Egyptian General Petroleum Corporation: Improving user login monitoring with ADAudit Plus
About EGPC
The Egyptian General Petroleum Corporation (EGPC) is a state-owned oil and gas company with headquarters in Cairo. It was established in 1956 and is the largest oil and gas company in Egypt. The EGPC is responsible for the exploration, production, refining, and marketing of oil and gas in Egypt. It also has a number of subsidiaries, including Petrojet, Enppi, Midor, Egyptian Drilling Company, and Belayim Petroleum Company.
The EGPC also has interests in refining, exploration, production, drilling, transportation, and storage of crude oil; engineering, procurement, and construction for oil and gas projects; and providing repair and maintenance services for machinery and equipment.
-
Country
Egypt -
Industry
Oil and gas -
Employees
1,001-5,000 employees
Business challenges
- File server monitoring: The EGPC needed to monitor file servers and identify users responsible for deleting files to ensure data integrity and accountability.
- User login monitoring: The organization wanted to track user logins and detect high-risk behavior, such as repeated bad passwords or unauthorized login attempts.
- Tracking Active Directory (AD) changes: The EGPC aimed to monitor and track administrators modifying user permissions as well as user account creation, deletion, and modification in AD.
The Problem
The EGPC needed an IT security and compliance solution to address its challenges with respect to file server monitoring, user login monitoring, and tracking changes in its Active Directory. Mohamed Abd Elsamie, EGPC's system administrator, emphasized the company's needs, which were to "monitor file servers and know who deleted files, monitor users' logins and know who [had a] high [number of] bad passwords, and [see] which machine or application caused this."
The outcome
ADAudit Plus proved to be a valuable solution to effectively address the EGPC's security compliance challenges. The EGPC highly appreciated ADAudit Plus' comprehensive reports, providing valuable insights into users' login behaviors, such as their peak login time, anomalies in login behavior, failed login attempts, and complete login audit trails for all users. Abd Elsamie reiterated the effectiveness of the reports, stating, "ADAudit Plus reports are effective and very helpful for [tracking] users' login behaviors and file server users' behaviors."
The EGPC found ADAudit Plus instrumental in deploying user behavior analytics (UBA), which allowed it to understand user activity, track users, and identify idle sessions on servers. The solution also enabled the company to gain deep visibility into its IT environment and to ensure compliance with industry regulations.
With an overall rating of 7 out of 10 and a likelihood to recommend ADAudit Plus, the EGPC acknowledges ADAudit Plus' value and its potential to enhance the company's efforts to meet security compliance standards. The organization is confident that ADAudit Plus will continue to support it in meeting regulatory standards and safeguarding its critical systems and data.
A crucial component of the ManageEngine AD360 suite, ADAudit Plus remains committed to providing organizations like the EGPC, with robust IT security and compliance solutions, empowering organizations to address their unique challenges and achieve their security objectives.
About ADAudit Plus
ADAudit Plus is a UBA-driven auditor that helps keep your AD, Azure AD, file systems (including Windows, NetApp, EMC, Synology, Hitachi, Huawei, and Amazon FSx for Windows), Windows servers, and workstations secure and compliant. ADAudit Plus transforms raw and noisy event log data into real-time reports and alerts, enabling you to get full visibility into activities happening across your Windows Server ecosystem in just a few clicks. For more information about ADAudit Plus, visit manageengine.com/active-directory-audit.