Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows



Similar documents
Quest InTrust for Active Directory. Product Overview Version 2.5

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Guardium Change Auditing System (CAS)

Netwrix Auditor. Administrator's Guide. Version: /30/2015

Netwrix Auditor for Windows Server

Monitoring SharePoint 2007/2010/2013 Server Using Event Tracker

NETWRIX EVENT LOG MANAGER

Dell InTrust Real-Time Monitoring Guide

Netwrix Auditor for Active Directory

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Secret Server Qualys Integration Guide

NETWRIX EVENT LOG MANAGER

Quest Software Product Guide

Quest InTrust. Change auditing and policy compliance for the secure enterprise. May Copyright 2006 Quest Software

Netwrix Auditor for SQL Server

Dell InTrust Auditing and Monitoring Microsoft Windows

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO

Netwrix Auditor for Exchange

Application Monitoring for SAP

Event Log Management

NetWrix SQL Server Change Reporter

FISMA / NIST REVISION 3 COMPLIANCE

Dell InTrust Preparing for Auditing Microsoft SQL Server

DS Series Solutions Integrated Solutions for Secure, Centralized Data Center Management

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

2.0. Quick Start Guide

10.6. Auditing and Monitoring Quest ActiveRoles Server

Frequently Asked Questions. Secure Log Manager. Last Update: 6/25/ Barfield Road Atlanta, GA Tel: Fax:

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

White Paper. Better Together: Auditing with Microsoft Audit Collection Services (ACS) and Quest Software

Network device management solution

Overcoming Active Directory Audit Log Limitations. Written by Randy Franklin Smith President Monterey Technology Group, Inc.

PortWise Access Management Suite

Spotlight on Messaging. Evaluator s Guide

NetWrix Logon Reporter V 2.0

Enterprise Manager. Version 6.2. Installation Guide

Strengthen security with intelligent identity and access management

SapphireIMS 4.0 BSM Feature Specification

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

An Analysis of Propalms TSE and Microsoft Remote Desktop Services

ManageEngine (division of ZOHO Corporation) Infrastructure Management Solution (IMS)

APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS

An Oracle White Paper May Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices

Securing SharePoint 101. Rob Rachwald Imperva

BeyondInsight Version 5.6 New and Updated Features

Published April Executive Summary

ChangeAuditor 5.7. What s New

An Oracle White Paper January Oracle Database Firewall

GFI Product Manual. Deployment Guide

7 Tips for Achieving Active Directory Compliance. By Darren Mar-Elia

PROPALMS TSE 6.0 March 2008

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

An Oracle White Paper January Oracle Database Firewall

Netwrix Auditor for Windows File Servers

Heroix Longitude Quick Start Guide V7.1

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

ETERE SNMP CONSOLE: A centralized, automatic and real-time monitoring of broadcast system networks

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

The Challenges of Administering Active Directory

Fifty Critical Alerts for Monitoring Windows Servers Best practices

Vector Asset Management User Manual

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

8.3. Competitive Comparison vs. Microsoft ADMT 3.1

The Time has come for A Single View of IT. Sridhar Iyengar March 2011

GFI White Paper PCI-DSS compliance and GFI Software products

SANS Top 20 Critical Controls for Effective Cyber Defense

Best Practices Report

Veritas Configuration Manager Profile. A Profile Prepared by EMA October 2006

Client Requirement. Why SharePoint

NetWrix SQL Server Change Reporter. Quick Start Guide

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

Enforcive /Cross-Platform Audit

Installation Guide NetIQ AppManager

EMC Data Protection Advisor 6.0

Windows Authentication on Microsoft SQL Server

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

RES PowerFuse Version Comparison Chart (1/9)

