up where Microsoft left off, providing for a solution that does exactly what the native Microsoft tools do, and much more.

Active Directory Change Reporter collects audit data from each domain controller on the Change Reporter server for consolidated analysis and reporting, showing the who, what, when and where, as well as the before and after values of all those changes, even across multiple Active Directory controllers.

NetWrix Active Directory Change Reporter also provides administrators with the opportunity to identify exactly what changes they want to get reports on, limiting the amount of audit volume by automatically disregarding Active Directory events selected by the administrator as negligible. NetWrix Active Directory Change Reporter provides precise and automatic reporting analysis, making efficient and consistent Active Directory auditing very simple while also providing compliance reports for HIPAA, SOX and GLBA auditors. Moreover, the Change Reporter never misses any Active Directory changes, regardless of who changed what, where or when they changed anything. Additionally, the NetWrix Active Directory Change Reporter tracks changes made to Group Policy.

It is clear that change auditing is a necessary undertaking to ensure a secure and compliant Active Directory. And while native Active Directory tools do provide administrators with rudimentary capabilities to perform the task, the NetWrix Active Directory Change Reporter provides a complete and precise change auditing solution that ensures Active Directory security and satisfies the compliance requirements.

Have you ever failed your compliance audit? If so, what was the result and how did you resolve the issue to ensure future compliance? Please join the discussion below.