Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In

Similar documents
Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

Top Critical Changes to Audit

Product Overview. Netwrix Auditor. Presenter: Jeff Melnick Manager of Sales Engineering x 971

What s New in Netwrix Auditor 8.0. PRESENTER: Jeff Melnick Manager of Sales Engineering x 971

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208

Back to Basics IT Infrastructure Configuration Tips & Tricks Active Directory / Group Policy / Exchange

Netwrix Auditor for File Servers and SQL Server

What s New in Netwrix Auditor 9.5

Top 5 NetApp Filer Incidents You Need Visibility Into

How to Survive an IT Audit and Thrive Off It!

Withstanding Ransomware Attack: A Step-by-Step Guide Presenter:

Netwrix Auditor. Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer

4 Ways Your Organization Can Be Hacked

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions

Top 5 Oracle Database Incidents You Need Visibility Into

Top 7 Questions to Assess Data Security in the Enterprise

The 3 Pillars of SharePoint Security

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

Outsmarting Ransomware: Hints and Tricks. Netwrix Corporation Adam Stetson System Engineer

Become an Active Directory Auditing Superstar: an all-in-one guide!

HOW TO MAXIMIZE THE VALUE OF YOUR SPLUNK INVESTMENT. PRESENTER: Adam Stetson Presales Engineer

What s New in Netwrix Auditor 9.7

Don't 'WannaCry' No More: How to Shield Your IT Infrastructure from Ransomware. Netwrix Corporation Roy Lopez System Engineer

How to Ensure Continuous Compliance?

SOX/COBIT Framework. and Netwrix Auditor Mapping. Toll-free:

PCI DSS Requirements. and Netwrix Auditor Mapping. Toll-free:

Netwrix Auditor for SQL Server

IT Security Horrors That Keep You Up at Night

HIPAA Requirements. and Netwrix Auditor Mapping. Toll-free:

ISO/IEC Controls

Netwrix Virtual. Customer Summit 2016

Netwrix Auditor. Administration Guide. Version: /31/2017

Expert Webinar: Hacking Your Windows IT Environment

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Netwrix Auditor Competitive Checklist

Install and Configure Active Directory Domain Services

Netwrix Auditor for Active Directory

CAN MICROSOFT HELP MEET THE GDPR

Integrating On-Premises Identity Infrastructure with Microsoft Azure

Netwrix Auditor. Event Log Export Add-on Quick-Start Guide. Version: 8.0 6/3/2016

Managing Microsoft 365 Identity and Access

Netwrix Auditor. Visibility Platform for User Behavior Analysis. and Risk Mitigation in Hybrid IT Environments.

Netwrix Auditor. Intelligence Guide. Version: /30/2018

Course 10993A: Integrating On-Premises Identity Infrastructure with Microsoft Azure

Hybrid Identity de paraplu in de cloud

Netwrix Auditor Add-on for Privileged User Monitoring

Using Splunk and LOGbinder to Monitor SQL Server, SharePoint and Exchange Audit Events

News and Updates June 1, 2017

HIPAA Controls. Powered by Auditor Mapping.

Microsoft Security Management

Crash course in Azure Active Directory

Keeping Tabs on the Top 3 Critical SharePoint Changes with Netwrix Auditor

Netwrix Auditor. Integration API Guide. Version: /4/2016

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Netwrix Auditor Add-on for Solarwinds Log & Event Manager

Netwrix Auditor. Integration API Guide. Version: /4/2017

GDPR Controls and Netwrix Auditor Mapping

WELCOME! Using Microsoft Office 365 for a Robust Mail and Conferencing System

Active Directory Services with Windows Server

Use EMS to protect your mobile data and mobile app

Track MS-100: Microsoft 365 Identity and Services

Cloud Customer Architecture for Securing Workloads on Cloud Services

Go mobile. Stay in control.

Azure Active Directory from Zero to Hero

Netwrix Auditor. Installation and Configuration Guide. Version: /1/2017

Active Directory Services with Windows Server

NIST SP Controls

SIEM Product Comparison

Cybersecurity Roadmap: Global Healthcare Security Architecture

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Active Directory Services with Windows Server

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

The Old is New Again Engineering Security in the Age of Data Access from Anywhere

The Road to a Secure, Compliant Cloud

Virtual Machine Encryption Security & Compliance in the Cloud

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways

COURSE OUTLINE: OD10969B Active Directory Services with Windows Server

Centrify Suite Enterprise Edition Self-Paced Training

Education and Support for SharePoint, Office 365 and Azure

App Gateway Deployment Guide

PT Unified Application Security Enforcement. ptsecurity.com

Securing Office 365 with MobileIron

"Charting the Course... MOC B Active Directory Services with Windows Server Course Summary

Microsoft Active Directory Services with Windows Server

Comprehensive Database Security

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

Poor PAM processes and policies leave the crown jewels susceptible to security breaches Global Survey of IT Security Professionals

Managing the Risk of Privileged Accounts and Passwords

Why Choose MS Azure?

