SlideShare una empresa de Scribd logo

Exchange Auditing in the Enterprise

Netwrix Corporation
Netwrix Corporation

Exchange is the primary data store and means of communication for all levels within the organization. The ability to audit and report in detail Exchange change events that take place on a daily basis helps maintain security and sustain compliance. Implementing an effective auditing strategy for MS Exchange is a necessity to secure and maintain this critical business asset. This whitepaper outlines not only the reasons for having an Exchange auditing procedure in place but also those must-have qualities of any successful MS Exchange auditing effort.

Tecnología
1 de 12
Descargar para leer sin conexión
Exchange Auditing in the Enterprise White Paper Written by Chris Rich for NetWrix Corporation
Exchange Auditing - White Paper Table of Contents 1. What is Microsoft Exchange Auditing? ........................................................................................................................... 3 2. Why is Exchange Auditing Important? ............................................................................................................................ 4 2.1 Exchange Auditing: A Real-World Example............................................................................................................. 4 2.2 Exchange Auditing to Reduce Risk .......................................................................................................................... 4 2.3 Change Auditing to Improve Security ..................................................................................................................... 5 2.4 Exchange Auditing to Sustain Compliance .............................................................................................................. 5 2.5 Exchange Auditing to Improve Manageability ........................................................................................................ 5 3. Required Features for Exchange Auditing ...................................................................................................................... 7 3.1 Automatic Data Collection ...................................................................................................................................... 7 3.2 Efficient and Centralized Audit Data Storage.......................................................................................................... 7 3.3 Scalability ................................................................................................................................................................ 8 3.4 Advanced Reporting Capabilities ............................................................................................................................ 8 3.5 Non-Owner Mailbox Auditing ................................................................................................................................. 9 3.6 Additional Considerations ....................................................................................................................................... 9 3.7 SIEM, IT Governance, Risk-Management and Exchange Auditing ........................................................................ 10 4. NetWrix approach to Exchange Auditing ...................................................................................................................... 11 About NetWrix Corporation .................................................................................................................................................. 11 About Chris Rich .................................................................................................................................................................... 12 Additional Resources ............................................................................................................................................................ 12 2
Exchange Auditing - White Paper 1. What is Microsoft Exchange Auditing? Microsoft Exchange Auditing is an ongoing auditing activity for mitigating risks associated with the changes to Exchange environment, including servers, settings, mailboxes, policies and permissions. The goal is to always ensure compliance, security and stability. Limiting unauthorized or undesired Exchange configuration changes and having appropriate segregation of duties and management controls in place is essential to reduce the risks associated with implementing and monitoring Exchange environments in production. While Exchange has seen many improvements to security controls and management tools over the past few years, Exchange auditing is not easily accomplished using native tools, including added features in Microsoft Exchange 2010. Changes to Exchange can introduce security risks, undesired behaviors, errors and problems for end users as well as any applications requiring use of the messaging infrastructure. Proper MS Exchange auditing can reduce the risk of security features being disabled or turned off, sensitive data compromise, and non-compliance with internal and external regulatory requirements. An effective Microsoft Exchange audit includes measuring the risks associated with managing a production IT environment and addressing those risks in a secure, reliable and controlled audit trail of all changes 24x7x365. MS Exchange auditing of objects and permissions is required to secure and manage the messaging infrastructure. This provides a broad range of benefits most notably including accountability, compliance and operational stability at all times and is difficult if not impossible using even the most current native tools. 3
Exchange Auditing - White Paper 2. Why is Exchange Auditing Important? 2.1 Exchange Auditing: A Real-World Example The importance of Exchange auditing is best illustrated by a real-world example. Email is the organization’s primary go-to store of information and is still the most relied upon means of communication both internally and externally. It contains everything from sensitive communications within and outside the organization, employee data, financial information, proprietary and trade information not meant for public or even certain internal recipients. One bad change can put that information and compliance at serious risk. Consider the network administrator conducting routine operations who needs help managing a remote Exchange server in the organization. In order to recruit some assistance, they add a local admin to the server to the Exchange Enterprise Administrators group, giving that individual full access to the server and its settings. This local admin decides to change the database store of local mailboxes to a new SAN drive, however, the configuration is performed incorrectly. Users at this location are unable to access their mail. Frustration and anger quickly sets in. Without an Exchange auditing tool in place, this organization will have to work harder and faster to find the problem costing time and some of the reputation of the IT group. With auditing, this information could have been quickly and easily discovered saving potentially hours of troubleshooting. 2.2 Exchange Auditing to Reduce Risk Exchange auditing provides accountability thereby reducing risk through detailed collection and analysis of MS Exchange configuration change information. An Exchange permission setting made today may not be appropriate at some point in the future. Exchange auditing is the vehicle by which changes made to Exchange settings and permissions can be monitored and can be weighed against predetermined compliance and security risks and mitigated accordingly. Establishing risk factors is the single most important step in securing any IT environment. Doing so will ensure that everyone involved from end-users to senior management understands what is at risk. This creates a conscious awareness of all things critical to sustaining normal business operations within the messaging infrastructure. Regularly revisiting these risk factors will serve to adjust them appropriate to needs and condition changes. Once the risk factors have been identified, the next step is to secure them. For Exchange server, permissions limit rights to sensitive data stored in mailboxes. Effectively managing every aspect of user and administrator interaction with the messaging environment reduces risk while granting the appropriate access needed to communicate effectively and consistently. Change may sometimes bring unpredictable results, one of which is unintentionally creating conditions that disrupts mail delivery. Exchange auditing provides 4
