Real-time monitoring and anomaly detection: APU, Inc.'s success story with ADAudit Plus
About APUINC:
Asset Protection Unit (APU), Inc. is a leading provider of data mining and over-payment recovery for insurance and related industries. Its expertise is in various aspects of business, including medical and dental, Medicare supplements, and automobile medical payments. It operates out of Amarillo, Texas.
-
Country
Amarillo, Texas -
Industry
Insurance -
Employees
51-200
Business challenge:
APU, Inc. did not have an effective solution to manage logs and faced a significant influx of data being generated in its network. It struggled to efficiently sift through these logs to identify security incidents. Manually monitoring account lockouts proved to be extremely difficult. Moreover, it required enhanced visibility and comprehensive reports to conduct audits of the AD environment. With numerous activities occurring in its AD environment, it sought a centralized monitoring solution.
The solution: ADAudit Plus
APU, Inc. chose ADAudit Plus for its extensive AD auditing and reporting features, which give complete visibility into all the changes happening in an AD environment.
The AD auditing in ADAudit Plus provides a clear picture of all changes made to APU, Inc.'s AD resources, including objects such as users, computers, groups, OUs, GPOs, schema, and sites, along with their attributes. The company can audit user management actions like creation and deletion along with details on who did what, when, and from where. It can also oversee all changes to Group Policy settings and get notified about permission changes at various levels in AD.
ADAudit Plus also helps APU, Inc. to closely monitor user behavior. The tool captures and records detailed information about user activities in AD, including logon and logoff events, file access, permission changes, and group modifications. The solution provides real-time alerts for critical events, allowing administrators to take immediate action whenever necessary.
ADAudit Plus' UBA capability uses machine learning algorithms to analyze user behavior patterns and identify anomalies in real time. This helps APU, Inc. to detect and respond to insider threats and other security risks. The company is able to investigate anomalies by seeing who did what, when, and where, along with other details surrounding each anomaly. This has helped it recognize where and when machines have been logged in to and how many times users were locked out. ADAudit Plus also enables the company's administrators to monitor and identify login failures by providing comprehensive details on the user, the attempted machine, the timestamp, and the reason for the failed login. This has allowed APU, Inc. to then alter the password policies accordingly.
ADAudit Plus' reports also give the company a bird's-eye view of all the activities in the network, which makes auditing much easier.
About ADAudit Plus:
ADAudit Plus is a UBA-driven auditor that helps keep your AD, Azure AD, file systems (including Windows, NetApp, EMC, Synology, Hitachi, Huawei, and Amazon FSx for Windows), Windows servers, and workstations secure and compliant. ADAudit Plus transforms raw and noisy event log data into real-time reports and alerts, enabling you to get full visibility into activities happening across your Windows Server ecosystem in just a few clicks. For more information about ADAudit Plus, visit manageengine.com/active-directory-audit.