Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Get Quote

 
  

Risk management is the process of identifying the risk factors in a network and taking steps and creating polices that will safeguard them. Active Directory risk management is especially important because Active Directory touches nearly every part of your network and your business relies on your network being secure. A typical Active Directory network has a number of risk factors such as the data stored in the file servers, the vast number of users and their actions and so on. In short, every activity that takes place on the network, in its not audited, could be a potential risk. That being said, some activities are more riskier than others. These activities have been broadly categorized below:

  • Domain actions

    Monitor domain events such as file server modifications, software and file downloads and so on. File server modifications, if initiated by unauthorized persons, could spell doom for your company. You should also constantly check the software downloads on your network so that you can detect any malicious software that has been knowingly or unknowingly downloaded on your network.

  • Privileged account actions

    Most networks usually have a few privileged user accounts, which have access to a lot of the company's sensitive data. These accounts usually belong to administrators and few other employees who work with these data. Their high level of access make them likely choices for a security attack. If a hacker manages to crack the credentials of an account with privileged access, it could lead to the loss of important data. For example, if a privileged user account which is normally active during the regular work hours, suddenly begins to login at 3 AM, that is a definite cause for concern.

  • User account actions

    It has been often said that users or employees are a company's biggest risk factors. and monitoring them reduces the chances of an insider attack, or a user inadvertently putting the network at risk. It could also help detect an outsider who is trying to break into one of the user accounts. For example, if a legitimate user finds themselves locked out of their account for no reason, or if there has been numerous login attempts.

    pMonitoring these activities will improve your security posture greatly. If your network needs some help with this extensive monitoring, look no further.

Active Directory risk management with ADAudit Plus

ADAudit Plus is an Active Directory auditing and reporting tool that has a separate section for risk management. With ADAudit Plus, you can perform risk assessment, risk categorization and it can help you manage the risks. This tool audits user and entity activity and generates up-to-date audit reports. ADAudit Plus uses User Behavior Analytics (UBA) to detect any anomalous activity on the network. For example, ADAudit Plus's UBA technology would immediately detect it if a privileged user account logged in at 3 AM. Here is a sample report on admin activity from ADAudit Plus:

This report gives information on the actions initated by admin accounts, including the specific attribute that was modified, the timestamp and so on. In case this report shows that a specific admin account has been making an unusually large number of changes at odd times of the day, or makes modifications to security settings that might put the network at risk, the network admin can probe further to check if it is a security breach. This report can be accessed by navigating to Analytics > Risk Assessment Reports > User's Last Admin Activity.

About ADAudit Plus

ADAudit Plus is a real-time, web-based Windows Active Directory change reporting software that audits, tracks, reports and alerts on Windows (Active Directory, workstations logon/logoff, file servers and servers), NetApp filers and EMC servers to help meet the demands of the much-needed security, audit and compliance. With ADAudit Plus, track authorized/unauthorized AD management changes, access of users, GPO, groups, computer, OU. Track every file, folder modifications, access and permissions changes with 200+ detailed event-specific reports and get instant emails alerts. You can also export the results to XLS, HTML, PDF and CSV formats to assist in interpretation and computer forensics. For more information on ADAudit Plus, visit https://www.manageengine.com/products/active-directory-audit/

More related links

     

Native auditing becoming a little too much?

Try ADAudit Plus login monitoring tool to audit, track, and respond to malicious login and logoff actions instantaneously.

Try ADAudit Plus for free

 

ADAudit Plus Trusted By