Exchange Auditing - White Paper actionable and historical forensic information to ensure risk factors are managed appropriately while delivering consistent e-mail services to the end-users. 2.3 Change Auditing to Improve Security Accountability will always keep the honest users and administrators honest, however, internal threats pose a more immediate danger than those external to the organization because of trust. Change auditing provides the ability to establish a robust check-and-balance record for all changes to Exchange. Security improvements through the use of traditional Exchange auditing are most often reactionary. Flaws and holes are discovered after the fact and the reason for this is that without auditing Exchange activity on a regular basis, there is no way to predict and react to how a change will impact the messaging environment. Environments that rely on ticket-based change management systems, or other change approval processes may still experience security problems if the information submitted is later found to have been inaccurate or intentionally misleading. One of the easiest ways to improve Exchange security is to extract and review change information automatically on a regular basis. 2.4 Exchange Auditing to Sustain Compliance Regulations such as SOX, PCI, FISMA, HIPAA each have their own detailed explanations of security standard practices including what exactly needs to be tracked and recorded. These regulations exist to establish (IT) change auditing standards to protect both businesses and consumers. At the end of the day, these regulations and their enforcement strive to confirm the organization is securing, recording and monitoring change events that permit access to sensitive information such as banking information, social security numbers, and health records. Additionally, regulations exist to establish a minimum set of security standards as they apply to user access within the messaging environment in which they operate. Some examples include: mailbox moves, data store deletions, Exchange administrator group memberships, and routing settings. Demonstrating compliance is an exercise in presenting this information to auditors upon request and to the level of details as is interpreted by the law or standard and subject to the individual auditor’s discretion. Auditing Exchange provides the Who, What, When, and Where information most frequently requested by auditors and almost equally important is the need to store this information for sometimes up to 7 years or more to be considered compliant. For Exchange this is extremely difficult and an entirely manual process with native functionality and thus gives rise to the demand for additional tools, especially in large environments with multiple levels of IT administration. 2.5 Exchange Auditing to Improve Manageability Making changes to Exchange is performed easily when provided sufficient access. The consequences of changes however require thought and planning to avoid problems. Even if a lab environment is used to test 5
Exchange Auditing - White Paper changes, unexpected results can still occur making the need to monitor Exchange server is essential to ensuring a compliant, secure and stable messaging environment. Exchange auditing offers the opportunity to see before and new values for modified configuration settings and permissions that can greatly improve an administrator’s response times to recover from changes that result in harm or that introduce unnecessary risks. Additionally, by maintaining an historical record of changes over time, further analysis can be used to uncover less obvious problems or inefficiencies. Being able to make changes to Exchange is necessary to adjust to meet business and operational goals however, the ability to look back at the impact those changes had is the difference between ensuring a consistent, stable and safe environment for users and loosing visibility and control over the systems charged with delivery of critical messaging services. The ease with which changes are made can create a false sense of security with regards to the impacts those changes may bring and thus reinforces the need to have an Exchange auditing and reporting tool to improve overall enterprise messaging manageability. 6
Exchange Auditing - White Paper 3. Required Features for Exchange Auditing Exchange auditing is the process of gathering information, reporting the information, analyzing the information, taking action and evaluating the results of those actions, to sustain compliance, secure information, and ensure consistent delivery of messaging services. Windows natively has the ability to output audit information. This information however is dispersed between Exchange servers and Active Directory domain controllers and is not centrally aggregated. Exchange reporting tools are also unavailable for audit data making the collection and reporting steps of change auditing for configuration changes difficult and time consuming. There is also a risk of losing audit data if event log settings are not set properly to handle the volume of information logged and running out of disk space on domain controllers if too much information is being captured and not cleared after it’s been archived properly. Once native information is analyzed by an administrator experienced with system events and messages, the interpretation then would need to result in a decision to act or, accept the change and information as having met the intended goal and did not result in a deficiency or unacceptable compromise. Evaluating using native Windows and Exchange tools requires the same activity as collecting the information and thus requires similar investments in time and effort. Combine these factors and the result is native change auditing is not feasible in most types of environments. The following information is a collection of must-have Microsoft Exchange auditing features. Additional deployment considerations are provided as well. 3.1 Automatic Data Collection In order to efficiently audit Exchange servers, the process must be automated through scripting or 3rd- party tools. Without it, collecting the information in a timely manner is not feasible. This is especially true as the size of the organization will have a great impact on the raw volume of information collected making it even more challenging to track and monitor Exchange changes. Special steps must also be taken on servers and domain controllers throughout the environment to facilitate auditing of the information which is by default not enabled. Additional scripting and/or a 3 rd-party Exchange server monitoring tool may also be employed to pre-configure systems in preparation of collecting event data. Furthermore, if audit data is not collected regularly, there is a risk of losing this information due to event log automatic overwrites or disk space issues. This is an important required feature to change auditing because without it, timely auditing is nearly impossible. 3.2 Efficient and Centralized Audit Data Storage Automation of any kind typically requires additional resources and may negatively impact system performance which can lead to bigger problems. For this reason, it’s important that the impact of the method employed to automatically collect data is minimal. Furthermore, storage of data must also be a consideration during implementation. While it is possible to store event and audit data locally on Exchange servers where 7
Exchange Auditing - White Paper the events are taking place, the preferred method will be to centralize this information in a data store that is both secure and readily available. This leads to numerous additional benefits over time as the need to analyze and report on this information becomes part of daily routine for the IT administrator or group responsible for the overall health of the Exchange messaging services. Collection of information must also be reliable. Occasionally, each piece of the change auditing system should have a periodic check to ensure information is consistent when collected. The most advanced methods of reliably collecting this information will also have the ability to pre-screen data and filter for only essential data and the ability to compress this information to further add to overall efficiency. During collection, preference should be given to methods that leverage the existing Windows and Exchange event logs as opposed to injected agents or modified core system code for audit data extraction. Doing so will eliminate any potential system stability issues or future incompatibility problems. Relying solely on event log data introduces problems because this information is frequently incomplete. To completely understand an event, information from all sources involved must be aggregated and analyzed as a whole. Securing this information for short and long-term storage is also an important consideration and thus best-practices for securing audit data should be included pre-deployment such that no single power-user has access to or the ability to delete or tamper with information. Access to this information should be heavily restricted and monitored. 3.3 Scalability To audit Exchange changes in the enterprise, the solution must be scalable to adjust to a constantly changing environment without the need for dramatic steps. Implementation and ongoing use of MS Exchange auditing will be simplified when no additional software or extensive reconfigurations are required when adjusting to messaging changes within the organization. Exchange auditing should keep pace with all granular changes as the overall topology of the network, domain controllers and Active Directory changes to ensure consistent control to best serve end-users and provide an invaluable audit trail for the IT staff. This scalability needs to be facilitated easily. 3.4 Advanced Reporting Capabilities Once data collection is automated, reliable and stored securely, MS Exchange auditing can assume a proactive role in sustaining compliance, securing information and improving overall messaging performance and stability. Advanced reporting is necessary to provide IT administrators, management and auditors with summarized information on every Exchange change and for any time period. Without the ability to produce clear information on change history for day-to-day modifications to Exchange objects and settings, such as, who changed mailbox permissions or if there has been a deleted connector, sustaining compliance, stability and security will be impossible and many opportunities to improve these functions will be surrendered. 8