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Azure Stack: The hybrid cloud revolution

[ Sean TrimarcSecurity.com ]

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2


Transcription:

Monitoring Active Directory: Both Azure AD and On-Premise AD and How Synchronization and Federation Play In Sponsored by 2016 Monterey Technology Group Inc.

Thanks to Made possible by

Preview of key points Today s hybrid Active Directory environment On-Prem AD Azure AD Synchronization with Azure AD Connect Federation Audit log management On prem Cloud Connecting it all together Enterprise audit and monitoring for the entry hybrid environment

Active Directory in today s hybrid environment Azure AD Connect

On-Prem AD auditing System level Windows on Domain Controllers User rights Security policies System operations Logons Audit categories All except those below Active Directory Users, groups, computers, OUs, Group Policy Objects Audit categories Account Management Directory Service Access Directory Service Changes Destination Security log on each domain controller Security Log Security Log Security Log Domain controllers and their local Security Logs Windows AD Windows AD Windows AD Account Management Audit policies User management Audit policies Group management User management Computer Group management management Computer Directory Service management Categories Audit Directory Changes Audit policies Audit User policies management Group All others management Computer management

Azure AD auditing System level Not applicable Active Directory Users, groups, computers Audit categories Not applicable on by default Destination Initial Graph API All Azure events Office 365 Unified Audit Log Azure AD events Graph API Mgt Activity API Azure Active Directory Graph O365

Do you need to audit Azure AD? In almost all cases you are synchronizing on-prem AD to Azure AD So if Azure AD is just a projection of on-prem AD why monitor? Synch d objects from onprem is only a subset of the objects in Azure AD Including very important tenant admin accounts Creating a blind spot against one of the most important risks Intruder gains privileged access to your tenant Objects Sync'd Objects

Federation impacts authentication not account management and directory security How does federation affect the story? You still have On-prem AD Azure AD Both can still suffer harm from mistakes, unauthorized changes and intrusion Federation Centralizes more of your authentication/logon audit log Provides a central chokepoint at which Enforce policies Observe access patterns and anomalies Deny access ADFS, et al Objects Sync'd Objects

Domain controllers and their local Security Logs Audit log management On-Prem Active Directory Audit log policy Log collection Interpreting events? Security Log Security Log Windows AD Windows AD Security Log Windows AD

Azure Active Directory Audit log management Azure AD Audit policy Log collection Office 365 Management Activity API Azure Graph API Interpreting events? Graph O365

Attacks Attacks The big picture

Bottom line Active Directory is the foundation of security On-prem In the cloud Impossible to be compliant and secure without monitoring it On-prem In the cloud On-prem AD and Azure AD both do a fair job of generating audit events But what about Collection Search Reporting Secure archival Correlation Alerting Check out Netwrix 2016 Monterey Technology Group Inc.

About Netwrix Auditor Netwrix Auditor A visibility and governance platform that enables control over changes, configurations, and access in hybrid cloud IT environments by providing security analytics to detect anomalies in user behavior and investigate threat pattern before a data breach occurs.

Netwrix Auditor Applications Netwrix Auditor Platform Active Directory Azure AD Exchange Office 365 Windows File Servers EMC NetApp SharePoint Oracle Database SQL Server Windows Server VMware

Why Netwrix Auditor? Sharp focus on visibility and governance Broadest coverage of on-premises and cloud systems Truly integrated as opposed to multiple hard-to-integrate standalone tools from other vendors Noise-free security analytics Non-intrusive architecture API-enabled ecosystem integrations Cost-effective two-tiered storage (file-based + SQL database) holding consolidated audit data for more than 10 years Fast, 15-minute deployment, with no professional services required First-class, U.S.-based customer support with 97% customer satisfaction

Next Steps Free Trial: setup in your own test environment netwrix.com/freetrial Virtual Appliance: get Netwrix Auditor up and running in minutes netwrix.com/go/appliance Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive Live One-to-One Demo: product tour with Netwrix expert netwrix.com/livedemo Contact Sales to obtain more information netwrix.com/contactsales Upcoming and On-Demand Netwrix Webinars: join upcoming webinars or watch the recorded sessions netwrix.com/webinars netwrix.com/webinars#featured

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback