Event auditing has become a reality in today’s Windows environments for just about any size enterprise. Like in-laws, you may not want to live with them, but you can’t kill them either. So, what you really need is a better way to manage. That’s where third-party solutions like the Blackbird management Suite from the Blackbird Group, Inc. can make things much easier. Instead of fretting over the need for auditing and the burden it presents, you can actually make it so easy and informative that you can use as an information source it to continually improve such critical activities as data governance, network security and regulatory compliance—without adding to your overhead.
First, let’s talk about the need for auditing. There’s just no getting around it. In just about any industry you care to name, but especially in healthcare and financial services, strict legal requirements govern how data is handled and who has access to it. And, that’s all for the better. No one wants to see financial or medical data handled in a careless fashion.
The key to all auditing in a Windows-centric IT environment is keeping track of changes: any changes, all changes. Changes to objects in Active Directory. Changes to files, folders, and shares in your file system. Changes to mailbox rights and permissions in Exchange. Changes to permissions, stored procedures or tables in SQL.You need to know who made changes to what file or object, where in the network those changes were made, who made the changes, and when they were made. And, you shouldn’t have to wait too long to get those answers. Your IT infrastructure is constantly in operation, and every change has an immediate consequence. So, time is of the essence.
However, that’s not so easy to do. The difficulty arises with the amount of data that can be involved, Every change, as well as every action, creates an event record and in a large enterprise, such as a major hospital center or a bank, with thousands of users working around the clock, can add up to several million events in a single day. All those events have to be captured, archived, and analyzed for evidence of inappropriate changes.
The Blackbird Management Suite provides an integrated, modular approach to these problems with a comprehensive set of ten products that handle all aspects of Windows auditing, including Exchange auditing, SQL auditing, Active Directory auditing and File auditing.
Blackbird’s Exchange Auditing product, Blackbird Auditor for Exchange, tracks and reports all changes made to all Exchange Server configurations, groups, mailbox policies, information store changes, and permissions in a centralized audit log. The integrated solution provides a centralized, real-time audit database for reporting and alerting against all Exchange activity including administrators, users and non-owner mailbox access for compliance and tighter security controls. This powerful solution monitors your Exchange environment in real time—tracking the “WHO, WHAT, WHERE, WHEN” for every change.
SQL is a vital information store for critical applications that run the business. Understanding access and changes to SQL is a must for regulatory compliance and data governance. Blackbird Auditor for SQL captures user activity, security and configuration changes to SQL. Detailed audit events even provide the SQL statements for updates to database and server objects. User logons to the database are tracked for both windows and SQL server authentication, giving a complete view of database access. A unique timeline feature allows the toggling of a filtered audit view to show all the activity in that user’s session (SPID) with SQL. The interactive audit views combined with SQL Server Reporting Services (SSRS) reports provide granular filtering to show meaningful events.
Blackbird’s Auditor for Active Directory provides real-time change tracking and security compliance for Active Directory and Group Policies. It captures all the essential information for any modification, including who made the change, when it was made and where it was made. For every event, Blackbird captures the before and after values to clearly highlight the change.
Additionally, unlike other auditing solutions, Blackbird Auditor for Active Directory provides interactive analysis with flexible, attribute level filtering and reporting, enabling administrators to more accurately and rapidly isolate users or programs that may be making inappropriate changes in your environment.
Blackbird Auditor for File System enables tighter security and control over File System resources across the enterprise. It provides real-time tracking, interactive analysis, and flexible reporting on all key NTFS file and folder changes. Administrators can instantly know the “WHO, WHAT, WHERE, WHEN” for every access and change event and schedule reports for data owners to show them who is accessing and modifying their data. It captures all the essential information for every modification, including who made the change, when and from where. There’s also an interactive analysis console, which enables you to isolate unauthorized access and inappropriate file system changes across your entire organization more accurately and more rapidly.
For more information go to http://www.blackbird-group.com