Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Audit domain controller logon activity: ADAudit Plus User Logon report

ManageEngine ADAudit Plus is a UBA-driven auditor that bolsters your Active Directory (AD) security infrastructure. With over 250 built-in reports, it provides you with granular insights into what’s happening within your AD, such as all the changes made to objects and their attributes. This can include changes to users, computers, groups, network shares, and more.

Using Windows Defender Credential Guard to Protect Privileged Credentials

The compromise of a single Active Directory credential can lead to unauthorized access to your servers, applications, virtualization platforms and user files across your enterprise. One of the reasons for credential vulnerability is that Windows stores credentials in the Local Security Authority (LSA), which is a process in memory.

Cutting Down the AD Red Forest

Microsoft recently updated its guidance for how organizations should approach privileged access in Active Directory (AD). A key component is shifting from the tiered access model (TAM) and the Enhanced Security Admin Environment (ESAE) (also known as the Active Directory Red Forest) to the Enterprise Access Model (EAM). This article explains the drawbacks of the older models and the key principles of EAM.

Four Challenges with Monitoring Active Directory Security

With attackers constantly developing new tactics to compromise credentials and data, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activity. Many organizations turn to security information and event management (SIEM) products for help.

Attack Path Mapping with BloodHound AD

Once an attacker establishes a foothold in your Active Directory (AD) domain, they begin looking for ways to achieve their final objective, such as to sensitive data on file servers or in databases, spread ransomware or bring down your IT infrastructure. To do so, they must first gain additional access rights — ideally, membership in highly privileged groups like Domain Admins. BloodHound Active Directory helps them find paths to do just that.

Audit your users' logons: ADAudit Plus User Logon report

ManageEngine ADAudit Plus is a UBA-driven auditor that fortifies your Active Directory (AD) security infrastructure. With over 250 built-in reports, it provides you with granular insights into what’s happening within your AD, such as all changes made to objects and their attributes. This can include changes to users, computers, groups, network shares, and more.

What Is the Kerberos PAC?

The Privileged Attribute Certificate (PAC) is an extension to Kerberos service tickets that contains information about the authenticating user and their privileges. A domain controller adds the PAC information to Kerberos tickets when a user authenticates in an Active Directory (AD) domain. When Kerberos ticket services are used to authenticate to other systems, they can retrieve the PAC from a user’s ticket to determine their level of privileges without having to query the domain controller.

Getting Started With Teleport Desktop Access

In this video, we'll configure Teleport and Active Directory to provide secure, passwordless access to Windows desktops. In addition, you get Teleport's RBAC system to control access to these Windows desktops, support for copying and pasting to and from remote hosts, as well as Teleport auditing capabilities to capture logs and recordings of all desktop connections.