BeyondTrust has released version 5.1 of PowerBroker Auditing & Security Suite, our solution for centralized real-time change auditing for Active Directory, File Servers, Exchange, and SQL, and recovery of Active Directory objects or attributes. This new release features some exciting enhancements – especially around deeper auditing. Read on for more.
Cell Auditing in PowerBroker Identity Services Assists in Security and Governance
PowerBroker Identity Services is an Active Directory bridge, which means it permits users to login to Unix, Linux and Mac using AD credentials. For bridged accounts, five (5) key attributes for the accounts and groups are stored in AD: the UID, GID, GECOS, Home Directory and Login shell.
In many customer environments, a user needs multiple “personalities” where their stored attributes will be different on different systems. In PowerBroker Identity Services these personalities are stored in cells. For compliance and security reasons it is critical for organizations that these attributes are audited similar to the POSIX attributes that are stored on the user account.
With this release of PowerBroker Auditor, in addition to auditing the default cell, we have added auditing of changes to named cells. This means that when any of the user personalities stored in the default cell or named cells are modified admins will have an audited event for those changes. These attributes are used to control access to systems and what files and folders can be access on those systems. By having a detailed audit trail of changes to these attributes it will assist in security and governance.
Backlink Auditing Provides Additional Visibility
Linked attributes in Active Directory are a pair of attributes where the value of one attribute, referred to as a backlink attribute, is calculated by the system. In a standard schema there are around 40-plus backlink attribute pairs. Traditional auditing only captures the change of the attribute that is not calculated by the system. An example of this is when a change to group membership is a direct change, however for the object added to the group there is an attributed called memberOf which is a system-calculated value that is tied to group membership.
With this release PowerBroker Auditor, the system will generate an audited event for the system-calculated values. When tracking changes that have a direct impact on an object the ability to know when a backlink change occurs is critical. If admins are tracking all changes to a user, knowing the user is added to a group or their manager or direct reports are changed is important. This release provides that visibility.
Roll-based Access Control in the Web User Interface Helps to Enforce a Least Privilege Model
With version 5.1, the Access control section now allows administrators to grant users or groups of users access to only the required modules. For a representation of this new capability, please see the screenshot below.
Security best practice suggests organizations should implement a least privilege security model. This new role option will enable admins to grant user access to only needed PowerBroker Auditor suite modules to gather needed audit information.
Ability to Disable an AD Alert without Deleting it
With PowerBroker Auditor version 5.1, an option has been added to enable and disable alerts. This allows alerts to be disabled without requiring them to be deleted, simplifying the alerting process. For a representation of this capability, please see the screenshot below.
Check out the new features document or watch a brief video for a complete rundown of new features and capabilities, and if you would like to learn more about PowerBroker Auditing & Security Suite, let us know!
Rod Simmons, Director Product Management, BeyondTrust
Rod Simmons brings more than 15 years of system security experience to BeyondTrust, designing solutions for the company’s portfolio of Privileged Account Management solutions for enterprise environments. Prior to his role at BeyondTrust, Rod spent more than four years with Dell/Quest software, where he served as the director of technical strategy. Earlier in his career, Rod was the director of product management at Netpro Computing, where he managed the technical and business direction of all products for the Microsoft Platform.