Exchange Auditing - White Paper With Exchange messaging environments, using Microsoft SQL Server to store data and leverage SQL Reporting Services prove obvious choices for storing and reporting on data. SQL Server with Reporting Services (SQL SRS) can be downloaded for free from Microsoft. The ability to customize ad-hoc and predefined 3rd- party reports will accelerate an effective change auditing implementation by saving time and providing configuration options to suit the majority of needs. Using reports on a daily basis ensures complete visibility over the entire IT infrastructure providing opportunities to improve security and sustain compliance. Additional reporting services including e-mail subscription capabilities and will also add to the impact advanced reporting will have on overall systems management effectiveness. Once established, advanced reporting will be the main driver behind a successful sustained Exchange audit and will become an important part of day-to-day management of the messaging environment. 3.5 Non-Owner Mailbox Auditing Non-owner mailbox access poses serious threats to your information. With the abundance of sensitive data stored in mailboxes, having the ability to monitor who attempts to open them is a necessity. This will also serve to show where security needs firming up and will satisfy auditors who may want to see a report showing who has attempted access to mail files not belonging to them. Administrators and users with excessive permissions present serious threats to the organization in the form of reviewing confidential information without permission. This threat is especially severe for publicly traded companies where financial information if leaked from the CFO’s mailbox can have legal repercussions. An internal employee having a look at confidential financial statements before they become public may buy or sell stock in the company using this insider information. The necessity to audit Non-Owner mailbox access is critical for this reason as well as numerous similar situations where confidential information may pose serious harm. Human resources also withholds sensitive company and employee information as such is the case during major restructuring, or acquisitions where an employee could learn of upcoming layoffs or terminations in advance of this information becoming public. The unauthorized employee could warn coworkers or cause panic and unrest in the organization. This example further illustrates the grave dangers associated with non- owner mailbox access and highlights the need to have this important feature as part of any Exchange auditing solution. 3.6 Additional Considerations Preferred solutions (and providers) should offer plug-in or add-on modules and software to help form a cohesive and comprehensive management suite to maximize the potential benefits of change auditing. Some additional types of systems may include firewalls, switches, database servers, SANs, storage appliances and other Microsoft technologies such as SQL and SharePoint and especially Active Directory and Group Policies. 9
Exchange Auditing - White Paper Real-time alerting and object restore features will also add great value to any selected Exchange auditing tools. 3.7 SIEM, IT Governance, Risk-Management and Exchange Auditing These common buzzwords appear frequently when discussing security and change auditing and represent a broader view of enterprise IT management methodologies. SIEM, which stands for Security Information and Event Management is related to change auditing, however, with some important differentiators. SIEM encompasses real-time analysis of security alerts and events generated through the entire enterprise, extending to all applications and devices at all corners of the organization. Change auditing is a critical information collection and reporting layer to overall SIEM objectives and must have a high level of interoperability with SIEM systems and services in order to achieve maximum effectiveness. SIEM implementations range from in-house, customized systems to massive modular deployments providing management capabilities for nearly all IT resources in an environment. IT Governance is a term often used to describe the overall mission of an IT organization within the broader context of the organization as a whole. It’s meant to provide a means by which core activities and services provided by IT align with overall organizational directives and goals. Risk-Management is a term found more and more frequently in press and publications to challenge the status of security for appropriately describing how organizations approach keeping their resources stable and secure. More recently, the increased visibility of mobile devices and cloud computing as part of an organization’s IT strategy present new challenges to traditional models of thought on security and how best to provide that in an increasingly mobile world where borders to IT infrastructure have blurred greatly. Keeping these new terms in mind while approaching Exchange auditing will help keep IT objectives in line with organizational messaging objectives and needs as requirements change. 10
Exchange Auditing - White Paper 4. NetWrix approach to Exchange Auditing The NetWrix approach incorporates all the necessary features for achieving effective Active Directory auditing in a software solution. The NetWrix Exchange Change Reporter is an Exchange auditing tool that tracks changes made to Exchange objects, settings and permissions across the entire messaging infrastructure. It generates audit reports that include the four W’s: Who, What, When, and Where for every audited Exchange change including created and deleted mailboxes, transport link changes, changes made to security permissions, Exchange admin groups, and all other change activity. It also automatically provides before and new setting values for each Exchange configuration change to improve security and change control efforts. NetWrix also offers an optional Non-Owner Mailbox Auditing add-on critical to securing sensitive information from prying eyes by users and administrators with too much privilege over mail files. The automatic collection and reporting on Exchange changes not only surpasses native capabilities in Windows but expands upon them eliminating the time and effort spent collecting change audit information manually or through complex scripting thereby making this information both reliable and actionable. Furthermore, it has the ability to sustain compliance through historical reporting for up to 7 years and more and extend Exchange auditing into SIEM systems such as SCOM for improved IT control and protection of these investments. In addition to Exchange auditing, NetWrix offers additional integrated modules for Active Directory, Group Policy and more helping protect existing investments in current NetWrix product installations. Adding Active Directory Change Reporter allows for real-time alert capabilities and automatic restoration for Exchange objects, setting and permission changes. Try a free download of NetWrix Exchange Change Reporter to see how NetWrix can help with your auditing and compliance needs. Download link: netwrix.com/exch_download About NetWrix Corporation NetWrix Corporation is a highly specialized provider of solutions for IT infrastructure change auditing. Change auditing is the core competency of NetWrix and no other vendor focuses on this more extensively. With the broadest platform coverage available in the industry, innovative technology and strategic roadmap aiming to support different types of IT systems, devices and applications, NetWrix offers award-winning change auditing solutions at very competitive prices, matched with great customer service. Founded in 2006, NetWrix has evolved as #1 for Change Auditing as 11
Exchange Auditing - White Paper evidenced by thousands of satisfied customers worldwide. The company is headquartered in Paramus, NJ, and has regional offices in Los Angeles and Boston. About Chris Rich As Senior Director of Product Management for NetWrix, located in the Boston office, I oversee all aspects of product management for the NetWrix family of products. I have been involved in numerous aspects of IT for over 16 years including help desk, systems administration, network management, network architecture, telecom and software sales and sales engineering, and product management. I am also a certified technical trainer, MCSA, Certified IBM Domino Administrator, avid runner, musician and happily married father of two. Additional Resources Information security professionals and trends - www.infosecisland.com Articles and commentary on a wide array of IT related topics - www.techrepublic.com Community focused on Windows technologies - www.windowsitpro.com Editorial resource for technology professionals - www.redmondmag.com Innovative tool and active community of IT practitioners - www.spiceworks.com Focused community on Windows security needs, trends, and information -www.windowssecurity.com 10 Immutable Laws of Security - http://technet.microsoft.com/en-us/library/cc722487.aspx Popular explanation and resources for Change Management and Change Auditing concepts and terminology - http://en.wikipedia.org/wiki/Change_management_auditing Excellent resource for Windows Administrators - www.petri.co.il NetWrix Corporate Blog - http://blog.netwrix.com ©2011 All rights reserved. NetWrix is trademark of NetWrix Corporation and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners. 12

