STEALTHbits

5 Questions about STEALTHbits' New Active Directory Solution

2011-04-29T16:06:00.001-04:00

We keep our eyes and ears peeled on your behalf here at STEALTHbits Headquarters, and we recently overheard some really cool news about an Active Directory project that’s under way (and under wraps). We convinced Adam Laub, VP of Marketing, to sit down with us for just 5 questions about this mystery solution.

Daria: Word on the street has it that there's something called "Interceptor" technology that's coming. What is it?

Adam: How do you guys hear about these things?! I can't say much at this point, but I can tell you that StealthINTERCEPT is a hot new technology that will allow our customers to lock-down Active Directory from unauthorized changes, and to get real-time notifications.

D: What business benefits can users expect?

A: This is part of our larger data governance initiative, which helps our customers take back control of their unstructured data. Active Directory is a key and often overlooked piece of the puzzle. If you're not securing AD, then all you're leaving a door wide open.

D: So when can we expect to see this?
A: Soon! We have test sites running it already. You'll have to stay tuned for details.

D: Is this part of an upgrade to the StealthAUDIT Management Platform?
A: Yes and No. StealthINTERCEPT technology is new and stands on its own, but also integrates with the StealthAUDIT Management Platform.

D: Do you guys practice these vague answers?
A: Absolutely.

D: So how is this real-time technology going to work?
A: Sorry, that's five questions!

We're certainly intrigued. We'll be sure to keep you posted on this blog and in our monthly newsletter as this develops, so stay tuned. This is gonna be big.

High Risk(y) Business: Controlling the Threat of High Risk Shares

2011-03-23T13:19:00.001-04:00

Try this: go to your favorite search engine, and type in “high risk share.” Chances are, you’ll get the same thing I did: pages and pages of financial information dealing with risky shares as they pertain to stocks. The definition and even identification of a high risk stock is fairly straightforward (at least in theory). In the IT space, though, high risk shares are much broader in term, and can be difficult to identify (which, in turn, makes them difficult to govern). Unlike a stock market, which appears in a uniform way to all investors in that market, high risk data repositories vary across organizations based on individual access settings, permission needs, departmental requirements, and more.
One way to look at it is in terms of access. If a file or share is accessible by a very large number of users (through well-known security principles like “Everyone,” for instance) the chances increase that it would be considered at “high risk.” At the same time, organizations often purposely leave folders at the top level open because they’re commonly used across the board. So where’s the risk then, exactly?
Risk comes into play when open permissions at the top level filter down through effective rights to permissions several levels below. Because effective rights are difficult to identify (take our effective rights quiz to see how well you do), they can leave sensitive data open to many more people than need or should have access to it.

To learn more about high risk shares, and how to identify and remedy them, watch our STEALTHsession on Controlling the threat of High Risk Shares.

Controlling SharePoint Sites

2011-02-18T16:50:00.002-05:00

SharePoint is growing more and more prevalent in organizations, and offers a great way for users to interact and share content remotely for collaboration on projects. With the increasing use of SharePoint, however, SharePoint admins are facing the same issues that plagued (and, in many cases, continue to plague) administrators of the distributed file system. Increasingly, sites are growing stale, violating ethical wall regulations, and being deemed “high risk” in terms of access and permissions settings.

Each of these issues have their own steps for mitigating the risk associated with them, which we’ll discuss in more detail below, but it’s worth noting that what they all have in common is the need for data that will help identify the problem. After all, you can't fix it if you don’t know that it’s broken.

High Risk Repositories

Sites classified as being at “high risk” are those that are effectively open to your entire organization. This happens because site managers can assign trustees, who can, in turn, assign permission that expose content to too many people. Some examples of these kinds of permissions are “Authenticated Users,” “Domain Users,” and “Anonymous Logons.” When identifying high risk repositories, it’s important to examine effective rights; just because a user does not have access through one set of permissions does not mean that all of their assigned permissions will keep them from being able to read, write, modify, or even delete content. Explore how users have access to identify what, exactly, is at risk, and then work to lock down permissions.

