NetVision

NetVision Company Blog

A Discussion on Effective Audit of User Access

Comparative Review: Active Directory Auditing Tools

Tags: , , , , , ,

NetVision was recently featured in a Windows IT Pro product comparative review on Active Directory audit solutions. The full article is available in the September issue and on the Windows IT Pro web site under the title Comparative Review: Active Directory Auditing Tools. But, we just wanted to call out a few of our favorite quotes:

Trying to find the culprit using Event Viewer is like looking for a needle in a haystack. You need a tool that can lay out the data in a clear and concise manner—you need a good Active Directory (AD) auditing tool.

NetVision should be your first choice if you’re looking for a turnkey solution. No matter whether you want to use the physical appliance, virtual appliance, or managed service, it’s the best for hands-free AD auditing.

Overall, I was impressed with [NetVision's] product. It’s extremely robust

Each one has its own strengths and weaknesses, but the one that impressed me the most was [NetVision] NVAssess, which is why it earns the Editor’s Choice award.

Well said Windows IT Pro!

Of course, to get the details, please read the full article. And let us know if you have any questions.

Ponemon on the role of GRC

Tags: , , ,

Ponemon released a new study on the role of Governance, Risk Management, and Compliance in organizations. And there are some interesting findings:

  • 63% indicated that their GRC effort began in IT (not Legal or Finance)
  • 44% of on-going GRC activity is in IT
  • 76% characterize privacy as ‘very important’ in IT as opposed to 37% for Finance
  • Top barrier to meeting GRC goals: lack of resources
  • Primary focus area of GRC: risk management (not compliance or governance)
  • Regulation most difficult to comply with: PCI-DSS (arguably one of the more specific of the regulations in terms of requirements)

These data points validate what we’ve been saying to our customers in a number of ways. We focus on managing risk more so than regulatory response and we’ve created a solution that is designed to address the ‘lack of resources’ issue. It’s also interesting how IT-centric the overall GRC programs are based on the responses. Give it a read for yourself and let us know what you think.

Dormant Accounts

Tags: , , ,

I spend so much time thinking about the bleeding edge of access reporting that I often forget to mention the basics. In the next few posts, I’ll write about a few of those basic reporting needs  starting today with Dormant Accounts on both Microsoft Active Directory and Novell eDirectory.

These are accounts that have been dormant or unused for some period of time. The most obvious indicator of a user account being dormant is that it has not been used to authenticate in a while. You can easily see this by looking at the user object’s attributes. Obviously, a monitoring-only approach would not be able to tell you what’s NOT happening. So, to effectively report on inactivity, you need a solution that would query your network directory on your schedule. NetVision’s NVAssess does exactly that. And rather than ONLY offering a list of dormant accounts based on your criteria (30 days ? 90 days?), we have built-in ability to provide a nice chart that quickly identifies the dormant user accounts that are still enabled and therefore represent a greater security risk. And we can take that a step further.

Many of our manufacturing customers, as an example, have a significant subset of users that do not regularly authenticate. These employees don’t use computers for their day-to-day routines but occasionally need to log on to the network to access HR or other information. In these instances, we can extend our dormant account reporting to include additional logic. For example, members of a certain group or with a given attribute value can be identified separately from other employees. This makes it easy to see which dormant accounts are expected (or normal) and which may represent a higher risk profile.

NVAssess can also auto-process the dormant accounts based the your selected criteria to disable those accounts, revoke permissions, remove group memberships, and move the account to a specified OU within the directory. This makes the entire process automated and hands-off. When your executive staff or auditors run periodic reports, they’ll never find a list of still enabled dormant accounts that are in breach of your security policy.

NVAssess has been on the market for over 15 years. Dormant accounts reporting is just one drop in the bucket in terms of what it can do. Let us know if you’d like more details.

Verizon Data Breach Report 2011

Tags: , , ,

The 2011 Verizon Data Breach Investigations Report was released recently and there are a number of interesting findings. At a glance, these quick stats caught my eye on page 3:

  • 83% of the attacks were crimes of opportunity
  • 92% of the attacks were not highly difficult
  • 76% of all data was compromised from servers
  • 96% were avoidable through simple or intermediate controls

And of course, the mitigation recommendation on the same page:

“Audit user accounts and monitor privileged activity.”

One puzzling number was that only 17% of breaches were reported to be completed by insiders. I find that strange because greater than 80% were crimes of opportunity, not difficult, and easily avoidable. Those attributes would typically point to insiders who have the most opportunity.