Recomendados

BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsChris Farwell
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015AFCEA International
 
Dit yvol3iss33
Dit yvol3iss33Dit yvol3iss33
Dit yvol3iss33Rick Lemieux
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityCitrix
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET Journal
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Brown Smith Wallace
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and complianceActian Corporation
 

Recomendados

BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsChris Farwell
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015AFCEA International
 
Dit yvol3iss33
Dit yvol3iss33Dit yvol3iss33
Dit yvol3iss33Rick Lemieux
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityCitrix
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET Journal
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Brown Smith Wallace
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and complianceActian Corporation
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System AdministrationLisa Dowdell, MSISTM
 
Using Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceUsing Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceCisco Service Provider
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9Ian Sommerville
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseNetwrix Corporation
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
VMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aVMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aTom - Creed
 
Password policy template
Password policy templatePassword policy template
Password policy templateJayaramachandran Rajendran
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemMuhammad Azmy
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9Ian Sommerville
 
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】Jerimi Soma
 
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Aggregage
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Content Aware SIEM™ defined
Content Aware SIEM™ definedContent Aware SIEM™ defined
Content Aware SIEM™ definedEnterprise Technology Management (ETM)
 
INWESTPROJEKT Grudziądz
INWESTPROJEKT GrudziądzINWESTPROJEKT Grudziądz
INWESTPROJEKT GrudziądzsalonyVi
 
Incapacity Planning and Guardianship 2016
Incapacity Planning and Guardianship 2016Incapacity Planning and Guardianship 2016
Incapacity Planning and Guardianship 2016mitoaction
 
Kabir 2012 5
Kabir 2012 5Kabir 2012 5
Kabir 2012 5Valeriu Cismas
 
Songs of-kabir - tradus de tagore
Songs of-kabir - tradus de tagoreSongs of-kabir - tradus de tagore
Songs of-kabir - tradus de tagoreValeriu Cismas
 
Salon Firmowy Bydgoszcz
Salon Firmowy BydgoszczSalon Firmowy Bydgoszcz
Salon Firmowy BydgoszczsalonyVi
 
Actividades egipto
Actividades egiptoActividades egipto
Actividades egiptoFernanda de Uña Piñeiro
 
Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013ryanvong
 

Más contenido relacionado

La actualidad más candente

Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System AdministrationLisa Dowdell, MSISTM
 
Using Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceUsing Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceCisco Service Provider
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9Ian Sommerville
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseNetwrix Corporation
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
VMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aVMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aTom - Creed
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemMuhammad Azmy
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9Ian Sommerville
 
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】Jerimi Soma
 
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Aggregage
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 

La actualidad más candente (15)

Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System Administration
 
Using Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceUsing Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI compliance
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the Enterprise
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
 
VMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1aVMSDeploymentGuide_Extract1a
VMSDeploymentGuide_Extract1a
 
Password policy template
Password policy templatePassword policy template
Password policy template
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning System
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9
 
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】
ISO Cloud Security add-on & PCI DSS mapping 【Continuous Study】
 
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
 
Content Aware SIEM™ defined
Content Aware SIEM™ definedContent Aware SIEM™ defined
Content Aware SIEM™ defined
 

Destacado

INWESTPROJEKT Grudziądz
INWESTPROJEKT GrudziądzINWESTPROJEKT Grudziądz
INWESTPROJEKT GrudziądzsalonyVi
 
Incapacity Planning and Guardianship 2016
Incapacity Planning and Guardianship 2016Incapacity Planning and Guardianship 2016
Incapacity Planning and Guardianship 2016mitoaction
 
Songs of-kabir - tradus de tagore
Songs of-kabir - tradus de tagoreSongs of-kabir - tradus de tagore
Songs of-kabir - tradus de tagoreValeriu Cismas
 
Salon Firmowy Bydgoszcz
Salon Firmowy BydgoszczSalon Firmowy Bydgoszcz
Salon Firmowy BydgoszczsalonyVi
 
Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013ryanvong
 
Intoduction virtualbox khmer
Intoduction virtualbox khmerIntoduction virtualbox khmer
Intoduction virtualbox khmerKichiemon Adachi
 
Seo Nexus
Seo NexusSeo Nexus
Seo Nexusjtmre
 
Up kmečki dvor reklama
Up kmečki dvor reklamaUp kmečki dvor reklama
Up kmečki dvor reklamakmeckidvor
 
ผลกระทบการเปิดเสรีต่อแรงงานไทย
ผลกระทบการเปิดเสรีต่อแรงงานไทยผลกระทบการเปิดเสรีต่อแรงงานไทย
ผลกระทบการเปิดเสรีต่อแรงงานไทยvaranon
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementNetwrix Corporation
 
Progress report orientation
Progress report orientationProgress report orientation
Progress report orientationAdam Caplan
 
Up Kmečki dvor - PONUDBA
Up Kmečki dvor - PONUDBAUp Kmečki dvor - PONUDBA
Up Kmečki dvor - PONUDBAkmeckidvor
 
Convert58669
Convert58669Convert58669
Convert58669alf461
 

Destacado (20)

INWESTPROJEKT Grudziądz
INWESTPROJEKT GrudziądzINWESTPROJEKT Grudziądz
INWESTPROJEKT Grudziądz
 
Incapacity Planning and Guardianship 2016
Incapacity Planning and Guardianship 2016Incapacity Planning and Guardianship 2016
Incapacity Planning and Guardianship 2016
 