Controlling Stale Content

Stale content in SharePoint is similar to stale content within Active Directory and the File System – it hasn’t been modified in a long time. Continuous monitoring is required to determine the last time a site was used, and working together with the data custodians who created the sites that you have identified as stale is important to ensure that it’s okay to remove them. Keeping stale sites out of your SharePoint farms will help with simpler management. It’s important to note here that, if a SharePoint site has child sites, SharePoint won’t let you delete the parent site. This is why it’s especially important to reach out to probable owners of sites to gather more information before proceeding.

Ethical Walls

Ethical walls differ by organizations, and apply to most collaborative file systems, including SharePoint. The need for ethical walls stems from the requirement to separate the data that discrete groups within the organization can see. Maybe your organization wants to keep the engineering department’s plans for product upgrades out of the hands of the sales team, or your finance team shouldn’t have access to the investment team’s quarterly assessments. Whatever the reason, one way to identify if ethical wall violations occur is to see where SharePoint group have common access, then corroborate that access within Active Directory to ensure that trustees can only see what they are supposed to.

To learn more about how SMP makes managing SharePoint easy, please view our Controlling SharePoint Sites STEALTHsession, or request a fully-functional product trial.

The Exchange Mailbox Mess

2011-02-15T14:09:00.004-05:00

Permissions get messy over time. Whether it’s in Exchange, SharePoint, the File System, Active Directory, or elsewhere, people will enter and leave the organization, change roles, and require different levels of access as time goes on. Exchange mailbox permissions offer a particular challenge because of multiple layers of access: permissions associated to mailboxes, delegate rights assigned, and even mailbox rights in Active Directory on the user’s account.

Multiple problems can result: Default and Anonymous access can be set incorrectly, default settings could have been changed, Stale and Zombie SIDs could be applied, or disabled accounts in AD could have been given access. Compounding the problem, effective rights are difficult to discern because of the various “gates” that a person can use to get access.

Largely, the problem stems from the sheer amount of data, exacerbated by time and natural changes in personnel. It’s that same vast number of settings that makes it difficult to solve the problem in an environment; imagine finding an access issue that exists in 500 users’ accounts. Changing them one at a time could take days, and requires the use of precious IT resources.

A complete solution offers the option of making changes in bulk, in accord with data that exactly identifies an issue or anomaly. To learn more about Exchange Mailbox management challenges, and see what STEALTHbits can do to help, check out this video of our Mailbox Action Module STEALTHsession.

Back to Basics for Security: Why Industry Compliance Regulations Matter, and Why They're Hard

2011-01-24T17:43:00.003-05:00

We talk about governance and compliance a whole lot on this blog, and for good reason. Across the board, IT security is a difficult undertaking, and it’s becoming more challenging by the day. For one thing, security threats from outside of the organization have only increased in the last few years, with hackers becoming more sophisticated. From the glamorization of hacking in popular culture (see Girl With A Dragon Tattoo hacker heroine Lisbeth Salander) to “hacking kits” available online (see Business Day on 1/18/2011), the constant threat of external attack is front and center on a daily basis. Perhaps even more dangerous, the threat from inside (like the alleged catalyst of Wikileaks, for instance) is alive and well, and often gets overlooked as organizations scramble to defend their perimeters.
The process for securing data and systems starts with protecting your resources by eliminating (or, at the very least, controlling) vulnerability, continues with active monitoring to detect deviations from norms and standards, and culminates with corrections for exceptions. Underlying all of these processes are industry-centric compliance regulations that ensure that all organizations in a particular vertical are adhering to the same strict security standards.
IT departments follow these regulations in an effort to pre-empt attacks and plug holes. Unfortunately, the tedious nature of the checkpoints for particular compliance standards makes them difficult for administrators to adhere to, potentially leaving environments fatally vulnerable. The problem stems from the fact that the data—detailed accounts of access, permissions, changes, etc. for users and groups, as well as patch and security configurations for systems—is difficult to come by. Extrapolate that difficulty by hundreds or even thousands of users and boxes, and millions and billions of files, and you begin to see the pain point. What’s more, even an exceedingly complex query may only be answering one of many compliance checkpoints from standards councils like PCI, HIPPA, NERC, and SOX.
The key to industry compliance, then, is a way to collect data once, and then use that data to check against an entire list of requirements. This approach will allow administrators to shift from data-gatherers to pro-active threat blockers. After all, discovering that Lisbeth Salander has rights to your system is only half the battle.
For more about our solution to the compliance-adherence problem, check out this video on the Compliance Baseline Manager.