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

NetWrix SQL Server Change Reporter

Version 3.8. Installation Guide

EventTracker Architecture Handling Millions of Events Each Day

IBM Tivoli Directory Integrator

What s New in AppliDis Fusion 4 Service Pack 1

Netwrix Auditor for SQL Server

The syslog-ng Store Box 3 F2

USM IT Security Council Guide for Security Event Logging. Version 1.1

Windows Least Privilege Management and Beyond

LifeSize Control Installation Guide

Red Hat Network: Monitoring Module Overview

Monitoring Windows Workstations Seven Important Events

Transcription:

Quest InTrust Version 8.0 What's New Active Directory Exchange Windows

Abstract This document describes the new features and capabilities of Quest InTrust 8.0. Copyright 2004 Quest Software, Inc. and Quest are registered trademarks of Quest Software. The information in this publication is furnished for information use only, does not constitute a commitment from Quest Software Inc. of any features or functions discussed and is subject to change without notice. Quest Software, Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in this publication. Last revised September 1, 2004 QUEST SOFTWARE Windows Management 6500 Emerald Parkway Suite 400 Columbus, OH 43016,USA Phone: 614-336-9223 1-800-263-0036 URL: www.quest.com/microsoft

CONTENTS OVERVIEW...5 REAL-TIME MONITORING OF BUSINESS-CRITICAL SECURITY EVENTS...6 BUILT-IN NOTIFICATION AND RESPONSE ACTIONS...6 WEB-BASED MONITORING CONSOLE...7 ENHANCED SUPPORT FOR HETEROGENEOUS ENVIRONMENT...7 NEW SCALABLE ARCHITECTURE...8 FLEXIBLE, AUTOMATED WORKFLOW...9 ENHANCED RESOURCE IDENTIFICATION...10 FIREWALL-FRIENDLY AUDIT DATA GATHERING AND MONITORING...11 ENHANCED AGENT MANAGEMENT...11 FLEXIBLE BUILT-IN REPORTING...12 BRAND-NEW REPORTS...12 ABOUT QUEST WINDOWS MANAGEMENT...13 ABOUT QUEST SOFTWARE, INC...13 Quest InTrust 8.0 What s New 3

OVERVIEW Quest InTrust 8.0 delivers a dependable enterprise platform for auditing and security monitoring of multi-location environments built around Microsoft Windows and Active Directory. Key features of InTrust 8.0 include: Real-time monitoring of business-critical security events Native support for Sun Solaris systems Firewall-friendly data collection Built-in notification and reporting These features and other innovations implemented with Quest InTrust 8.0 are described below in detail. Quest InTrust 8.0 What s New 5

REAL-TIME MONITORING OF BUSINESS- CRITICAL SECURITY EVENTS Quest InTrust 8.0 brings in the following capabilities: Checking and notifying on business-critical security events on the monitored computers. Correlating the events, that means handling not only single events, but also paired events, missing events, and so on. Automatically taking predefined response actions, if specified, to provide for audit integrity, prevent possible attacks, and minimize system downtime. Using a web-based console for centralized alert management. InTrust 8.0 comes with a set of predefined monitoring rules that help you track administrative activity (for example, user account changes, policy management, rights assignment) and detect common attacks, such as guessing user password or gaining administrative rights. You can also create custom rules to monitor for the specific events you need and take the response actions required by your organization s policy. Built-in Notification and Response Actions To inform persons in charge about the specific occurrences detected by the real-time monitoring, InTrust 8.0 offers automatic notification that creates and sends messages (for example, e-mail messages) to the specified recipients (individual operators or notification groups). Notification can be configured according to your organization s workflow. For example, in addition to fixed text, messages can contain data included dynamically as messages are created. To take corrective measures upon certain conditions, InTrust provides the automatic response actions which can Enforce audit policies Execute scripts Execute programs Send SNMP traps Run InTrust Scheduled Tasks For example, if an audit policy changes, you can automatically restore the audit policy and disable the initiator s account. 6 Quest InTrust 8.0 What s New

