Security 30 July 2020 1 MIN

ManageEngine: Detecting indicators of compromise via Active Directory

em360tech image

ManageEngine: Detecting indicators of compromise via Active Directory

ManageEngine

Nearly all attacks require an identity to be compromised at some point. The majority of organisations store identities using Microsoft Active Directory to manage the users’ access rights and control the use of privilege. The use of identities can be traced via domain controllers, which authenticate users to access areas of IT infrastructure. Attackers will target these devices as they seek out data of value; however, their behaviour will differ from that of legitimate users, especially as they attempt to enhance their privilege. These anomalies can be detected with the right tools, enabling indicators of compromise to be identified at a critical stage.

In this podcast, Bob Tarzey speaks with Vivin Sathyan, Senior Security Expert at ManageEngine. Vivin identifies six key events that ManageEngine believes should be closely monitored. He also provides insight into how ADAudit Plus uses ML to improve its performance over time and how it works alongside SIEM tools. Also, Vivin explains the broad reach of ADAudit Plus to track the use of identities and file access. Finally, he looks at the potential for ADAudit Plus to track abuse of privilege.

ManageEngine crafts the industry's broadest suite of IT management software. We have everything you need—more than 90 products and free tools—to manage all of your IT operations, from networks and servers to applications, service desk, Active Directory, security, desktops, and mobile devices. Since 2003, IT teams like yours have turned to us for affordable, feature-rich software that's easy to use. You can find our on-premises and cloud solutions powering the IT of over 120,000 companies around the world, including three of every five Fortune 500 companies.