The SharePoint Governance Challenge

2011-01-13T16:27:00.004-05:00

Microsoft SharePoint has become a leading solution for enterprise collaboration and document management. SharePoint supports a decentralized approach to administration, allowing organizations to assign Site Collection Administrators and Site Owners responsibilities for managing subsets of SharePoint content. While this delegation of responsibility may streamline the collaborative process in ways, it comes at a cost. Without proper governance plans in place within your SharePoint environment, SharePoint sites can begin to sprout up uncontrollably and may only be used for a matter of weeks, if at all. Eventually, you can end up with a chaotic SharePoint farm with content and permissions completely out of control and almost impossible to remediate.

Being able to take back control of your SharePoint environment can be a daunting task, but it must be done to have an efficiently managed SharePoint farm with proper governance in place. This is important to do before performing a SharePoint migration from SharePoint 2007 to SharePoint 2010. You wouldn’t move every piece of junk from your garage and attic into a new house without first sorting through them and only boxing up what you needed to bring with you. The same can be said for SharePoint. If your SharePoint farm is out of control with site, content and permission sprawl, you must go through and decide what you need to bring with you to your new SharePoint farm, and ensure it is neatly packaged with the proper permissions wrapped around it before moving it over. Even if you are not migrating to a new farm, if you are going to implement a governance plan (which is highly recommended) you need to get your farm in order before doing so.

The StealthAUDIT Management Platform is a great tool that provides the means to gain complete insight into your SharePoint environment in order to effectively take control and enforce your governance plan. Even the best SharePoint governance plan can only help you control your SharePoint environment after it has been enforced. SA provides invaluable information about your SharePoint content, activity, permissions and infrastructure that is not only necessary BEFORE implementing a governance plan or performing a migration, it is vital for continuous monitoring of your environments to ensure the governance plan is being effective.

WikiLeaks and Data Governance

2010-12-02T11:27:00.002-05:00

WikiLeaks has spotlighted the susceptibility of public and private sector entities to fall victim to disclosures of confidential information. The fact of the matter is, if Wikileaks gets shut down tomorrow, there are thousands of others like them.

The only way to address risks of this nature is to understand and lock down the permissions on the file system and other shared data repositories within companies and agencies. However, a typical file system at a Fortune 100 financial institution can contain trillions of permissions. As a result, the “Who? What? Where? and When?” are particularly difficult questions to answer due to 20+ years of file system management, migrations, natural organizational turnover, mergers and acquisitions, domain consolidations, and the sheer volume of data.

All of these situations cause massive “permission sprawl” in the file system, leaving organizations exposed to unauthorized access and disclosure.

Yesterday, in response to WikiLeaks, President Obama mandated that all agencies ensure that workers have access exclusively to what is necessary for their jobs. OMB Director Jack Lew said there is a zero tolerance policy under the new directive. There are ways to mitigate the associated risks of leakage of sensitive, confidential, or proprietary data; an essential first step is to understand who has access to the data, who is accessing the data, and who no longer needs privileges to specific data repositories.

