Change Auditor
Overview
Active Directory continues to be the cornerstone for securing access to business-critical applications. Yet change reporting and vulnerability monitoring for AD is cumbersome, time-consuming, and often impossible using system-provided IT auditing tools. Adopting Azure AD only increases your reliance on Active Directory (AD), while doubling the attack surface and introducing additional opportunities for ransomware and other exploits. This often results in data breaches and insider threats that can go undetected without protections in place. Fortunately, Change Auditor provides real-time threat monitoring and security tracking of all key user activity and administrator changes.
Change Auditor is a complete set of real-time Active Directory auditing tools offering in-depth forensics and security threat monitoring on all key configuration, user and administrator changes in your AD environment. Change Auditor tracks Active Directory changes and detects indicators of compromise (IOCs) across AD and Azure AD to thwart attackers and their attempts to deploy ransomware. Additionally, Change Auditor tracks lateral movement of adversaries across the network and audits suspicious user activity.
Quelle: Quest
is a partner
and we have been using Quest monitoring and compliance products with our customers for many years. For example, Change Auditor for Windows File Server and Windows Active Directory.
Hybrid security monitoring
Audit all security changes across your AD and Azure AD environments, including user and group changes, as well as exploits such as DCSync and DCShadow attacks, AD database exfiltration, and SIDHistory use.
360° security protection
Experience comprehensive Active Directory auditing tools offering everything from upfront vulnerability assessment to intrusion detection and monitoring of compromised accounts. Change Auditor has you covered at every step.
Threat detection
Detect threats early – including unauthorized domain replication, offline extraction of your AD database, and domain-level GPO linking – to mitigate and avoid costly ransomware attacks.
Normalized 5W audit details
Translate cryptic system-provided logs into a simple, normalized format highlighting the who, what, when, where and workstation details, and before and after values.
Threat prevention
Block attackers from making changes to critical groups, GPO settings and linking or exfiltrating your AD database to steal credentials – regardless of the privileges they’ve hijacked.
Real-time alerts on the move
Send critical change and pattern alerts to email and mobile devices to prompt immediate action, even while you’re not on site.
Forensic reporting
Track Active Directory changes with a detailed audit trail of every change made to AD and Azure AD, including who made them, without the blind spots of built-in auditing functions.
Account lockout
Capture the originating IP address/workstation name for account lockout events to simplify troubleshooting.
Quelle: Quest
Change Auditor
Important functions and features
Security threat monitoring
Related searches
AD-change rollback
SIEM integration
Threat timelines
Superior auditing engine
Secure AD attack paths
Auditor-ready reporting
Quelle: Quest
Change Auditor
Platform
- Active Directory
- Azure AD and Office 365
- Windows Server
- Exchange
- SQL Server
- Network-Attached Storage
- SharePoint und OneDrive for Business
Change Auditor for Active Directory and Change Auditor for Logon Activity detect and report changes to critical objects in Microsoft Active Directory and Azure AD – all with a single, correlated view of your hybrid AD environment. Track Kerberos, NTLM and ADFS authentications to identify vulnerabilities and exploits.
With just a few clicks, you can link Change Auditor and On Demand Audit to get a single hosted view of all changes made to AD, Azure AD, Exchange Online, SharePoint Online, OneDrive for Business and Teams.
Change Auditor for Windows File Servers helps you to efficiently and cost-effectively control and audit changes in Microsoft Windows Server environments. Proactively track and audit important changes, including user and administrator accounts, and benefit from relevant reports and alerts – all in real time and without the hassle of native auditing.
Change Auditor for Exchange simplifies Exchange auditing. Track and audit changes locally in Microsoft Exchange as well as in Exchange Online and benefit from corresponding reports and alerts – all in real time in a single, correlated view.
Change Auditor for SQL Server ensures simple and secure database auditing for Microsoft SQL Server. The solution enables the tracking and auditing of changes as well as the creation of corresponding reports and alerts – in real time. Events are described in a straightforward way so that auditing is neither time-consuming nor complex.
Ensure the security, compliance and control of files, folders and shares by tracking, auditing, reporting and alerting on all changes in real time. With Change Auditor for NetApp and Change Auditor for EMC, you can analyze and report on events and changes without the complexity and time associated with built-in auditing capabilities.
Change Auditor for SharePoint enables faster, easier and more secure auditing of SharePoint, SharePoint Online and OneDrive for Business. This solution makes events easy for users to understand and stores data in a centralized and secure database. It also monitors and audits important changes in real time and provides reports and alerts on these changes in relation to the following:
- SharePoint farms, servers, sites, users, permissions, etc.
- File and folder activity and moving sensitive data to and from OneDrive for Business
Quelle: Quest
External Links (provided by Quest®):
Free Trial of Change Auditor
Get your free 30-day trial version today.
Change Auditor for Active Directory
Change Auditor for Windows File Servers
Change Auditor for Logon Activity