Kabir 2012 5
Kabir 2012 5Kabir 2012 5
Kabir 2012 5
 
Songs of-kabir - tradus de tagore
Songs of-kabir - tradus de tagoreSongs of-kabir - tradus de tagore
Songs of-kabir - tradus de tagore
 
Salon Firmowy Bydgoszcz
Salon Firmowy BydgoszczSalon Firmowy Bydgoszcz
Salon Firmowy Bydgoszcz
 
Actividades egipto
Actividades egiptoActividades egipto
Actividades egipto
 
Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013Silicon Valley Marketo User Group - July 2013
Silicon Valley Marketo User Group - July 2013
 
Sarojkumar cv
Sarojkumar cvSarojkumar cv
Sarojkumar cv
 
Hombre
HombreHombre
Hombre
 
Ohio Shale Gas: Supply Chain Opportunities
Ohio Shale Gas: Supply Chain Opportunities Ohio Shale Gas: Supply Chain Opportunities
Ohio Shale Gas: Supply Chain Opportunities
 
Intoduction virtualbox khmer
Intoduction virtualbox khmerIntoduction virtualbox khmer
Intoduction virtualbox khmer
 
Seo Nexus
Seo NexusSeo Nexus
Seo Nexus
 
Up kmečki dvor reklama
Up kmečki dvor reklamaUp kmečki dvor reklama
Up kmečki dvor reklama
 
ผลกระทบการเปิดเสรีต่อแรงงานไทย
ผลกระทบการเปิดเสรีต่อแรงงานไทยผลกระทบการเปิดเสรีต่อแรงงานไทย
ผลกระทบการเปิดเสรีต่อแรงงานไทย
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
 
Om Xpress Print Pack Pvt. Ltd. CRISIL Rating report
Om Xpress Print Pack Pvt. Ltd. CRISIL Rating reportOm Xpress Print Pack Pvt. Ltd. CRISIL Rating report
Om Xpress Print Pack Pvt. Ltd. CRISIL Rating report
 
Progress report orientation
Progress report orientationProgress report orientation
Progress report orientation
 
Rahul bose
Rahul boseRahul bose
Rahul bose
 
Up Kmečki dvor - PONUDBA
Up Kmečki dvor - PONUDBAUp Kmečki dvor - PONUDBA
Up Kmečki dvor - PONUDBA
 
Convert58669
Convert58669Convert58669
Convert58669
 

Similar a Exchange Auditing in the Enterprise

Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerNetwrix Corporation
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docxLynellBull52
 
Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069William Lee
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
SOC 2 for Startups – A Complete Guide
SOC 2 for Startups – A Complete GuideSOC 2 for Startups – A Complete Guide
SOC 2 for Startups – A Complete GuideBrielle Aria
 
Identity_Management_Vendor_Evaluation
Identity_Management_Vendor_EvaluationIdentity_Management_Vendor_Evaluation
Identity_Management_Vendor_EvaluationJerry Ruggieri
 
Virtualize With Confidence
Virtualize With ConfidenceVirtualize With Confidence
Virtualize With Confidencebenscheerer
 
3 Considerations for IT Teams at Small-Midsized Firms
3 Considerations for IT Teams at Small-Midsized Firms3 Considerations for IT Teams at Small-Midsized Firms
3 Considerations for IT Teams at Small-Midsized FirmsReadyTalk
 
How Enterprise Architects Can Build Resilient, Reliable Software-Based Health...
How Enterprise Architects Can Build Resilient, Reliable Software-Based Health...How Enterprise Architects Can Build Resilient, Reliable Software-Based Health...
How Enterprise Architects Can Build Resilient, Reliable Software-Based Health...Cognizant
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfaotmp2600
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iiiAshish Desai
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWinfosec train
 

Similar a Exchange Auditing in the Enterprise (20)

Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange Server
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069Introdunction to Network Management Protocols - SNMP & TR-069
Introdunction to Network Management Protocols - SNMP & TR-069
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
SOC 2 for Startups – A Complete Guide
SOC 2 for Startups – A Complete GuideSOC 2 for Startups – A Complete Guide
SOC 2 for Startups – A Complete Guide
 
Identity_Management_Vendor_Evaluation
Identity_Management_Vendor_EvaluationIdentity_Management_Vendor_Evaluation
Identity_Management_Vendor_Evaluation
 
Managing Compliance
Managing ComplianceManaging Compliance
Managing Compliance
 
Virtualize With Confidence
Virtualize With ConfidenceVirtualize With Confidence
Virtualize With Confidence
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
3 Considerations for IT Teams at Small-Midsized Firms
3 Considerations for IT Teams at Small-Midsized Firms3 Considerations for IT Teams at Small-Midsized Firms
3 Considerations for IT Teams at Small-Midsized Firms
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
 
How Enterprise Architects Can Build Resilient, Reliable Software-Based Health...
How Enterprise Architects Can Build Resilient, Reliable Software-Based Health...How Enterprise Architects Can Build Resilient, Reliable Software-Based Health...
How Enterprise Architects Can Build Resilient, Reliable Software-Based Health...
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdf
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
 
CISA (1).pdf
CISA (1).pdfCISA (1).pdf
CISA (1).pdf
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
 

Más de Netwrix Corporation

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and whereNetwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsNetwrix Corporation
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsNetwrix Corporation
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsNetwrix Corporation
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceNetwrix Corporation
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingNetwrix Corporation
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaNetwrix Corporation
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Netwrix Corporation
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesNetwrix Corporation
 

Más de Netwrix Corporation (15)

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutions
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases Auditors
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users Accounts
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable Media
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy Changes
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
File auditing on NetApp Filer
File auditing on NetApp Filer File auditing on NetApp Filer
File auditing on NetApp Filer
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Exchange Auditing in the Enterprise

