300 Words On Active Directory Security On a Friday Afternoon

“If you don’t get Active Directory security right, you’re not going to get security right”—Agree or disagree; explain in 300 words and show your work.

Agreed, says NetIQ. NetIQ product managers spoke to us recently about security and NetIQ products. The company has recently done several things to position itself more firmly in the Active Directory (AD) and security arena. To its Directory and Resource Administrator, it’s added the most granular auditing and reporting available on the market, the company says. And it added automation to help customers more efficiently provision, deprovision, and, in this era of layoffs, reprovision employees.

The company also announced a partnership with Centrify, maker of the DirectControl and DirectAuthorize solutions that enable security across AD and non-Windows environments. That partnership grew out of a realization that maintaining and managing identities across heterogeneous systems can be difficult, to say the least.

NetIQ sees its customers facing several challenges:  how to secure critical info, how to meet compliance requirements, and how to monitor activity of users. Organizations are increasingly relying on AD to help them drive down admin costs and secure data while at the same time they’re realizing what a wealth of information is available  in AD—potentially available to the wrong person with the wrong motivation to use it. The trend will continue to need to manage identities more broadly across platforms, and companies will need to address automating AD functions for security and to save admin time. Additionally, as more companies start using Microsoft SharePoint, they’ll need to decide how to manage and secure the wealth of data it contains.

Discuss this Blog Entry 2

on Jul 14, 2010
Your articles really hit home. This one and the one "Auditing Active Directory? Of Course Not!!" show how important it is to audit changes in Active Directory and to automate these tasks. Organizations need to be proactive and setup proper Auditng and event archival before the barn begins to burn. Likewise, setting up templates for provisioning and locking down AD admin access should be done before organizations come face to face with security breaches. Like the one mentioned here, Ensim, Quest and others have some great solutions at an affordable price. Even in this economy there is no excuse for not being secure. Some of these companies have really affordable products. The recent announcement by Ensim that offers its AuditManager at $3K per Admin is a boon to SMBs. I urge everyone to check out their solutions @ ensim.com. thanks
on May 24, 2010
Thanks Caroline, I enjoyed our discussion. I expand on many of these topics on my blog: http://community.netiq.com/blogs/all_things_admin/default.aspx. I just spoke with an organization the other day that had an Active Directory security breach at the domain admin level. Unfortunately, with native tools, there was no audit trail, so they couldn’t perform forensics to determine how and when the breach occurred. This furthers the case for monitoring privileged users and logging their activities.

Please or Register to post comments.

What's Active Directory, GPO, and Identity Blog?

Guiding IT professionals on Microsoft Windows AD, GOP, and identity technical challenges by providing expert how-to instructions, tips, and tools.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×