NetVision

NetVision Company Blog

A Discussion on Effective Audit of User Access

Comparative Review: Active Directory Auditing Tools

Tags: , , , , , ,

NetVision was recently featured in a Windows IT Pro product comparative review on Active Directory audit solutions. The full article is available in the September issue and on the Windows IT Pro web site under the title Comparative Review: Active Directory Auditing Tools. But, we just wanted to call out a few of our favorite quotes:

Trying to find the culprit using Event Viewer is like looking for a needle in a haystack. You need a tool that can lay out the data in a clear and concise manner—you need a good Active Directory (AD) auditing tool.

NetVision should be your first choice if you’re looking for a turnkey solution. No matter whether you want to use the physical appliance, virtual appliance, or managed service, it’s the best for hands-free AD auditing.

Overall, I was impressed with [NetVision's] product. It’s extremely robust

Each one has its own strengths and weaknesses, but the one that impressed me the most was [NetVision] NVAssess, which is why it earns the Editor’s Choice award.

Well said Windows IT Pro!

Of course, to get the details, please read the full article. And let us know if you have any questions.

Dormant Accounts

Tags: , , ,

I spend so much time thinking about the bleeding edge of access reporting that I often forget to mention the basics. In the next few posts, I’ll write about a few of those basic reporting needs  starting today with Dormant Accounts on both Microsoft Active Directory and Novell eDirectory.

These are accounts that have been dormant or unused for some period of time. The most obvious indicator of a user account being dormant is that it has not been used to authenticate in a while. You can easily see this by looking at the user object’s attributes. Obviously, a monitoring-only approach would not be able to tell you what’s NOT happening. So, to effectively report on inactivity, you need a solution that would query your network directory on your schedule. NetVision’s NVAssess does exactly that. And rather than ONLY offering a list of dormant accounts based on your criteria (30 days ? 90 days?), we have built-in ability to provide a nice chart that quickly identifies the dormant user accounts that are still enabled and therefore represent a greater security risk. And we can take that a step further.

Many of our manufacturing customers, as an example, have a significant subset of users that do not regularly authenticate. These employees don’t use computers for their day-to-day routines but occasionally need to log on to the network to access HR or other information. In these instances, we can extend our dormant account reporting to include additional logic. For example, members of a certain group or with a given attribute value can be identified separately from other employees. This makes it easy to see which dormant accounts are expected (or normal) and which may represent a higher risk profile.

NVAssess can also auto-process the dormant accounts based the your selected criteria to disable those accounts, revoke permissions, remove group memberships, and move the account to a specified OU within the directory. This makes the entire process automated and hands-off. When your executive staff or auditors run periodic reports, they’ll never find a list of still enabled dormant accounts that are in breach of your security policy.

NVAssess has been on the market for over 15 years. Dormant accounts reporting is just one drop in the bucket in terms of what it can do. Let us know if you’d like more details.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.