  • 1. Exchange Auditing in the Enterprise White Paper Written by Chris Rich for NetWrix Corporation
  • 2. Exchange Auditing - White Paper Table of Contents 1. What is Microsoft Exchange Auditing? ........................................................................................................................... 3 2. Why is Exchange Auditing Important? ............................................................................................................................ 4 2.1 Exchange Auditing: A Real-World Example............................................................................................................. 4 2.2 Exchange Auditing to Reduce Risk .......................................................................................................................... 4 2.3 Change Auditing to Improve Security ..................................................................................................................... 5 2.4 Exchange Auditing to Sustain Compliance .............................................................................................................. 5 2.5 Exchange Auditing to Improve Manageability ........................................................................................................ 5 3. Required Features for Exchange Auditing ...................................................................................................................... 7 3.1 Automatic Data Collection ...................................................................................................................................... 7 3.2 Efficient and Centralized Audit Data Storage.......................................................................................................... 7 3.3 Scalability ................................................................................................................................................................ 8 3.4 Advanced Reporting Capabilities ............................................................................................................................ 8 3.5 Non-Owner Mailbox Auditing ................................................................................................................................. 9 3.6 Additional Considerations ....................................................................................................................................... 9 3.7 SIEM, IT Governance, Risk-Management and Exchange Auditing ........................................................................ 10 4. NetWrix approach to Exchange Auditing ...................................................................................................................... 11 About NetWrix Corporation .................................................................................................................................................. 11 About Chris Rich .................................................................................................................................................................... 12 Additional Resources ............................................................................................................................................................ 12 2
  • 3. Exchange Auditing - White Paper 1. What is Microsoft Exchange Auditing? Microsoft Exchange Auditing is an ongoing auditing activity for mitigating risks associated with the changes to Exchange environment, including servers, settings, mailboxes, policies and permissions. The goal is to always ensure compliance, security and stability. Limiting unauthorized or undesired Exchange configuration changes and having appropriate segregation of duties and management controls in place is essential to reduce the risks associated with implementing and monitoring Exchange environments in production. While Exchange has seen many improvements to security controls and management tools over the past few years, Exchange auditing is not easily accomplished using native tools, including added features in Microsoft Exchange 2010. Changes to Exchange can introduce security risks, undesired behaviors, errors and problems for end users as well as any applications requiring use of the messaging infrastructure. Proper MS Exchange auditing can reduce the risk of security features being disabled or turned off, sensitive data compromise, and non-compliance with internal and external regulatory requirements. An effective Microsoft Exchange audit includes measuring the risks associated with managing a production IT environment and addressing those risks in a secure, reliable and controlled audit trail of all changes 24x7x365. MS Exchange auditing of objects and permissions is required to secure and manage the messaging infrastructure. This provides a broad range of benefits most notably including accountability, compliance and operational stability at all times and is difficult if not impossible using even the most current native tools. 3
  • 4. Exchange Auditing - White Paper 2. Why is Exchange Auditing Important? 2.1 Exchange Auditing: A Real-World Example The importance of Exchange auditing is best illustrated by a real-world example. Email is the organization’s primary go-to store of information and is still the most relied upon means of communication both internally and externally. It contains everything from sensitive communications within and outside the organization, employee data, financial information, proprietary and trade information not meant for public or even certain internal recipients. One bad change can put that information and compliance at serious risk. Consider the network administrator conducting routine operations who needs help managing a remote Exchange server in the organization. In order to recruit some assistance, they add a local admin to the server to the Exchange Enterprise Administrators group, giving that individual full access to the server and its settings. This local admin decides to change the database store of local mailboxes to a new SAN drive, however, the configuration is performed incorrectly. Users at this location are unable to access their mail. Frustration and anger quickly sets in. Without an Exchange auditing tool in place, this organization will have to work harder and faster to find the problem costing time and some of the reputation of the IT group. With auditing, this information could have been quickly and easily discovered saving potentially hours of troubleshooting. 2.2 Exchange Auditing to Reduce Risk Exchange auditing provides accountability thereby reducing risk through detailed collection and analysis of MS Exchange configuration change information. An Exchange permission setting made today may not be appropriate at some point in the future. Exchange auditing is the vehicle by which changes made to Exchange settings and permissions can be monitored and can be weighed against predetermined compliance and security risks and mitigated accordingly. Establishing risk factors is the single most important step in securing any IT environment. Doing so will ensure that everyone involved from end-users to senior management understands what is at risk. This creates a conscious awareness of all things critical to sustaining normal business operations within the messaging infrastructure. Regularly revisiting these risk factors will serve to adjust them appropriate to needs and condition changes. Once the risk factors have been identified, the next step is to secure them. For Exchange server, permissions limit rights to sensitive data stored in mailboxes. Effectively managing every aspect of user and administrator interaction with the messaging environment reduces risk while granting the appropriate access needed to communicate effectively and consistently. Change may sometimes bring unpredictable results, one of which is unintentionally creating conditions that disrupts mail delivery. Exchange auditing provides 4
  • 5. Exchange Auditing - White Paper actionable and historical forensic information to ensure risk factors are managed appropriately while delivering consistent e-mail services to the end-users. 2.3 Change Auditing to Improve Security Accountability will always keep the honest users and administrators honest, however, internal threats pose a more immediate danger than those external to the organization because of trust. Change auditing provides the ability to establish a robust check-and-balance record for all changes to Exchange. Security improvements through the use of traditional Exchange auditing are most often reactionary. Flaws and holes are discovered after the fact and the reason for this is that without auditing Exchange activity on a regular basis, there is no way to predict and react to how a change will impact the messaging environment. Environments that rely on ticket-based change management systems, or other change approval processes may still experience security problems if the information submitted is later found to have been inaccurate or intentionally misleading. One of the easiest ways to improve Exchange security is to extract and review change information automatically on a regular basis. 