Active Directory Assessment

  1. Identify excessive permissions on Active Directory users and groups to ensure compliance with principles of least privilege and “need to know”
  2. Reduce system vulnerabilities by quickly finding active users that have not logged in for over 90 days or users nor required to have a password.
  3. Ensure that users with membership to powerful groups like Enterprise Admins, Domain Admins and Schema Admins have been authorized.
  4. Create customizable reports for Active Directory assessments and leverage LT Auditor+’s powerful querying capabilities to deliver easy to read reports that are clear and concise.

ARM
DOWNLOAD NOW
Datasheet
ARM

ACTIVE DIRECTORY MONITORING

  1. Get notified in real time when critical changes occur in Active Directory. Events such escalating privileges to powerful group memberships or granting security permissions to sensitive objects can be immediately tracked enabling a faster response to threat mitigation.
  2. Monitor the creation, deletion, renaming and move of any Active Directory object such as Organizational Units, Users, Groups and Computers etc.
  3. Track changes to sensitive attributes like the NT_Security_Descriptor to monitor when DACL permissions are changed on Active Directory objects
  4. Captures the source IP address/workstation name for account lockout events to identify if an attack is in progress or to assist administrators troubleshoot lockout events.

GROUP POLICY MONITORING

  1. Get notified in real time when critical policy changes occur for any GPO object. Events such changing Domain Controller audit policies, Account Password policies or Account Lockout policies can immediately notify security administrators to ensure faster threat mitigation responses.
  2. Monitor changes to attributes of audited GPO objects and provides a record of before and after values for change control.
  3. Provides a detailed record of who linked GPO’s to OU objects; who added, deleted or modified Delegations to a GPO and who changed critical security options that potentially violate organization security policy.

image

image

COMPLAINCE REPORTING FOR ACTIVE DIRECTORY

LT Auditor+ provides Active Directory compliance mapping reports for the following statutory regulations, standards and frameworks:

  • HIPAA – Health Information Portability and Accounting Act
  • SOX – Sarbanes Oxley Act
  • FFIEC – Federal Financial Institutions Examiners Council
  • PCI-DSS – Payment Card Industry Data Security Standard
  • NIST CYBERSECURITY FRAMEWORK