Security, et al

Randy's Blog on Infosec and Other Stuff

«  Need help configuring SQL... | LOGbinder SQL Beta is rel... »

Bridging the Gaps in Native Windows Auditing

Thu, 03 Nov 2011 16:36:42 GMT

Much of the security and control of an enterprise IT environment rests on Active Directory. It provides authentication and access control for Windows users and applications, as well as for UNIX, Linux and mainframes. Even VPNs, extranets and internal network security technologies all use Active Directory for policy and identity information.

To comply with information security best practices and compliance requirements, Active Directory must be regularly monitored and audited. However, if you've spent any time with the the native Windows security log you know that it provides only limited Active Directory audit capabilities.

Just one example is the fact that while the Windows security can tell you that a Group Policy Object was edited, it cannot tell you which of the nearly 1,000 settings were changed! And don't get me started on the noisy events generated and important information not logged when you try to audit Windows file sytem access.

In this whitepaper sponsored by Quest Software I explore the gaps in native Windows auditing that prevent organizations from achieving full compliance with best practices and security requirements. In fact I identity specific requirements in PCI, SOX and FISMA that make effective audit log management of Active Directory and the larger Windows environment mandatory.

Then I provide a brief tour of Quest's new On Demand Log Management and explain how this unique cloud based solution not only provides extremely easy to deploy core log management functions but also goes much further than typical log management solutions to bridge the gaps in native Windows auditing like the one described above involving group policy.

Read this whitepaper and learn:

  • Where are the serious gaps in native Windows auditing?
  • Which compliance requirements do these gaps prevent you from meeting?
  • How does Quest On Demand Log Management bridge these gaps by replacing certain native audit funcitons?
  • How can you deploy log management and achieve compliance with a fraciton of the effort required by traditional software?

Get the paper now:  Click Here

email this digg reddit dzone
comments (0)references (0)

Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

Comments disabled

powered by Bloget™


Recent Blogs


Additional Resources