Active Directory change auditing is a mission critical component for compliance regulations such as HIPAA, PCI, NERC, & SOX. StealthINTERCEPT Directory Authority provides real-time, in-line monitoring, blocking, reporting, alerting, and forensics on any and all changes within Active Directory, including changes to Group Policy Objects. Clearly understand the Who? What? Where? When?™ of what’s occurring within your mission-critical application with instant alerts, before and after value comparison, and a high-powered Rules Engine providing complete control over any object, setting, or configuration.
Domain Administrators hold the keys to the kingdom. Especially in large, geographically distributed organizations with follow-the-sun domain administration, it’s critical to understand not only who is capable of making changes, but what these highly privileged individuals are doing with their almost unlimited access to organizational resources and assets.
StealthINTERCEPT Directory Authority allows organizations to monitor admin activity without any concern that forensic data can be tampered with or that tracks can be hidden. Leveraging StealthINTERCEPT’s advanced, in-line change and access prevention technology, organizations can now prevent privileged users from accessing any resource of their choosing.
Even when changes are modeled and tested prior to production implementation, changes can many times have unintended effects in the real world. In scenarios where unintended change has occurred, administrators typically struggle to identify what exactly changed and are otherwise out of luck in finding this information easily if their native event logs have already rolled. As a result, administrators need the ability to capture change activity and view it in a logical manner to find the one event (not 12 lines of events from the security log) that caused the problem, so they can quickly resolve the issue by rolling back the change to the previous value.
StealthINTERCEPT Directory Authority has been architected to maintain historical record of before-and-after values aligning to change activity. This information, used in conjunction with StealthINTERCEPT’s Rules Engine, provides administrators the ability to easily understand the exact change or changes made, and roll back changes to their previous values for expedient issue resolution.
Changes made to Group Policy Objects (GPOs) can have drastic and far-reaching effects within an organization, causing operational, security, and compliance issues that could take days or weeks to effectively remediate. Additionally, changes made to Group Policy are not easily decipherable via native logging facilities, making it nearly impossible to determine the exact change enacted and its associated impact across the environment.
StealthINTERCEPT Directory Authority provides surgical insight into Group Policy change activity, who made the change, in addition to the ability to prevent GPO changes from occurring in the first place.
Changes that are allowed to occur to critical objects, settings, or configurations within Active Directory may have affects that cannot be remedied through the reversal of the changes made, such as damage to corporate reputation or leakage of critical organizational assets.
StealthINTERCEPT Directory Authority works as an in-line process within Active Directory, blocking changes from occurring at the very moment changes are trying to take effect.
It’s important to record and be aware of ALL changes occurring within Active Directory, however, where IT lacks visibility and control is in understanding which changes require immediate attention or response.
StealthINTERCEPT Directory Authority’s built-in Rules Engine allows administrators to not only define what, whom, or where monitoring or blocking needs to occur, but elevate events of a particular criticality and others of their choosing to eliminate the frustration caused by false-positives and wasted time deciphering event meaning and impact.