PowerBroker Auditing & Security Suite Version 5.6 New and Updated Features BeyondTrust PowerBroker Auditing & Security Suite performs centralized real-time change auditing for Active Directory, file systems, Exchange, SQL and NetApp; restores AD objects or attributes; and helps to establish and enforce entitlements across AD and file systems. Through simpler administration, IT organizations can mitigate the risks of unwanted system changes and better understand user activity to meet compliance requirements. With PowerBroker Auditing & Security Suite, customers can: Audit the who, what, where and when of changes in AD, Group Policy, Exchange, file systems and SQL, and alert to those changes, providing real-time visibility to address potential compliance concerns Provide rollback and restore of any AD changes or deletions, and backup and restore of Group Policy, protecting the business from downtime Deliver entitlement reporting, ensuring that users have access to the resources and only those resources they need to do their jobs Centralize distributed audit data across the Microsoft infrastructure, providing more capabilities than native tools and a unified view of changes across the environment PowerBroker Auditing & Security Suite includes modules for the following systems: Auditing PowerBroker Auditor for Active Directory PowerBroker Auditor for File Systems PowerBroker Auditor for Exchange PowerBroker Auditor for SQL Recovery PowerBroker Recovery for Active Directory Entitlement Reporting PowerBroker Privilege Explorer for Active Directory and File Systems PowerBroker Auditing & Security Suite version 5.6 adds several capabilities that further enhance simplicity and usability. Please read below for a summary of new features.
New Features Highlights Cross-Forest Support Simplifies Management and Auditing Whether because of mergers, security mandates or ever-increasing regulatory requirements many organizations find themselves with multiple Active Directory forests to manage. Obtaining a centralized view of all audit activity across these forests has proven challenging without a security information or event management (SIEM) solution in place. With the 5.6 release of PowerBroker Auditor for Active Directory, customers will now be able to deploy a single database and management server to manage both the trusted and untrusted forests in an organization all from a single console. Please see a representation of this new capability in the screenshot below. This new capability significantly simplifies administration and management of log data. DNS Auditing of AD Integrated Zones DNS is a vital component of all networks, and is critical to keep Active Directory functioning. Many organizations have opted to use Active Directory to store DNS zones. However, there are numerous changes that are critical to monitor or track down should an issue arise, including: Changes to scavenging Setting up new zone transfers 2
Configuring for non-secure updates Changes to DNSSec Zones Creation, Deletion or Modification of DNS Records The 5.6 update of PowerBroker Auditor adds detailed auditing for configuration and DNS records in Active Directory integrated into DNS zones. For an example of these attributes, please see the screenshot below. Enhancements for Rollback and Recovery Speed Time to Resolution PowerBroker Auditor for Active Directory has long provided transparent integration between backup and audit activity to make object recovery simple. With the 5.6 release, three new capabilities have been added to enhance the product under real work scenarios, including: Multi-Select When performing a bulk recovery, it is frequently due to some unexpected behavior in an IAM system or script that resulted in dozens if not thousands of objects requiring recovery. With version 5.6, customers can now create a search to identify the impacted objects, multi-select and perform a bulk recovery or rollback. Recovery from Audit Viewer The Auditor viewer has always allowed users to perform a rollback of changed attributes, but not recover a deleted object. To recover a deleted object, customers would go to the Recovery or Active Directory Users and Computers snap-ins to recover deleted objects. However, in version 5.6, PowerBroker allows customers to recover deleted objects from the audit event that shows the object deletion. Rollback Queue When performing rollback, you may often need to rollback various items returned from a search. The rollback queue allows you to add items that require 3
rollback to a queue, with all operations performed in a single step. For a representation of this enhancements, please see the screenshot below. Each of these enhancements significantly speeds recovery and time to resolution. Additional Enhancements PowerBroker Auditing & Security Suite version 5.6 also features some of the following enhancements: Web Console The Web Console has added a dashboard to show audit statics, agent status, archive settings, and GPO backup configuration status. Smart Alerts When configured to alert if an event occurs N times over a given period of time, PowerBroker can now include a summary of all the events that required this alert email to be sent. SIEM Alerts SIEM alerts are now able to be configured on a per-alert basis vs. only globally for all events. This enhancement enables certain events to be sent to specific SIEM receivers. For a representation of this capability, please see the screenshot below. 4
About BeyondTrust BeyondTrust is a global security company that believes preventing data breaches requires the right visibility to enable control over internal and external risks. We give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Account Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your organization goes. BeyondTrust's security solutions are trusted by over 4,000 customers worldwide, including over half of the Fortune 100. To learn more about BeyondTrust, please visit www.beyondtrust.com. 5