Understanding who is opening another user's mailbox is an integral Compliance requirement within any regulated institution. Whether Security needs to monitor executive mailboxes for users probing for information on confidential material, or find the Exchange administrators taking advantage of their elevated mailbox support rights, it is pertinent to have a single consolidated view that highlights these access violations.
Data leakage can cause both financial and reputational damage to an organization. The business, with the IT team, needs to come together to identify what should be monitored and how, while ensuring that the tools implemented do not pose risk to the integrity of the systems.
There are tools in the market that can answer this business question using a variety of unique approaches. Most common is an agent that sits on the Exchange server and runs within the Exchange process, intercepting the traffic. This provides in-depth and granular details around who is doing what in the monitored mailboxes. This agent approach provides an abundant amount of information, but it also poses significant risk of causing serious outages on the systems. Other solutions scan the event log for specific event IDs that identify access violations. Again, these solutions provide the required data, but require administrators to turn up diagnostic logging. For larger organizations, this is often not a viable option, as the amount of events logged when diagnostic logging is turned up can cause a significant volume influx of events. Maintaining history can become very difficult.
A new and different approach, from STEALTHbits Technologies, is similar to the agent variety, but does not pose as much risk. This approach utilizes the existing WMI/PowerShell queries, as you would see in ESM, to find non-owner access. You also maintain history on this data as Microsoft overwrites previous data as soon as the user logs out of the mailbox. Additional data processing and business intelligence isolates executives and rogue admins for focused monitoring. This approach eliminates the risk of an outage as it simply uses the native Windows Scheduler on the remote Exchange server that sits idle and on low priority, watching the resources around it.
Whether understanding access violations is a requirement in an organization or not, it is certainly a common request from senior management. Instead of implementing a "big brother" solution that quietly monitors logon violations, some organizations choose to notify the mailbox owner immediately with this information. In either case, the technology remains the same, and it is pertinent to find a solution that not only meets the business needs, but also does not cause any degradation in services.
By Rita Gurevich, Director of Messaging & Mobility Solutions
Friday, September 18, 2009
Wednesday, September 16, 2009
Welcome!
A Bit About Us:
STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft Infrastructure and Application Management space.
Unlike traditional Frameworks that are a mile wide and an inch deep, STEALTHbits has taken a unique approach. Built upon a common framework and shared services, the StealthAUDIT Management Platform (SMP) is as broad as it is deep across multiple areas of OS and application data colletion, analysis, reporting, and remediation. With concentrated focus around the Windows OS and File System, Exchange, Active Directory, BlackBerry, and SharePoint, SMP provides organizations of all sizes the visibility needed to manage systems and applications effectively and efficiently through a single interface, a common platform, and light-weight architecture.
A multi-national organization with customers in dozens of countries around the world, STEALTHbits’ products are utilized and relied upon on a daily basis to streamline operations, increase efficiencies, automate processes, and reduce downtime and outages through both proactive and reactive management of your mission-critical infrastructure.
About the Blog:
On this blog you'll see posts by some of our amazing employees, on topics ranging from what we do to where we think technology is headed to common issues with the IT Management spaces we deal with. We want to be part of your online conversation about Windows, Exchange, BlackBerry, Active Directory, Public Folders, SharePoint, File Systems, and any other "Mission Critical" systems or applications you use to manage your business. We also want to discuss innovative solutions to common (and even not so common) problems, and make sure that our impact on the technology sector is always cutting-edge.
Please feel free to email us with questions or comments at blog@stealthbits.com. We can't wait to hear from you!
STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft Infrastructure and Application Management space.
Unlike traditional Frameworks that are a mile wide and an inch deep, STEALTHbits has taken a unique approach. Built upon a common framework and shared services, the StealthAUDIT Management Platform (SMP) is as broad as it is deep across multiple areas of OS and application data colletion, analysis, reporting, and remediation. With concentrated focus around the Windows OS and File System, Exchange, Active Directory, BlackBerry, and SharePoint, SMP provides organizations of all sizes the visibility needed to manage systems and applications effectively and efficiently through a single interface, a common platform, and light-weight architecture.
A multi-national organization with customers in dozens of countries around the world, STEALTHbits’ products are utilized and relied upon on a daily basis to streamline operations, increase efficiencies, automate processes, and reduce downtime and outages through both proactive and reactive management of your mission-critical infrastructure.
About the Blog:
On this blog you'll see posts by some of our amazing employees, on topics ranging from what we do to where we think technology is headed to common issues with the IT Management spaces we deal with. We want to be part of your online conversation about Windows, Exchange, BlackBerry, Active Directory, Public Folders, SharePoint, File Systems, and any other "Mission Critical" systems or applications you use to manage your business. We also want to discuss innovative solutions to common (and even not so common) problems, and make sure that our impact on the technology sector is always cutting-edge.
Please feel free to email us with questions or comments at blog@stealthbits.com. We can't wait to hear from you!
Subscribe to:
Posts (Atom)
