Aptelisense - Compliance software
Many organizations do their best to protect their security with firewalls, Intrusion Prevention and Identity systems
but when they get audited they still fail for the same old reason: "The administrators have privileges that allow them
to do what they want, when they want and cover their tracks". This is mainly because organizations feel they have to
ultimately place all their trust in their staff to do the right thing. How do you police your staff to make sure that
they don't make important changes without change control or without the relevant people in your organization being alerted?
These changes can be for valid reasons such as during an out of hours call out to prevent an application failing but
quite often these changes are not logged or even worse, they may cause problems further down the track.
The answer is simple: Install Aptelisense Compliance Automation Server (CAS) to monitor, report and take automatic action when monitored changes break your rules.
A great use of CAS is to monitor all changes to accounts in your Microsoft Active Directory. You can configure CAS with rules that do the following example validation:
• Monitor any account deletion, creation or change
• Alert if the changed account name is one of your critical accounts (domain admin account etc)
• Validate the account name making the change against your change control system and alert if no record was found or the time of the change was invalid
• Alert if changes are taking place out of core business hours
• Take automatic action for the account making the change (run a remote program or script)
Because CAS can monitor data from many types of source such as: ODBC, log files, Microsoft Event log, LDAP, OPSEC, it has the ability to cross validate any change taking place with a mixture of static rules and dynamic data source validation. It can validate changes against values, date and time periods and dynamically against ODBC data source. This flexibility allows you to write your own form of security policy using the advanced rules that CAS provides.
CAS is installed or supplied on its own server and only requires read-only access to your data with no application or system changes required.
To increase the separation of duty and security, CAS provides a feature that prevents unauthorized changes to the CAS server configuration. The authorization feature allows you to control which system changes require authorization when the server is running in 'live' mode. If a change is attempted while the system is running in 'live' mode, an authorization alert will be sent to predefined users who can reject or accept the change. If rejected, the change will be automatically backed out, otherwise the change will proceed. All authorization requests are tracked, logged and escalated in the same way compliance alerts are generated.
CAS was designed to be secure and does not trust anyone with its data. It encrypts its configuration and data using a 256 bit algorithm. This means that if someone was to attempt to remove the configuration or data, there would be little risk of the data being legible.
CAS has all the usual security features you would expect, such as account lockout, password aging and ensures that only one administrator user can make changes at a time while allowing others to log in using read only mode. User access to the dashboard is tightly controlled by role based access. It also offers separation of duty by controlling which functions can be performed by the different system roles.
CAS stores all important artifacts (events, alerts, authorization requests and changes) in an encrypted database. CAS will not allow any artifact to be deleted if it was recorded while the CAS server was running in 'live' mode. This ensures that you can always view the history of any live event and provides a good chain of evidence for you auditors.
We would be happy to talk to you about how CAS can easily accomplish monitoring of your security requirements. Please supply your contact details and we will be back in touch as soon as possible