2.4 Exchange Auditing to Sustain Compliance Regulations such as SOX, PCI, FISMA, HIPAA each have their own detailed explanations of security standard practices including what exactly needs to be tracked and recorded. These regulations exist to establish (IT) change auditing standards to protect both businesses and consumers. At the end of the day, these regulations and their enforcement strive to confirm the organization is securing, recording and monitoring change events that permit access to sensitive information such as banking information, social security numbers, and health records. Additionally, regulations exist to establish a minimum set of security standards as they apply to user access within the messaging environment in which they operate. Some examples include: mailbox moves, data store deletions, Exchange administrator group memberships, and routing settings. Demonstrating compliance is an exercise in presenting this information to auditors upon request and to the level of details as is interpreted by the law or standard and subject to the individual auditor’s discretion. Auditing Exchange provides the Who, What, When, and Where information most frequently requested by auditors and almost equally important is the need to store this information for sometimes up to 7 years or more to be considered compliant. For Exchange this is extremely difficult and an entirely manual process with native functionality and thus gives rise to the demand for additional tools, especially in large environments with multiple levels of IT administration. 2.5 Exchange Auditing to Improve Manageability Making changes to Exchange is performed easily when provided sufficient access. The consequences of changes however require thought and planning to avoid problems. Even if a lab environment is used to test 5
  • 6. Exchange Auditing - White Paper changes, unexpected results can still occur making the need to monitor Exchange server is essential to ensuring a compliant, secure and stable messaging environment. Exchange auditing offers the opportunity to see before and new values for modified configuration settings and permissions that can greatly improve an administrator’s response times to recover from changes that result in harm or that introduce unnecessary risks. Additionally, by maintaining an historical record of changes over time, further analysis can be used to uncover less obvious problems or inefficiencies. Being able to make changes to Exchange is necessary to adjust to meet business and operational goals however, the ability to look back at the impact those changes had is the difference between ensuring a consistent, stable and safe environment for users and loosing visibility and control over the systems charged with delivery of critical messaging services. The ease with which changes are made can create a false sense of security with regards to the impacts those changes may bring and thus reinforces the need to have an Exchange auditing and reporting tool to improve overall enterprise messaging manageability. 6
  • 7. Exchange Auditing - White Paper 3. Required Features for Exchange Auditing Exchange auditing is the process of gathering information, reporting the information, analyzing the information, taking action and evaluating the results of those actions, to sustain compliance, secure information, and ensure consistent delivery of messaging services. Windows natively has the ability to output audit information. This information however is dispersed between Exchange servers and Active Directory domain controllers and is not centrally aggregated. Exchange reporting tools are also unavailable for audit data making the collection and reporting steps of change auditing for configuration changes difficult and time consuming. There is also a risk of losing audit data if event log settings are not set properly to handle the volume of information logged and running out of disk space on domain controllers if too much information is being captured and not cleared after it’s been archived properly. Once native information is analyzed by an administrator experienced with system events and messages, the interpretation then would need to result in a decision to act or, accept the change and information as having met the intended goal and did not result in a deficiency or unacceptable compromise. Evaluating using native Windows and Exchange tools requires the same activity as collecting the information and thus requires similar investments in time and effort. Combine these factors and the result is native change auditing is not feasible in most types of environments. The following information is a collection of must-have Microsoft Exchange auditing features. Additional deployment considerations are provided as well. 3.1 Automatic Data Collection In order to efficiently audit Exchange servers, the process must be automated through scripting or 3rd- party tools. Without it, collecting the information in a timely manner is not feasible. This is especially true as the size of the organization will have a great impact on the raw volume of information collected making it even more challenging to track and monitor Exchange changes. Special steps must also be taken on servers and domain controllers throughout the environment to facilitate auditing of the information which is by default not enabled. Additional scripting and/or a 3 rd-party Exchange server monitoring tool may also be employed to pre-configure systems in preparation of collecting event data. Furthermore, if audit data is not collected regularly, there is a risk of losing this information due to event log automatic overwrites or disk space issues. This is an important required feature to change auditing because without it, timely auditing is nearly impossible. 3.2 Efficient and Centralized Audit Data Storage Automation of any kind typically requires additional resources and may negatively impact system performance which can lead to bigger problems. For this reason, it’s important that the impact of the method employed to automatically collect data is minimal. Furthermore, storage of data must also be a consideration during implementation. While it is possible to store event and audit data locally on Exchange servers where 7
  • 8. Exchange Auditing - White Paper the events are taking place, the preferred method will be to centralize this information in a data store that is both secure and readily available. This leads to numerous additional benefits over time as the need to analyze and report on this information becomes part of daily routine for the IT administrator or group responsible for the overall health of the Exchange messaging services. Collection of information must also be reliable. Occasionally, each piece of the change auditing system should have a periodic check to ensure information is consistent when collected. The most advanced methods of reliably collecting this information will also have the ability to pre-screen data and filter for only essential data and the ability to compress this information to further add to overall efficiency. During collection, preference should be given to methods that leverage the existing Windows and Exchange event logs as opposed to injected agents or modified core system code for audit data extraction. Doing so will eliminate any potential system stability issues or future incompatibility problems. Relying solely on event log data introduces problems because this information is frequently incomplete. To completely understand an event, information from all sources involved must be aggregated and analyzed as a whole. Securing this information for short and long-term storage is also an important consideration and thus best-practices for securing audit data should be included pre-deployment such that no single power-user has access to or the ability to delete or tamper with information. Access to this information should be heavily restricted and monitored. 3.3 Scalability To audit Exchange changes in the enterprise, the solution must be scalable to adjust to a constantly changing environment without the need for dramatic steps. Implementation and ongoing use of MS Exchange auditing will be simplified when no additional software or extensive reconfigurations are required when adjusting to messaging changes within the organization. Exchange auditing should keep pace with all granular changes as the overall topology of the network, domain controllers and Active Directory changes to ensure consistent control to best serve end-users and provide an invaluable audit trail for the IT staff. This scalability needs to be facilitated easily. 3.4 Advanced Reporting Capabilities Once data collection is automated, reliable and stored securely, MS Exchange auditing can assume a proactive role in sustaining compliance, securing information and improving overall messaging performance and stability. Advanced reporting is necessary to provide IT administrators, management and auditors with summarized information on every Exchange change and for any time period. Without the ability to produce clear information on change history for day-to-day modifications to Exchange objects and settings, such as, who changed mailbox permissions or if there has been a deleted connector, sustaining compliance, stability and security will be impossible and many opportunities to improve these functions will be surrendered. 8