Another interesting point:

“For the second year in a row, it is regular employees and end-users—not highly trusted ones—who are behind the majority of data compromises. This is a good time to remember that users need not be super users to make off with sensitive and/or valuable data.”

Have a read for yourself if you’re interested in more data on breaches and breach activity across the market. As always, I’d recommend to take this report in the context of all other similar reports, news articles, common sense, and your own experience.

Setting up Windows and Active Directory Event Log Auditing

Tags: , , ,

There is more than meets the eye when it comes to Windows event log auditing for Active Directory or Windows file system. You can’t just “switch it on” as some might have you think. A recent NetVision white paper takes a lighthearted look at the steps involved in setting up Windows audit and event logging. It identifies some of the considerations and complexity related to Windows event log auditing. You can find the paper on our knowledge page. We invite you to take a look (quick registration required).

For an abbreviated version, take a look at our recent newsletter on this topic.

Identity Intelligence

Tags: ,

A phrase we’ve been hearing over the past six months or so when talking to industry analysts is Identity Intelligence. This is how the Identity and Access Management industry is viewing the reports and monitoring provided by software vendors  like NetVision. We don’t provide provisioning tools or SSO solutions, but our focus on access rights – Who has access to what? How did they get access? and How are they using access?  makes us a compelling addition to the enterprise Identity landscape. I’m stating it that way because many NetVision customers don’t have enterprise Identity solutions and don’t think in those terms, but for those that do, the phrase Identity Intelligencemight help put NetVision in perspective.

Here are two recent posts from Gartner’s Earl Perkins on the subject:

The Real Meaning of “Intelligence” in IAM
IAM: To Control, Observe, and Inform

Let us know if you have others to include in the discussion.

Insider Errors

Tags: , ,

In case you missed our recent webinar on Insider Errors, NetVision’s David Rowe provided an engaging overview of insider errors, how they happen and their impact.  The webinar also gave a brief overview of NetVision’s access rights reporting solutions and some Q&A.

A recording is available through our partner Sparxent, who hosted the event:
http://www.sparxent.com/Webcast_Insider_Errors.wmv

Let us know if you’d like more information.

NetApp File Monitoring

Tags: , , , ,

NetApp file monitoring is finally right around the corner.  Our solution for monitoring activity on NetApp Filers is due to officially release in the coming weeks.  We’ll have file reads, changes, creates, deletes, permission changes, etc. baked into our already successful web-based reporting console which also reports on Windows file system activity, Active Directory, Microsoft Exchange, and Novell Netware, eDirectory and NSS on OES2 (SUSE Linux) platforms.  NetApp file activity monitoring will be available through the same solution that already provides full effective rights reporting – who has access to what – across Windows and NetApp devices.  Contact us for more information!

Reporting on Delegated Admin Rights

Tags: , ,

Management of Active Directory is commonly delegated to local or departmental administrators.  This means that certain individuals are (for example) granted permission to create user accounts and manage security groups within a given area of the directory.  Microsoft provides a built-in wizard (known as the Delegation of Control Wizard) to delegate these tasks which does the work of applying all the underlying permissions associated to the task.

For example, here are just a few of the many underlying permissions granted when you delegate the task [Create, delete, and manage user accounts] over an OU:

  • List Contents
  • List Object
  • Delete Object
  • Delete Subtree
  • Read Permissions
  • Read All Properties
  • Modify Permissions
  • Modify Owner
  • etc.

There are potentially hundreds of underlying permissions for any given delegated task.  The challenge, therefore, lies in being able to understand and report-on which rights have been delegated over time.  How do you know who has been delegated those permissions?  How do you know when underlying permissions are updated after the wizard has applied the task?  Or when rights are applied directly without using the wizard?  How do you know who has rights to create accounts through their group memberships when groups may be several levels deep?

NetVision’s Access Rights Inspector has built-in ability for in-depth reporting on rights over Active Directory objects and that includes reporting on the tasks delegated via the Delegation of Control Wizard.  It provides extremely useful reports and removes the guesswork and manual effort associated with understanding what tasks have been delegated throughout Active Directory.

Answers, Not Data: The Key to Access Security

Tags: , , , ,

NetVision has heard from its customers loud and clear that the holy grail of compliance reporting is enabling actual answers rather than just piles of data.  In this SC Magazine article, titled Answers, Not Data: The Key to Access Security, NetVision CEO David Rowe explains how next generation compliance solutions will be focused on answers and continuous audit rather than periodic audits that generate confusing or obfuscated data sets.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.