Enforcing least privilege access is a daunting task at any sized organization, but taking a few initial steps to clean up and enforce permission standardization across all data repositories goes a long way towards reducing exposure of data to internal threats. Simple steps towards securing the infrastructure include controlling high risk or open repositories, removing individualized access in favor of alignment with group / role-based access, reducing permissions sprawl, and enforcing ethical walls.

Key Business Problems for Systems & Data Admins

2010-05-14T11:34:00.006-04:00

We wanted to take a minute and discuss some of the key business problems that Systems and Data Administrators face on a daily basis. Hopefully, bringing them to light will help you to examine what's going on in your organization's environment, and will help you to preempt some potentially costly situations.

There are three main areas that, in the places that they intersect, form the basis for data with real Business Value:

When you look at your environment, the areas of biggest concern can be broken down even further.

Permissions –Starting with Active Directory, users and groups form the foundation of control over what resources can be accessed on the Domain. Windows and distributed file systems extend the boundary of where users and groups can be created and have access to the resources that reside on those systems. Digging even deeper, users and groups can be granted access to shares, folders, and even to individual files. In order to assess and/or secure your data, all of those points and inheritance spots must be evaluated and considered in the equation of determining a user’s effective level of access to resources on the Domain. Care must be taken before removing users from any of those permission points, as the removal or deny action could break their access to other valid and business critical resources across the domain.

Changes – Knowing who has what level of access to resources is important. Knowing who gave out that access or who is using their access to interact with resources is critical, especially when something goes wrong.

Content – On average, storage costs organizations $55/GB of data per month to maintain. Gartner estimates that 70% of unstructured data goes untouched 90 days after creation. That translates into gigabytes to terabytes of stale data, depending on the size of your user base. Archiving data to lower cost storage tiers can help or slow the capacity demands, but deleting the data will actually free up valuable storage resources.

Active Directory Maintenance & Cleanup

2010-05-12T12:38:00.003-04:00

If you're an Active Directory administrator dealing with Maintenance and Cleanup of your systems, you know what a daunting task it can be. To help, we've come up with a list of Best Practices / Tips that every admin should know:

Users
User objects are often tied directly to different application and
service licensing agreements. Many organization get around this
issue by negotiating to an official employee count. Beyond licensing,
user objects left in AD create overhead for the directory backup,
restore, and other application synchronization tasks. They make
finding the right user more difficult, which leads to wrong users
being added to resources, security groups, and distribution groups.
The impact to your messaging environment includes a growing
Global Address List, longer download times for mobile users,
misdirected email messages, and extra disk space that’s required for
abandoned mailboxes and system processing when email is returned
from mailboxes that are at capacity. Cleaning up stale and unneeded
user objects reduces the operational impact, end user experience,
unintentional actions, and also reduces security exposure where
older accounts are prime targets for hackers.

TIP 1: Combat these risks by using each user object’s Last Logon to
Domain timestamp as an indicator to find stale and unneeded
employee, contractor, and service accounts.

TIP 2: Survey managers at least on an annual basis to re-certify these
accounts and/or request permission to disable and/or delete them.

Computers
Computer objects are continually added for servers, workstations,
and mobile devices. Much like user objects, these are usually tied
directly to different application and service licensing agreements.
Inaccurate system counts can lead to gross overpayments for
applications and services. Active Directory is supposed to be the
authoritative source for understanding and securing what’s in your
infrastructure, but when these stale objects are not maintained, the
information becomes unreliable. Any application that relies on the
systems stored within AD will begin to have issues with finding and
interacting with systems, which may cause failures or delays due to
processing times. Cleaning up stale and unneeded computer objects
reduces operational impact, administrative time, and unintentional
actions. It also reduces security risks, as older accounts are prime
targets for hackers.

TIP 3: Combat risk by using each computer object’s Last Logon to
Domain timestamp as an indicator to find stale and unneeded
servers, workstations, and mobile devices.

Tip 4: Survey managers at least on an annual basis to re-certify these
accounts and/or request permission to disable and delete them.

