I am sitting at my desk doing what I love—training Acture/CSI's next generation of engineers. I am teaching them about Active Directory theory and operations.
I am demonstrating how the Active Directory Recycle Bin works.
I created a test ID in AD - Steve McQueen.
I created a random test group in AD.
I put my test ID in my test group.
I removed my test ID and deleted it.
I deleted the group.
My Microsoft Teams immediately lights up. ManageEngine's ADAudit Plus notified Christina in real time about the Active Directory additions, changes, and deletions.
Attackers will attempt to access resources like shared folders and machines, causing log-on failures. They will also try to manipulate and change IDs and rights, causing alerts.
If you don't have a tool like ADAudit Plus, CyberCNS, or BlueShift Cyber Managed XDR, you'll most likely not know anything is actually going on—possibly until it is too late to save your network.
Versus what just happened to me today. My fingers were not even off the keyboard before my changes were identified and alerted to the appropriate people.
If this had been a real event, shields would have been up, and battle stations would have started active scans and evaluations.
If bad guys are in your network, you must race against time to find them, bottle them up, and kill them before they compromise you.
This is another layer in your security stack to help bolster your defenses.
If you can't identify these core events in your network, let's discuss the best strategy for adding this important layer to your security stack.
Contact us, and we'll figure out the best path forward for you.
Also, if you don't know or have the Active Recycle Bin turned on in your network, please reach out. It is free and a lifesaver for accidental or malicious deletions.
-Scott Quimby, Senior Technical Advisor, CISSP
Acture/CSI
You must be logged in to post a comment.