New Features Highlights for PowerBroker Auditing & Security Suite 5.1
Cell Auditing in PowerBroker Identity Services Assists in Security and Governance
PowerBroker Identity Services
is an Active Directory bridge, which means it permits users to login to Unix, Linux and Mac using AD credentials. For bridged accounts, five (5) key attributes for the accounts and groups are stored in AD: the UID, GID, GECOS, Home Directory and Login shell.
In many customer environments, a user needs multiple “personalities” where their stored attributes will be different on different systems. In PowerBroker Identity Services these personalities are stored in cells. For compliance and security reasons it is critical for organizations that these attributes are audited similar to the POSIX attributes that are stored on the user account.
With this release of PowerBroker Auditor, in addition to auditing the default cell, we have added auditing of changes to named cells. This means that when any of the user personalities stored in the default cell or named cells are modified admins will have an audited event for those changes. These attributes are used to control access to systems and what files and folders can be access on those systems. By having a detailed audit trail of changes to these attributes it will assist in security and governance.
Backlink Auditing Provides Additional Visibility
Linked attributes in Active Directory are a pair of attributes where the value of one attribute, referred to as a backlink attribute, is calculated by the system. In a standard schema there are around 40-plus backlink attribute pairs. Traditional auditing only captures the change of the attribute that is not calculated by the system. An example of this is when a change to group membership is a direct change, however for the object added to the group there is an attributed called memberOf which is a system-calculated value that is tied to group membership.
With this release PowerBroker Auditor, the system will generate an audited event for the system-calculated values. When tracking changes that have a direct impact on an object the ability to know when a backlink change occurs is critical. If admins are tracking all changes to a user, knowing the user is added to a group or their manager or direct reports are changed is important. This release provides that visibility.
Roll-based Access Control in the Web User Interface Helps to Enforce a Least Privilege Model
Individual users or groups of users will require access to different modules in the PowerBroker Auditor web interface. Users will either need administrative rights to grant other users access to the content, or will need logon rights and access to data from specific modules.
With version 5.1, the Access control section now allows administrators to grant users or groups of users access to only the required modules. For a representation of this new capability, please see the screenshot below.
Security best practice suggests organizations should implement a least privilege security model. This new role option will enable admins to grant user access to only needed PowerBroker Auditor suite modules to gather needed audit information.
Ability to Disable an AD Alert without Deleting it
In previous PowerBroker Auditor releases alerts were enabled upon creation without an option to disable them. This meant that if an admin wanted to turn off an alert for a period of time they needed to delete the alert. Once the alert was deleted all defined criteria was lost.
With PowerBroker Auditor version 5.1, an option has been added to enable and disable alerts. This allows alerts to be disabled without requiring them to be deleted, simplifying the alerting process. For a representation of this capability, please see the screenshot below.
- Data Access Control: PowerBroker Auditor for File Systems now implements a delegation model that mirrors all other modules in the PowerBroker Auditing & Security Suite to restrict access to collected audit data.
- Search Enhancements in the Web User Interface: Minor enhancement have been made to the date and time search option to mirror the capabilities of the desktop client. In this release added options include filtering events that occurred in the last user-defined interval of minutes, hours, days, weeks, or months. This allows searches that are dynamic to an environment and short time windows when troubleshooting issues.