Web-based Monitoring Console InTrust Monitoring Console is a web-based application, which you can use to view the alerts generated during real-time monitoring. Monitoring Console allows you to manage the alert records from any location using Microsoft Internet Explorer (no additional software is required). Monitoring Console features the profile-based access control to alert records, allowing you to: Define whether the user can resolve the alerts or merely view them Specify the InTrust server that provides the alerts available to user Specify the alert database where alerts records are kept. ENHANCED SUPPORT FOR HETEROGENEOUS ENVIRONMENT InTrust 8.0 supports audit data gathering and monitoring of heterogeneous environments (Windows and Sun Solaris). Agents are installed on Sun Solaris computers to process syslog messages and monitor for critical occurrences. Predefined reports help you analyze critical security events like privileged user logins in your Sun Solaris environment. Quest InTrust 8.0 What s New 7

NEW SCALABLE ARCHITECTURE InTrust 8.0 was designed using new, scalable, multi-server architecture. As shown in the figure below, the main component of this architecture is InTrust Server: Microsoft Windows Microsoft IIS Sun Solaris... Microsoft Windows Microsoft IIS Sun Solaris... Knowledge Modules InTrust Real-Time InTrust Audit InTrust Server InTrust Server is the basis on which the components responsible for audit data collection and real-time monitoring reside. You can have several InTrust servers united into an InTrust organization. An InTrust organization is a group of InTrust servers with shared configuration, providing for: Load balancing between InTrust servers Distribution and enforcement of uniform gathering policies and monitoring rules across the enterprise Information about the audited and monitored platforms and applications is provided by Knowledge Modules. Thus, to provide support for a new platform or application, you needn t reconfigure or re-deploy the whole framework simply install the corresponding Knowledge Module on the InTrust Server. InTrust servers configuration data is stored in the configuration database on Microsoft SQL Server 2000 (MSDE can also be used). 8 Quest InTrust 8.0 What s New

FLEXIBLE, AUTOMATED WORKFLOW InTrust task-based workflow provides for scheduled, automated audit data collection, management, and reporting. An InTrust task can include a chain of different jobs. A job can: Gather data from a live network to a repository and/or a database Consolidate data between repositories Import data from a repository to an audit database for reporting purposes Automatically generate, save, e-mail and publish reports on collected data Automatically update a Report Library Clean up a repository, audit database, or alert database Launch a Windows Scheduled Task Launch an application Notify of task completion Each job is performed by a certain InTrust server; jobs in a task can be configured to run simultaneously or one after another. Users can either work with the predefined tasks, easily customizing them to fit the organization s workflow, or create new tasks of their own. Quest InTrust 8.0 What s New 9

ENHANCED RESOURCE IDENTIFICATION In InTrust 8.0 computers that should be audited or monitored are arranged into collections called InTrust sites. Typically, InTrust sites are organized based on a company s administrative and geographical boundaries. You can populate InTrust sites with the following objects: Computers (same as in EventAdmin and InTrust for Events) Computer lists (loaded from a text file) Windows domains (same as in EventAdmin and InTrust for Events) AD organizational units AD sites IP addresses (same as in EventAdmin and InTrust for Events) IP ranges An InTrust site can be populated based on: Computer roles (domain controllers, workstations, and others) OS versions Specific applications installed on computers, such as Microsoft IIS or Microsoft Exchange. You can define your own applications based on registry values. InTrust automatically discovers and enumerates site resources if shortcuts to domains, Active Directory organizational units, Active Directory sites, or IP ranges are used. So, if you add a new domain controller to a domain processed by InTrust, it will be automatically discovered and included in the corresponding site. For InTrust audit data gathering, site objects are re-enumerated each time a gathering session starts. For InTrust real-time monitoring, you can schedule re-enumeration using InTrust site properties. 10 Quest InTrust 8.0 What s New

