Your Secure Active Business

Think about how you currently monitor changes to Active Directory (AD) objects such as users, computers, and groups on your businesses network.
Can you quickly identify any unauthorized activity that could indicate an attack?

Your Secure Active Business

Think about how you currently monitor changes to Active Directory (AD) objects such as users, computers, and groups on your businesses network.
Can you quickly identify any unauthorized activity that could indicate an attack?

Your Secure Active Business

Think about how you currently monitor changes to Active Directory (AD) objects such as users, computers, and groups on your businesses network.
Can you quickly identify any unauthorized activity that could indicate an attack?

Your Secure Active Business

Think about how you currently monitor changes to Active Directory (AD) objects such as users, computers, and groups on your businesses network.
Can you quickly identify any unauthorized activity that could indicate an attack?

Take a Giant Leap Forward for Heightened Security

Protecting Your AD

ManageEngine’s recent survey revealed many enterprises are yet to implement comprehensive security protocols, especially ones related to securing confidential data and critical resources.

Active threat detection

72%

Of respondents don’t use an auditing solution to detect the tell-tale signs of insider threats, data exfiltration, account compromise, or lateral movement in Active Directory.

Detecting anomalies

21%

Of respondents say they are capable of detecting complex attack patterns by correlating event information across devices through user behaviour analytics (UBA).

Preventive practices

24%

Of professional IT respondents use preventive practices to mitigate zero-day vulnerabilities.

Revolutionizing Active Directory Security

ADAudit Plus comprehensively tracks and audits changes to critical AD components including groups, users, organizational units, and group policy. It also monitors file servers, member servers, print servers, and workstations. Furthermore, with customizable, real-time alerts, it ensures admins instantly know about every important event/activity happening in their AD environment, no matter where they are.

Use Case: Monitoring Authentication Protocol

Your network security is only as strong as your weakest link. Using outdated authentication protocols like LAN Manager and NTLMv1 makes it easy for cybercriminals to intrude and damage your systems and network.
You can protect your enterprise's systems by using Kerberos or NTLMv2.
ADAudit Plus can help you do this.
No other software works as effectively or easily as ADAudit Plus. None were as simple to install and jump right in to start using. All audit requirements from HIPAA are covered in ADAudit Plus. We have passed an in-depth PEN audit test and several industry-related security audits because we are using ADAudit Plus. It’s extremely simple and cost-effective.
Renee Davis
CIO, Life Management Centre, Florida.


How to secure your AD

  • View detailed reports on changes made to on-premises and Azure AD.
  • Gain visibility into Windows user logon activity.
  • Report on, analyze, and troubleshoot AD account lockouts.
  • Closely monitor privileged user activities in your domain.
  • Track logons/logoffs, changes to users, groups, etc.
  • Enhance threat detection with user behavior analytics (UBA).


Why use ADAudit plus?

  • Gain visibility on all the assets and objects in your active directory including group policy settings, organizational units, groups, and more.
  • Assess the inherent risk from users and systems.
  • Utilize more than 200 predefined and out-of-the-box reports to aid your decision making.
  • Detect anomalies and hunt threats proactively.
  • Carry out both file server auditing and file integrity monitoring.
Event processing engine
All security events from the AD environment are processed here before they are stored in the database or a corresponding alert is triggered. It filters logs that aren’t needed - as configured by the administrator - to save storage space. It also normalizes raw logs to standard formats.
Reporting module
Send out email or SMS notifications based on the configured alert profiles.
Audit database
Raw and normalized log information from configured devices across your network is stored here. ADAudit Plus comes bundled with a PostgreSQL database, but users can also use Microsoft SQL databases.
Data engine
This engine stores and retrieves large volumes of data faster and is more scalable when compared to database storage and retrieval.
Alert Engine
Here you’ll find more than 200 out-of-the-box reports that offer a real-time view of your AD security status. ADAudit Plus also gives you the ability to create custom reports. Alerts engineSend out email or SMS notifications based on the configured alert profiles.
Analytics engine
This engine collects information and models a baseline of normal activities to define dynamic thresholds. When an anomaly is detected, an alert is triggered.

Use Case: Protecting Sensitive Groups

With any business or organization, there are particular groups with specific security needs. For example, the finance group within your enterprise will need high levels of security to be in place at all times. Since the members of this group will access sensitive data, it is critical to maintain and police their access privileges.

Hackers will look for vulnerabilities across your business’s systems, particularly within sensitive groups. For example, an attacker could change a group from a security group to a distribution group. The attacker would add an unauthorized user as a member of this “new” distribution group. Next, the attacker could change this distribution group to a security group once again, giving the attacker privileged access.
This attack can only be detected if, along with detecting membership changes to security groups, you also detect attribute changes of groups. When you do this, you get to see the full anatomy of the attack.

Safe and Secure

Analyzing Account Lockouts
Workstation Access

Users logging on to their domain computers is a day-to-day activity. At first glance, this might look like a simple Active Directory event, but administrators could use this valuable data for diverse audits, compliance, and operational needs.

With workstation access, your company can verify the attendance of employees. Your business can also ascertain the total count of users who have access to the Active Directory network. On top of that, your enterprise can spot users who access workstations or domain controllers through a remote network computer.

Group Changes

It’s essential to keep a keen eye on any changes that occur in administrative groups. This is especially important since domain administrators and enterprise administrators (EA) are automatically assigned a predefined set of elevated rights and permissions upon being added to an administrative group.

GPO Auditing

Businesses have to meet certain regulatory compliance requirements. One critical requirement is the ability to audit and report on mission-critical Group Policy Objects (GPO), which define the resource access scopes for a group of users. GPO-based reports give both a bird’s-eye view and a detailed summary of the new and old values of all GPO changes.

User Behavior Analytics

As insider threats continue to challenge businesses of all sizes, one way to detect them is by establishing a baseline of normal activities specific to each employee using machine learning (ML) techniques. Over an extended period of time, any deviations from that norm are instantly apparent. However, it’s nearly impossible to manually detect these deviations, which is where automated systems come in.

ADAudit Plus uses machine learning to create a baseline of normal activities that are specific to each user to detect potential insider threats and notify the concerned personnel. UBA in ADAudit Plus helps IT security teams streamline threat detection by creating a behavior-based security ecosystem to detect threats.

Use Case: Detecting Living off the Land Attacks

Living off the land attack techniques allow intruders to remain undetected as they perform reconnaissance—like finding information on users, password policies, and servers—or lateral movement across the network using techniques like password spray attacks. Both reconnaissance activities and lateral movement techniques can be carried out using PowerShell.
A normal domain user can easily run PowerShell cmdlets to get specific information about the domain and Active Directory structure. This is why it’s imperative for organizations to audit PowerShell cmdlets. Using ADAudit Plus, all of these potential attack vectors can be tracked and mitigated.

Use Case: Tracking Behavior

Often, security breaches can be traced back to anomalous behavior. Being able to utilize user behavior analytics as a core component of your company’s security protocols is paramount.
Count anomaly
Does a user suddenly perform many activities outside of their normal behavior? For example, accessing 100 different file services when they would usually only access ten.
Time anomaly
Is the user performing activities at a time that seem out of character? For example, are the user files outside of their usual work hours?
Resource access anomaly
Is the user accessing any resources (server/database) they would not normally need access to? For example, sensitive data they would not normally have security clearance to access.
Learn How Your Enterprise Can Take a Giant Leap Forward with a Comprehensive Ad Security Solution.