Tip 5: Track and trend system administrators/custodians while
systems are in production for reference when systems are offline,
having issues, missing, or being retired.

Distribution Groups
Having an excessive amount of stale or unneeded Distribution
Groups causes situations where mail can be misdirected, and
increases the potential for security leaks, where sensitive
information gets sent to inappropriate individuals, groups, or even
outside parties.

Tip 6: Track and trend message logs for a review of who is sending to
what distribution groups, as well as, what distribution groups are no
longer being sent to at all.

Tip 7: Review distribution groups that are nested inside other
distribution groups to identify exceptions of direct mailing statistics.

Tip 8: Survey managers at least on an annual basis to re-certify
groups and their direct and effective membership, and/or request
permission to delete any that are no longer needed.

Security Groups
Security Groups, in addition to their user accounts, define what
individuals have access to within the infrastructure—including
computers, applications, and data. Stale or unneeded Security
Groups in the environment present confusion, and often there’s no
oversight to ensure that direct and effective group memberships are
accurate.

Tip 9: Review the last Direct or Effective Member Change Date as an
indicator of security groups that have gotten stale or are no longer
needed.

Tip 10: Survey managers at least on an annual basis to re-certify
groups, their direct and effective membership, and/or request
permission to delete any that are no longer needed.

To see the rest of the tips, an introduction to Active Directory Cleanup, and an overview of how tools like StealthAUDIT can help you with your maintenance processes, visit our Active Directory page!

PCI Compliance

2010-04-23T15:59:00.003-04:00

Why was PCI DSS developed?
Privacy and security breaches involving credit card transactions pose a clear danger to credit card companies and financial institutions. The PCI DSS standard was developed at the urging of large credit card companies to help organizations that process credit card payments to prevent privacy and security breaches through hacking and other means. The standard became mandatory for all companies that process credit card payments in 2008.

Companies that are not PCI compliant can be subject to heavy fines enforced by the credit card companies. Fines may be as high as $500,000 per privacy and security breach if merchants are discovered to be non-compliant. For example, in 2006, Visa alone levied almost $5 million in fines. In 2007, Visa levied a $880,000 penalty against the bank involved with TJX's privacy and security breach. In the worst case scenario, merchants could also risk losing the ability to process customers' credit card transactions. PCI DSS helps facilitate the broad adoption of consistent data security measures around the world. The standard helps assure customers using credit cards that the steps are in place to protect their information and privacy, which is under threat from cyber criminals.

The StealthAUDIT Management Platform and our new Systems & Data Governance Solutions help fulfill requirements and augment processes for organizations with a Microsoft-based infrastructure. It will also verify on a constant basis that many of the requirements are in place, configured properly, and operating as expected. PCI DSS has 6 main categories and 12 requirements.

6 PCI Categories:
1. Build and maintain a secure network - Organizations must install and maintain a firewall configuration to protect cardholder data. As well, they should not use vendor-supplied defaults for system passwords and other security parameters.
2. Protect cardholder data - Organizations are required to protect stored cardholder data and encrypt transmission of that data across open and public networks.
3. Maintain a vulnerability management program – Organizations must use and regularly update anti-virus software. PCI rules mandate that organizations develop and maintain secure systems and applications that protect against known vulnerabilities that hackers can exploit.
4. Implement strong access control measures - Access to cardholder data by business must only be restricted to those with a need-to-know basis. Every member of your organization with computer access should be given a unique ID. As well, steps must be taken to restrict physical access to cardholder data. For instance, physical locks and security personnel may be required to secure access to rooms with databases or servers containing credit card information.
5. Regularly monitor and test networks - PCI-compliant organizations must track and monitor access to network assets and cardholder data. This will not only improve security, but also help identify the cause of a breach should it occur. Security systems and processes must be regularly tested to ensure their ongoing effectiveness.
6. Maintain an information security policy - It is not enough to have technology tools like a firewall or network audit applications to protect private information. Improper handling of information by untrained staff is a huge security vulnerability. Security policies must be developed, implemented and regularly updated.

