Last week I gave you a sneak preview of Privilege Guard 3.0 (Edit: now Defendpoint), which will be released at the start of the New Year. We will also be releasing two new add on modules for Privilege Guard, and today I want to give you a preview of the Reporting Pack module.
A critical component of any privilege management solution is the audit trail, which can be used to generate compliance reports and fine tune policies. Privilege Guard logs a variety of events to the local application event log on each endpoint and these events can then be centrally collected using Microsoft Event Forwarding.
Event Forwarding uses Windows Remote Management (WinRM) and enables you to collect events from remote computers and store them in the forwarded event log of a central event collector server. It is an extremely scalable architecture, which is why the Privilege Guard Reporting Pack has been built around this technology. The new Privilege Guard Event Collector software is simply installed on one or more event collector servers and it will automatically aggregate Privilege Guard events and upload them to a SQL Server.
The Privilege Guard Reporting Pack includes a rich set of preconfigured dashboards and reports for executed applications, elevated applications, blocked applications and discovered applications. The latter gives you a breakdown of the applications in your environment that require admin rights to run and those that only require standard user rights. The dashboards and reports all utilize SQL Reporting Services, which allows you to access the reports from a web browser.
Each dashboard provides information on the top 10 applications, a breakdown of applications by publisher and an activity timeline. The timeframe for a dashboard can be switched between 24 hours, 7 days, 30 days and 12 months, to allow recent activity or trends to be displayed. You can drill-down on the graphs within each dashboard to view detailed application reports. Reports can further be filtered on event type, user, computer, application details and date ranges.
Privilege Guard Reporting Dashboard
Edit: Privilege Guard has now evolved into the brand new security suite, Defendpoint, which encompasses Privilege Management, Application Control and Sandboxing. For more information, please visit www.avecto.com/defendpoint.