  • 9. Exchange Auditing - White Paper With Exchange messaging environments, using Microsoft SQL Server to store data and leverage SQL Reporting Services prove obvious choices for storing and reporting on data. SQL Server with Reporting Services (SQL SRS) can be downloaded for free from Microsoft. The ability to customize ad-hoc and predefined 3rd- party reports will accelerate an effective change auditing implementation by saving time and providing configuration options to suit the majority of needs. Using reports on a daily basis ensures complete visibility over the entire IT infrastructure providing opportunities to improve security and sustain compliance. Additional reporting services including e-mail subscription capabilities and will also add to the impact advanced reporting will have on overall systems management effectiveness. Once established, advanced reporting will be the main driver behind a successful sustained Exchange audit and will become an important part of day-to-day management of the messaging environment. 3.5 Non-Owner Mailbox Auditing Non-owner mailbox access poses serious threats to your information. With the abundance of sensitive data stored in mailboxes, having the ability to monitor who attempts to open them is a necessity. This will also serve to show where security needs firming up and will satisfy auditors who may want to see a report showing who has attempted access to mail files not belonging to them. Administrators and users with excessive permissions present serious threats to the organization in the form of reviewing confidential information without permission. This threat is especially severe for publicly traded companies where financial information if leaked from the CFO’s mailbox can have legal repercussions. An internal employee having a look at confidential financial statements before they become public may buy or sell stock in the company using this insider information. The necessity to audit Non-Owner mailbox access is critical for this reason as well as numerous similar situations where confidential information may pose serious harm. Human resources also withholds sensitive company and employee information as such is the case during major restructuring, or acquisitions where an employee could learn of upcoming layoffs or terminations in advance of this information becoming public. The unauthorized employee could warn coworkers or cause panic and unrest in the organization. This example further illustrates the grave dangers associated with non- owner mailbox access and highlights the need to have this important feature as part of any Exchange auditing solution. 3.6 Additional Considerations Preferred solutions (and providers) should offer plug-in or add-on modules and software to help form a cohesive and comprehensive management suite to maximize the potential benefits of change auditing. Some additional types of systems may include firewalls, switches, database servers, SANs, storage appliances and other Microsoft technologies such as SQL and SharePoint and especially Active Directory and Group Policies. 9
  • 10. Exchange Auditing - White Paper Real-time alerting and object restore features will also add great value to any selected Exchange auditing tools. 3.7 SIEM, IT Governance, Risk-Management and Exchange Auditing These common buzzwords appear frequently when discussing security and change auditing and represent a broader view of enterprise IT management methodologies. SIEM, which stands for Security Information and Event Management is related to change auditing, however, with some important differentiators. SIEM encompasses real-time analysis of security alerts and events generated through the entire enterprise, extending to all applications and devices at all corners of the organization. Change auditing is a critical information collection and reporting layer to overall SIEM objectives and must have a high level of interoperability with SIEM systems and services in order to achieve maximum effectiveness. SIEM implementations range from in-house, customized systems to massive modular deployments providing management capabilities for nearly all IT resources in an environment. IT Governance is a term often used to describe the overall mission of an IT organization within the broader context of the organization as a whole. It’s meant to provide a means by which core activities and services provided by IT align with overall organizational directives and goals. Risk-Management is a term found more and more frequently in press and publications to challenge the status of security for appropriately describing how organizations approach keeping their resources stable and secure. More recently, the increased visibility of mobile devices and cloud computing as part of an organization’s IT strategy present new challenges to traditional models of thought on security and how best to provide that in an increasingly mobile world where borders to IT infrastructure have blurred greatly. Keeping these new terms in mind while approaching Exchange auditing will help keep IT objectives in line with organizational messaging objectives and needs as requirements change. 10
  • 11. Exchange Auditing - White Paper 4. NetWrix approach to Exchange Auditing The NetWrix approach incorporates all the necessary features for achieving effective Active Directory auditing in a software solution. The NetWrix Exchange Change Reporter is an Exchange auditing tool that tracks changes made to Exchange objects, settings and permissions across the entire messaging infrastructure. It generates audit reports that include the four W’s: Who, What, When, and Where for every audited Exchange change including created and deleted mailboxes, transport link changes, changes made to security permissions, Exchange admin groups, and all other change activity. It also automatically provides before and new setting values for each Exchange configuration change to improve security and change control efforts. NetWrix also offers an optional Non-Owner Mailbox Auditing add-on critical to securing sensitive information from prying eyes by users and administrators with too much privilege over mail files. The automatic collection and reporting on Exchange changes not only surpasses native capabilities in Windows but expands upon them eliminating the time and effort spent collecting change audit information manually or through complex scripting thereby making this information both reliable and actionable. Furthermore, it has the ability to sustain compliance through historical reporting for up to 7 years and more and extend Exchange auditing into SIEM systems such as SCOM for improved IT control and protection of these investments. In addition to Exchange auditing, NetWrix offers additional integrated modules for Active Directory, Group Policy and more helping protect existing investments in current NetWrix product installations. Adding Active Directory Change Reporter allows for real-time alert capabilities and automatic restoration for Exchange objects, setting and permission changes. Try a free download of NetWrix Exchange Change Reporter to see how NetWrix can help with your auditing and compliance needs. Download link: netwrix.com/exch_download About NetWrix Corporation NetWrix Corporation is a highly specialized provider of solutions for IT infrastructure change auditing. Change auditing is the core competency of NetWrix and no other vendor focuses on this more extensively. With the broadest platform coverage available in the industry, innovative technology and strategic roadmap aiming to support different types of IT systems, devices and applications, NetWrix offers award-winning change auditing solutions at very competitive prices, matched with great customer service. Founded in 2006, NetWrix has evolved as #1 for Change Auditing as 11
  • 12. Exchange Auditing - White Paper evidenced by thousands of satisfied customers worldwide. The company is headquartered in Paramus, NJ, and has regional offices in Los Angeles and Boston. About Chris Rich As Senior Director of Product Management for NetWrix, located in the Boston office, I oversee all aspects of product management for the NetWrix family of products. I have been involved in numerous aspects of IT for over 16 years including help desk, systems administration, network management, network architecture, telecom and software sales and sales engineering, and product management. I am also a certified technical trainer, MCSA, Certified IBM Domino Administrator, avid runner, musician and happily married father of two. Additional Resources Information security professionals and trends - www.infosecisland.com Articles and commentary on a wide array of IT related topics - www.techrepublic.com Community focused on Windows technologies - www.windowsitpro.com Editorial resource for technology professionals - www.redmondmag.com Innovative tool and active community of IT practitioners - www.spiceworks.com Focused community on Windows security needs, trends, and information -www.windowssecurity.com 10 Immutable Laws of Security - http://technet.microsoft.com/en-us/library/cc722487.aspx Popular explanation and resources for Change Management and Change Auditing concepts and terminology - http://en.wikipedia.org/wiki/Change_management_auditing Excellent resource for Windows Administrators - www.petri.co.il NetWrix Corporate Blog - http://blog.netwrix.com ©2011 All rights reserved. NetWrix is trademark of NetWrix Corporation and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners. 12