12 Requirements (italics where the SMP directly applies to fulfilling or verifying compliance):
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security

References:
PCI Standards Council: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
PCI Compliance - Cheat Sheet: http://jamynigri.blogspot.com/2008/08/pci-compliance-cheat-sheet.html

Christopher L. Olsen CISM, Vice President of Product Management

The StealthAUDIT Management Platform for Systems and Data Governance

2010-03-19T11:39:00.004-04:00

Every day Administrators are constantly asked to answer seemingly simple questions like Who, What, When, Where and even How users have access to systems and data within the infrastructure. STEALTHbits Technologies, Inc. takes a unified view on the IT world to bridge the gaps between Active Directory domains, systems, key applications, and shared data repositories to provide a single, comprehensive approach to assessing and securing the environment.

The StealthAUDIT Management Platform is designed to give the administrators who manage the environment a powerful toolset capable of providing the highly scalable, high-speed data collection, analysis, reporting, and remediation facilities needed to satisfy auditors and fulfill the continually evolving list of audit and compliance requirements. Embracing the undeniable fact that every organization has very different requirements, StealthAUDIT doesn’t force administrators into adopting a generic or pre-defined process, but allows the flexibility to fulfill these objectives while catering to existing processes and procedures. Contrary to single-threaded point solutions or product suites of disengaged tools loosely banded together, the StealthAUDIT Management Platform rises above and extends beyond to serve as an integrated and fully functional infrastructure management and compliance solution set to help organizations in desperate need of tools to establish comprehensive systems and data governance programs that satisfy compliance requirements, reduce risk of data exposure, and can quickly be implemented without a long, costly, and complex roll out to the organization.

StealthAUDIT insight starts with Active Directory as the center of the Microsoft-based infrastructure. Simple transactions in AD, like adding a user to or removing a user from a Group, have far reaching implications of granting or revoking access to all of the IT assets within the infrastructure. Controlling which AD administrators have this power to grant or revoke privileges, monitoring who is responsible for the changes that are taking place, as well as cleaning up directory objects that have gone stale over time are critical pieces to maintaining a healthy environment.

Lying beneath the AD umbrella are the actual systems within the infrastructure. Systems Administrators ultimately have the authority over the applications and data residing on their systems and can even create Users and Groups outside the view of the Domain. StealthAUDIT provides the consistency to provide the same insight on permissions, activity, and configuration at the system level required to maintain the stability and security desired.

Finally, information is the ultimate asset; as well as being the largest and most challenging area of risk to organizations these days. The data housed within an organization’s infrastructure ranges from proprietary to confidential, personal, healthcare, financial or otherwise government regulatory related. Data is constantly generated by internal users, partners, external customers, and even by automated systems. The volume of data is easily in the Terabytes at most organizations and spans many applications from Messaging (Exchange, Public Folder, and SharePoint) to the largest and most problematic area, the Distributed Shared File System. StealthAUDIT helps mitigate the risk of financial loss resulting from inappropriate access to (or storage of) privileged data spread across your Microsoft infrastructure with a proven workflow to effect change that ultimately reduces risk, reclaims storage capacity, and answers the age old questions around the Who, What, When, and Where of your critical systems and data.

Christopher L. Olsen CISM, Vice President of Product Management

The Who, What, Where, When of Data Governance

2009-10-08T12:03:00.002-04:00

We all know that information is the ultimate asset, as well as being the largest and most challenging area of risk to organizations these days. The data ranges from being proprietary to confidential, encompassing everything from personal files to healthcare details to financial or even government regulatory related documents. Data is constantly generated by internal users, partners, external customers, and even by automated systems. The volume of data is easily in the Terabytes at most organizations, and spans many applications from Messaging and Collaboration (Exchange, Public Folder, and SharePoint) to the largest and most problematic area, the Distributed Shared File System. Organizations are in desperate need of tools that help establish a Data Governance program that satisfies compliance requirements, reduces risk of data exposure, and can quickly be implemented without a long, costly, and complex roll-out to the organization.