FIREWALL-FRIENDLY AUDIT DATA GATHERING AND MONITORING InTrust 8.0 facilitates audit data gathering and real-time monitoring of the computers located in a network area behind a firewall or in a nontrusted domain. This is due to a proprietary TCP-based protocol used for agent-server data communication, and strong data encryption and agent-server authentication. For example, you can collect event data from a Web farm, or monitor for suspicious activity in the DMZ. Simply install InTrust agents manually on the target computers. To let agents operate over the firewall, open a port on the firewall to allow incoming traffic from outside to the address or port of the specific InTrust server (listening port). You specify the listening port number during InTrust Server installation. ENHANCED AGENT MANAGEMENT InTrust 8.0 agents are required for real-time monitoring and optional for audit data gathering. However, using agents when gathering audit data allows you to drastically reduce network load and increase security when communicating information to InTrust Server. In particular, if gathering without agents, the size of communicated data is nearly equal to the size of the original audit trail, while using agents makes it 50 times less due to agent-side data compression. To strengthen the security, use the agent-side encryption (3DES) of the log data. Agents can be installed Automatically, using InTrust Manager to all InTrust site computers Manually to specific computers, for example, located behind a firewall, or to Sun Solaris computers Also, a Windows Installer package provided for InTrust agent makes it possible to install agents using Group Policy and such management tools as Microsoft Systems Management Server or HP OpenView. You can uninstall the agents you no longer need using InTrust Manager. If an agent cannot connect to the InTrust Server, it writes an error message to event log. If the connection is not restored for a month (for example, if the InTrust server was removed), the agent is retired (uninstalled) automatically. Quest InTrust 8.0 What s New 11

FLEXIBLE BUILT-IN REPORTING InTrust 8.0 offers powerful and flexible reporting capabilities: Now you can generate predefined reports on schedule not only with Reporting Console, but also on the InTrust Server, using a built-in reporting job. This job is much like the Reporting Console scheduled task. It can be scheduled after the audit data is gathered and put to the audit databases, allowing you to generate reports as soon as data becomes available for analysis. Users access these reports via Reporting Web Portal. You can also send the reports by e-mail or publish them to Microsoft SharePoint Portal Server. Traditionally, you can generate, view, save, print and publish your reports (interactively or on schedule) from the Reporting Console. In addition, the Reporting Console enables you to create custom plain and hyper-reports and charts. BRAND-NEW REPORTS Quest InTrust 8.0 comes with a variety of predefined report packs for different Knowledge Modules, namely: Microsoft Windows/Active Directory Microsoft Exchange Server Microsoft IIS Microsoft ISA Server Sun Solaris These reports can be helpful for user activity tracking, forensic analysis, investigation of security incidents, and software and system audit. Many reports offer drill-down links. Besides, a special report pack includes about 20 reports, charts and OLAP cubes for analyzing realtime alert records, including alert occurrences, delivery and tracking. All report packs are carefully designed and structured, providing easyto-use and appealing data presentation. 12 Quest InTrust 8.0 What s New

ABOUT QUEST WINDOWS MANAGEMENT Quest Software, now including the people and products of Aelita Software, provides solutions that simplify, automate and secure Active Directory, Exchange and Windows environments. The Quest Windows Management group delivers comprehensive capabilities for secure Windows management and migration. For more information on Quest Software s Windows Management group, please visit http://www.quest.com/microsoft. ABOUT QUEST SOFTWARE, INC. Quest Software, Inc. provides business-critical software for 18,000 customers worldwide, including 75 percent of the Fortune 500. Quest offers products for application performance management for packaged applications and Java environments; database management for Oracle, DB2, SQL Server, Sybase and MySQL environments; and Windows management in Active Directory and Exchange. These management solutions help customers develop, deploy, manage and maintain the IT enterprise without expensive downtime or business interruption. Headquartered in Irvine, Calif., Quest Software can be found in offices around the globe and at www.quest.com. Quest Software Windows Management 6500 Emerald Parkway Suite 400 Columbus, OH 43016 USA Phone: 614-336-9223 1-800-263-0036 Quest InTrust 8.0 What s New 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information