Active Directory management is a double-edged sword: it’s a big part of security and compliance in your organization, but it’s not the simplest of tasks.
First, native tools are not very powerful, especially when you’re managing a hybrid environment of on-premises Active Directory and Azure Active Directory. Then, you spend a lot of time and effort ensuring that requests to create, remove or change access don’t fall through the cracks. Finally, you have to keep close tabs on any control of AD that you delegate to other administrator groups.
I’ve been blogging these past few days about IT Security Search, an intelligent looking glass into your environment. IT Security Search pulls together all the information on computers, shares, events, files, groups, organizational units (OUs) and users with a search-based approach to letting you drill into it. The information comes from tools like Enterprise Reporter, Change Auditor, InTrust, Recovery Manager for Active Directory and now Active Roles.
In this final post of the series, I’ll describe the way IT Security Search makes information from Active Roles searchable and integrates that information with data from the other platform management tools.
Integrating Active Roles with IT Security Search
Active Roles provides privileged account management for Active Directory and Azure Active Directory. You define administrative policies and permissions, then Active Roles generates and enforces the corresponding access rules.
Suppose you discover a security breach on your network. You use IT Security Search to drill into data collected from all across your environment by InTrust, Change Auditor, Enterprise Reporter and Recovery Manager for Active Directory. You determine that the security breach occurred because some administrator made an AD change to grant permission to an unauthorized user. If the admin used Active Roles to grant the permission, IT Security Search would not only show you the AD change but also report the actual user behind the change. Instead of drilling down as far as the change then having to run a different tool to determine the actual user, you could see who it was right inside IT Security Search.
Here’s another advantage of this integration: viewing the scopes of Active Directory delegation you’ve set up. If you use Active Roles to assign more granular access to your AD, you can now view and navigate in IT Security Search all of that Active Directory delegation, in the same context as the administration workflow you’ve set up. Without having to fire up a different tool, you can continue your investigation down to the level of several AD objects:
- AD Dynamic Group
- Temporal members of an AD group
- Managed Units
- Virtual attributes
If you’ve used Active Roles to set and configure those, then IT Security Search will allow you go drill down and find them.
In a simple web interface, IT Security Search correlates IT data from disparate systems into an interactive search engine. Use it for Windows auditing, investigation, security and compliance tasks across your entire IT landscape.
It’s easy to evaluate IT Security Search for use on your own network. When you buy or try Active Roles, Change Auditor, Enterprise Reporter, InTrust or Recovery Manager for Active Directory, you can also take IT Security Search for a test drive. We’ve made it available as a no-cost download for any of the platform management products mentioned above.
Want to know what else IT Security Search can do?
Check out my past posts for a recap look at the series and how IT Security Search works with Quest security and compliance solutions:
- Get an Intelligent Looking Glass into Your Environment
- Use Cases for IT Forensics
- Enterprise Reporter - Microsoft reporting and compliance
- Change Auditor - auditing and alerting critical changes
- InTrust - log event management and security
- Recovery Manager for Active Directory - AD object backup and recovery