1. The first step in initiating a data governance program involves the creation of a governing body. The governing body usually consists of executive leadership, project management, line-of-business managers, and data stewards. The identification of a data steward is essential. He or she will have a large list of responsibilities including, but not limited to, improving data quality and security. The team usually employs some methodology for tracking and improving enterprise data, such as Six Sigma, and tools for data mapping, profiling, cleansing, and monitoring. Data Governance programs are largely dependent on lines of communication with these governing body members.

2. The next step is establishing the target repositories of data that are to be included in the data governance program. Initial implementations may vary in scope as well as origin. Sometimes, an executive mandate will arise to initiate an enterprise-wide effort, while at other times, the mandate will be to create a pilot project or projects, limited in scope and objectives. Usually, reduced scope or mandated programs aim to either resolve existing issues, or to demonstrate achievable results and value. Some examples of these targeted repositories may include Shared File Systems, Active Directory, Mailboxes, Public Folders, and collaborative environments like Share Point. There are many vendors with multiple tools and bundled products that can tap into these applications. For instance, the StealthAUDIT Management Platform (SMP) from STEALTHbits Technologies provides deep visibility into all of these application spaces.

In order to streamline ongoing data governance processes, as well as operational and capital expenditures, content should be assessed to determine what is out there and pruned wherever possible. On average, organizations incur a monthly cost of around $55 to maintain one Gigabyte of data storage. Gartner even estimates that 70% of unstructured data goes untouched as soon as 90 days after initial creation. That quickly translates into large sums of cost and wasted resources due to stale data. Archiving data to lower cost storage tiers can help or slow the capacity demands, but deleting the data will actually free up these valuable storage resources. Tools like SMP empower administrators to quickly find and assess stale and/or unauthorized data. SMP in particular allows you to correlate data to the most probable owners, programmatically interact with thousands of those data custodians with ease through in-product surveys, and ultimately reclaim storage capacity by cleaning up unnecessary content.

3. The next critical task is the proactive review of permissions in conjunction with ownership recertification and entitlement review processes. Basically, knowing who has what level of access to which resource is of the utmost importance. However, permissions are a complex web weaved through any organization. Starting at the domain level within Active Directory, Users and Groups form the foundation of control over what resources can be accessed throughout your infrastructure. Individual systems extend the boundary of where Users and Groups can be created. Local system administrators, ultimately, have access to the resources that reside on those systems. Digging even deeper, users and groups can be granted access directly or via policies to shares, folders, and even to individual files. In order to assess and/or secure your data, all of those points, policies, and inheritance spots must be evaluated and considered in the equation of determining a user’s effective level of access rights to the data in the Domain. Care must be taken before removing users from any of those permission points, as the removal or deny action could break their access to other valid and business-critical resources across the domain. SMP empowers Domain and System administrators to audit, assess, truly understand, and control which users have access to what resources within their infrastructure, crossing traditional application boundaries with a single tool. Furthermore, SMP goes above and beyond to show all paths to how a user is inheriting access rights to resources. In addition, SMP also features built-in, proven business intelligence that identifies key owners of Shared Systems and Repositories based on multiple evaluation points such as who has access, claims ownership, or posted the most information, while easily filtering out administrative groups or even disabled users.

4. Finally, constant monitoring is required to provide a historical view into how your environment is changing. Knowing who gave out or delegated access, or who is using their rights to interact with resources, is critical, especially when something goes wrong. SMP provides insight into who is creating new users or groups at the domain and system levels, and allows you to see who is connecting to your systems and how, as well as who is interacting with and changing what data.

