STEALTHbits Delivers Audit Reports at Warp Speed

Norm and Cliff

During a long-lost Cheers episode, Norm, doing his best to get under the skin of militant Postal Service employee, Cliff, posed the following question: “How much faster is a fax machine than the Post Office? A thousand times? A million?” Having made his point and sufficiently annoyed Cliff, Norm sarcastically concluded that some things are simply not calculable.

IT Security’s Fax Machine

An IT Security Engineer at a Major Utility knows a thing or two about that. She works at a major US Utility, a $7.3B provider with over 3.5 million customers and over 8,600 employees. She is periodically required to run various reports to satisfy Sarbanes-Oxley compliance requirements and the company’s outside auditors. In one example, she ran a report using an existing software tool that relied on the analysis of native Windows logs to tell her the specific logon time of one user over a 30 day period. The time to retrieve that information using log data: “We’ve been running the report for 7 days now, and it’s 42% complete.”

Gathering the same information using STEALTHbits’ StealthAUDIT product?

“Minutes. Maybe seconds.”

Fax machine vs. the Post Office.

Auditors: “Show Me”

Although we’ve invoked the ghosts of sitcoms past in our Cheers reference, Sarbanes-Oxley (SOX) compliance issues are no laughing matter. Satisfying audit requirements can be expensive and time-consuming, and it seems as though all auditors are from Missouri. For instance, according to our IT Security Engineer, auditors can select upwards of 70 or 80 - or more - users, and “if I say a user was disabled on March 1st, or their last logon was at 6:02pm on June 29th, they say ‘show me’,” she notes. “An auditor will sit right at my desk and ask me to show them how I know this information. With STEALTHbits, that’s now a piece of cake.”

Not Just About StealthAUDIT

The Utility uses the STEALTHbits StealthAUDIT suite of reporting and analysis tools to greatly reduce the time and cost investment in SOX reporting and compliance, but they’ve also deployed STEALTHbits’ real-time Active Directory firewall product, StealthINTERCEPT.

StealthINTERCEPT is a robust product that can also help ease compliance reporting, but the Utility has found its real-time monitoring capabilities to identify internal permission changes especially valuable. In a recent example, one member of the IT organization they’d outsourced some services to, inadvertently (or perhaps not) disabled Events logging from a domain controller overseas, exposing a potentially serious internal security gap. Per our Security Engineer: “Security event logging failed, but since we had INTERCEPT running, and it is not based off of Events, there was no loss of logging, and INTERCEPT alerted us to the issue right away.”

Easy Integration with Other Security Systems

STEALTHbits’ products are often used to complement other security software, and our Security Engineer’s experience is no exception. For example, she uses a PIM (Privileged Identity Management) solution in conjunction with STEALTHbits: “We can see events and times with STEALTHbits, then coordinate that information with our PIM software to see everything a user did. It’s just so cool.”

Information vs. Knowledge

Albert Einstein’s observation that “information is not knowledge” was uttered many years before IT professionals trying to decipher mountains of data daily were born, but in a time where machines produce more data in a day than in all of Einstein’s lifetime, it couldn’t me more relevant.

Just ask our friend the Security Engineer.

In Brief:

  • Utility with 3.5 million customers

  • 8,600 employees

  • Subject to SOX audits

  • StealthAUDIT reduces audit reporting burden immeasurably

  • Deployed StealthINTERCEPT and quickly discovered company they outsourced IT service to was turning off DC native logs


  • “With STEALTHbits, that’s now a piece of cake.” {generating SOX audit reports}

  • With StealthAUDIT, running a report that previously took a week can be done in minutes, “maybe seconds.”

  • “It’s just so cool.” {StealthAUDIT’s integration with PIM}