NetVision

NetVision Company Blog

A Discussion on Effective Audit of User Access

Comparative Review: Active Directory Auditing Tools

Tags: , , , , , ,

NetVision was recently featured in a Windows IT Pro product comparative review on Active Directory audit solutions. The full article is available in the September issue and on the Windows IT Pro web site under the title Comparative Review: Active Directory Auditing Tools. But, we just wanted to call out a few of our favorite quotes:

Trying to find the culprit using Event Viewer is like looking for a needle in a haystack. You need a tool that can lay out the data in a clear and concise manner—you need a good Active Directory (AD) auditing tool.

NetVision should be your first choice if you’re looking for a turnkey solution. No matter whether you want to use the physical appliance, virtual appliance, or managed service, it’s the best for hands-free AD auditing.

Overall, I was impressed with [NetVision's] product. It’s extremely robust

Each one has its own strengths and weaknesses, but the one that impressed me the most was [NetVision] NVAssess, which is why it earns the Editor’s Choice award.

Well said Windows IT Pro!

Of course, to get the details, please read the full article. And let us know if you have any questions.

Microsoft Exchange Monitoring: Preview

Tags: , ,

NetVision will soon be announcing availability of our Microsoft Exchange monitoring capabilities.  Indepent of Microsoft event logs, this solution will enable you to monitor message, calendar, contact, and task activity.  Events can be triggered based on whether the initiator is the mailbox owner as well as event filtering by subsets of users.  So, for example, if a help desk user sends a message from your CEO, you might want to take different action than if the CEO’s assistant sends a message from that account.

If you’d like us to keep you updated on the Exchange monitoring release, please let us know.

Tracking Failed Logon attempts to Active Directory

Tags: , , ,

One method of monitoring possible inappropriate access attempts to Active Directory is to watch for Failed Logon attempts.  One way to do that is to monitor specific events in the Security Event Log on ALL servers within an environment.  The challenge with this has always been trying to monitor and gather all the appropriate information across all systems within an environment.

NetVision has greatly simplified this by centralizing the effort and applying filters at the event source that allow the system to gather only appropriate data and act upon the event information according to pre-defined rules (record it, write to file, send an alert, etc.)

NetVision reports on the following types of Failed Logons:

  1. Failed Logon attempts to the Local System
  2. Failed Logon because an account is Disabled
  3. Failed Logon because an account is Expired
  4. Failed Logon because an account is Locked
  5. Failed Logon because of Machine Restrictions
  6. Failed Logon because of an accounts Password is Expired
  7. Failed Logon because of a Time Restriction
  8. Failed Logon because of an account Type Restriction
  9. Failed Logon because an account is Unknown

NetVision allows you to gather and process ALL Failed Logons centrally so you can evaluate the events, build appropriate reports, and take action on possibly inappropriate behaviors within your environment.

UPDATED: We can also track and report on failed logon attempts without relying on the security event log, making it easy to capture and report on a subset of users (such as system administrators) without having to store ALL failed logon attempts across the enterprise.  …forgot to mention that in the original post.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.