The StealthAUDIT Management Platform (SMP) is highly effective at mitigating the risk of financial loss resulting from inappropriate access to or storage of privileged data spread across your Microsoft infrastructure. The management platform is a simple, low-cost approach to knowing who might—or who did—access what data. In addition, StealthAUDIT gives administrators complete visibility into the content from the Domain level to Distributed Systems, right down to the individual data itself. The management platform provides a proven workflow to effect change that ultimately reduces risk and reclaims storage capacity.

By Christopher L. Olsen CISM, Vice President of Product Management

Who's In My Mailbox?

2009-09-18T08:54:00.003-04:00

Understanding who is opening another user's mailbox is an integral Compliance requirement within any regulated institution. Whether Security needs to monitor executive mailboxes for users probing for information on confidential material, or find the Exchange administrators taking advantage of their elevated mailbox support rights, it is pertinent to have a single consolidated view that highlights these access violations.

Data leakage can cause both financial and reputational damage to an organization. The business, with the IT team, needs to come together to identify what should be monitored and how, while ensuring that the tools implemented do not pose risk to the integrity of the systems.

There are tools in the market that can answer this business question using a variety of unique approaches. Most common is an agent that sits on the Exchange server and runs within the Exchange process, intercepting the traffic. This provides in-depth and granular details around who is doing what in the monitored mailboxes. This agent approach provides an abundant amount of information, but it also poses significant risk of causing serious outages on the systems. Other solutions scan the event log for specific event IDs that identify access violations. Again, these solutions provide the required data, but require administrators to turn up diagnostic logging. For larger organizations, this is often not a viable option, as the amount of events logged when diagnostic logging is turned up can cause a significant volume influx of events. Maintaining history can become very difficult.

A new and different approach, from STEALTHbits Technologies, is similar to the agent variety, but does not pose as much risk. This approach utilizes the existing WMI/PowerShell queries, as you would see in ESM, to find non-owner access. You also maintain history on this data as Microsoft overwrites previous data as soon as the user logs out of the mailbox. Additional data processing and business intelligence isolates executives and rogue admins for focused monitoring. This approach eliminates the risk of an outage as it simply uses the native Windows Scheduler on the remote Exchange server that sits idle and on low priority, watching the resources around it.

Whether understanding access violations is a requirement in an organization or not, it is certainly a common request from senior management. Instead of implementing a "big brother" solution that quietly monitors logon violations, some organizations choose to notify the mailbox owner immediately with this information. In either case, the technology remains the same, and it is pertinent to find a solution that not only meets the business needs, but also does not cause any degradation in services.

By Rita Gurevich, Director of Messaging & Mobility Solutions

Welcome!

2009-09-16T17:45:00.000-04:00

A Bit About Us:
STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft Infrastructure and Application Management space.

Unlike traditional Frameworks that are a mile wide and an inch deep, STEALTHbits has taken a unique approach. Built upon a common framework and shared services, the StealthAUDIT Management Platform (SMP) is as broad as it is deep across multiple areas of OS and application data colletion, analysis, reporting, and remediation. With concentrated focus around the Windows OS and File System, Exchange, Active Directory, BlackBerry, and SharePoint, SMP provides organizations of all sizes the visibility needed to manage systems and applications effectively and efficiently through a single interface, a common platform, and light-weight architecture.

A multi-national organization with customers in dozens of countries around the world, STEALTHbits’ products are utilized and relied upon on a daily basis to streamline operations, increase efficiencies, automate processes, and reduce downtime and outages through both proactive and reactive management of your mission-critical infrastructure.

About the Blog:
On this blog you'll see posts by some of our amazing employees, on topics ranging from what we do to where we think technology is headed to common issues with the IT Management spaces we deal with. We want to be part of your online conversation about Windows, Exchange, BlackBerry, Active Directory, Public Folders, SharePoint, File Systems, and any other "Mission Critical" systems or applications you use to manage your business. We also want to discuss innovative solutions to common (and even not so common) problems, and make sure that our impact on the technology sector is always cutting-edge.

Please feel free to email us with questions or comments at blog@stealthbits.com. We can't wait to hear from you!