PowerBroker Auditing & Security Suite 5.6: Cross-Forest Support, Enhanced Rollback and More

Rod Simmons, Director Product Management
December 19th, 2017

active directory auditing

I am pleased to announce the latest release of BeyondTrust’s real-time change auditing solution, PowerBroker Auditing & Security Suite. Version 5.6, announced publicly today, adds more capabilities for auditing, alerting and rollback. Keep reading below for more on these and other enhancements.

Cross-Forest Support Simplifies Management and Auditing

Whether because of mergers, security mandates or ever-increasing regulatory requirements many organizations find themselves with multiple Active Directory forests to manage. Obtaining a centralized view of all audit activity across these forests has proven challenging without a security information or event management (SIEM) solution in place.

With the 5.6 release of PowerBroker Auditor for Active Directory, customers will now be able to deploy a single database and management server to manage both the trusted and untrusted forests in an organization – all from a single console. Please see a representation of this new capability in the screenshot below.

This new capability significantly simplifies administration and management of log data.

DNS Auditing of AD Integrated Zones

DNS is a vital component of all networks, and is critical to keep Active Directory functioning. Many organizations have opted to use Active Directory to store DNS zones. However, there are numerous changes that are critical to monitor or track down should an issue arise, including:

  • Changes to scavenging
  • Setting up new zone transfers
  • Configuring for non-secure updates
  • Changes to DNSSec Zones
  • Creation, Deletion or Modification of DNS Records

The 5.6 update of PowerBroker Auditor adds detailed auditing for configuration and DNS records in Active Directory integrated into DNS zones. For an example of these attributes, please see the screenshot below.

Enhancements for Rollback and Recovery Speed Time to Resolution

PowerBroker Auditor for Active Directory has long provided transparent integration between backup and audit activity to make object recovery simple. With the 5.6 release, three new capabilities have been added to enhance the product under real work scenarios, including:

  • Multi-Select – When performing a bulk recovery, it is frequently due to some unexpected behavior in an IAM system or script that resulted in dozens – if not thousands – of objects requiring recovery. With version 5.6, customers can now create a search to identify the impacted objects, multi-select and perform a bulk recovery or rollback.
  • Recovery from Audit Viewer – The Auditor viewer has always allowed users to perform a rollback of changed attributes, but not recover a deleted object. To recover a deleted object, customers would go to the Recovery or Active Directory Users and Computers snap-ins to recover deleted objects. However, in version 5.6, PowerBroker allows customers to recover deleted objects from the audit event that shows the object deletion.
  • Rollback Queue – When performing rollback, you may often need to rollback various items returned from a search. The rollback queue allows you to add items that require rollback to a queue, with all operations performed in a single step. For a representation of this enhancements, please see the screenshot below.

Each of these enhancements significantly speeds recovery and time to resolution.

Additional Enhancements

PowerBroker Auditing & Security Suite version 5.6 also features some of the following enhancements:

  • Web Console – The Web Console has added a dashboard to show audit statics, agent status, archive settings, and GPO backup configuration status.
  • Smart Alerts – When configured to alert if an event occurs N times over a given period of time, PowerBroker can now include a summary of all the events that required this alert email to be sent.
  • SIEM Alerts – SIEM alerts are now able to be configured on a per-alert basis vs. only globally for all events. This enhancement enables certain events to be sent to specific SIEM receivers. For a representation of this capability, please see the screenshot below.

For a complete demonstration of these new features and even more enhancements not mentioned here, read the What’s New features document, or check out the release notes.

Rod Simmons, Director Product Management

Rod Simmons brings more than 15 years of system security experience to BeyondTrust, designing solutions for the company’s portfolio of Privileged Account Management solutions for enterprise environments. Prior to his role at BeyondTrust, Rod spent more than four years with Dell/Quest software, where he served as the director of technical strategy. Earlier in his career, Rod was the director of product management at Netpro Computing, where he managed the technical and business direction of all products for the Microsoft Platform.