Windows logon auditing: Everything you need to know in only 10 minutes [Free e-book]

Windows logon auditing e-book

User logon activity needs to be audited to meet various security, operational, and compliance requirements of an IT environment, such as:

  • Detecting suspicious activities like a high volume of logon failures.

  • Tracking the active and idle time spent by users

ADAudit Plus 1 min read Read

The LLMNR/NBT-NS strike

Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) are two protocols that are used to identify a host address on a network when the DNS name resolution, which is the conventional method, fails to do so.

When a …

Active Directory , ADAudit Plus , General 2 min read Read

The Windows LDAP bind security vulnerability you should know about

The Lightweight Directory Access Protocol (LDAP) is used by directory clients to access data held by directory servers. Clients and applications authenticate with Windows Active Directory (AD) using LDAP bind operations.

There are different kinds of LDAP bind operations, including:…

ADAudit Plus 2 min read Read

IT security: Keep calm and monitor PowerShell 

In our last release of the PowerShell security series, we talked about how PowerShell could be leveraged by malicious actors to gain unprecedented access to your organization’s critical assets. From enumerating sensitive domain information and carrying out credential-based attacks to …

ADAudit Plus 1 min read Read

Is your business PCI DSS compliant? 

How Chooseus Life Insurance lost its customers’ cardholder details and their trust

In August 2019, reporters began flocking to Chooseus Life Insurance’s head office in Detroit after news leaked that thousands of the company’s customers had lost money due to …

ADAudit Plus , General 2 min read Read

NTLM vulnerabilities that make you susceptible to relay attacks

In June 2019, Microsoft released patches for two critical vulnerabilities that were discovered in its NT LAN Manager (NTLM) protocol suite affecting all versions. These vulnerabilities let attackers execute malicious code on any Windows machine remotely, or even authenticate to …

ADAudit Plus 2 min read Read

Find out which of your employees pose the greatest security risk

Among the different types of cyberattacks, insider threats are the hardest to track and have the highest rate of success. This can be attributed to their use, or rather misuse, of legitimate credentials, machines, and access privileges.

Traditional SIEM solutions …

ADAudit Plus 2 min read Read

Detecting first time processes on member servers to protect against attacks

In a previous blog, we saw how ADAudit Plus’ user behavior analytics (UBA) capabilities allow administrators to monitor user logon activity to identify compromised accounts. UBA in ADAudit Plus can also help you track any unusual process on member …

ADAudit Plus 2 min read Read

Monitoring user logon activity to identify compromised accounts

In a previous blog, we saw how ADAudit Plus’ user behavior analytics (UBA) capabilities allow administrators to monitor the file activity of users to identify anomalies. UBA in ADAudit Plus can also aid in identifying compromised accounts by monitoring …

ADAudit Plus 2 min read Read