Integration of the DCAP system with Active Directory has been expanded to track unwanted changes to file permissions for users.

SearchInform FileAuditor now features an advanced audit of file and folder access rights for users in corporate storages. This is achieved by enhancing the integration with Active Directory. Due to the integration, information security specialists receive notifications about changes to user access rights. This enables them to promptly respond to unwanted permission changes, for example, deny all access to critical files. The feature protects against violations and errors in the work of domain administrators. 

You can keep track of actual changes searching for Active Directory events in the main console of FileAuditor. The console shows all events for the selected period and detailed information about changed accounts, assigned roles, role restrictions, events before the changes, and the users who made the changes. You can also configure security policies in AlertCenter to detect these events. In this case, the system notifies you of unwanted changes automatically, including by email. 

Integration with Active Directory in FileAuditor complements the file control feature in the Microsoft infrastructure. The system also allows connecting to Windows Security logs and independently logging file and folder operations with the help of agent. Due to the enhancement, the user gets more information from these sources. It allows tracking account changes, new permissions to folders, creation of new users, password changes, etc. Together, these capabilities provide a unique and flexible tool for both data audit and protection.

 “User rights audit and management is the main focus of DCAP systems. For effective data protection, an information security specialist must keep abreast of the slightest changes in the domain controller, where roles are assigned primarily per business needs rather than security needs. Direct access to Active Directory events in FileAuditor allows IT and security teams to coordinate their efforts in a way that balances security measures and user permissions required in the corporate infrastructure. This way, customers will be able to manage permissions of employees in accordance with the benchmark access matrix and easily monitor its compliance,” says Sergio Bertoni, Leading Analyst at SearchInform.

ABOUT SEARCHINFORM

SearchInform is an information security and risk management product vendor as well as an MSS provider. The company's clients are more than 4000 companies in 20+ countries. Today, the team has products and services for comprehensive protection against insider threats at all levels of corporate information systems: FileAuditor (the DCAP class solution); DLP system with extended functionality; Risk Monitor (advanced platform for internal threat mitigation); SIEM system; IS outsourcing service.