We are pleased to announce the new Data Access Security Active Directory connector is now live!
Description
The new connector extends Data Access Security’s Resource Discovery capabilities to Active Directory identity repositories, hosted on customers premises, delivering enhanced visibility, and enabling effective governance of a key component at the heart of most organizations identity infrastructure.
What is the Problem?
Active Directory (AD) remains the foundation of Microsoft’s security framework and is an essential platform for enterprises around the world. For directory-based identity-related services, Active Directory and Azure AD hold the keys to the kingdom. Users, groups, applications, and data access are all authenticated and secured via Active Directory, which means it’s imperative that this critical system remains well organized and secure.
However, AD also carries inherent risk, since it is an appealing target for malicious activity. This means administrators need crystal-clear visibility into exactly who has access and any changes being made to the security and permissions landscape. Without visibility, as well as effective controls and real-time monitoring, organizations can find themselves vulnerable to a host of operational and security issues. And a successful attack on AD can result in security exposure, material losses, compliance fines, ransom fees, reputation damage, and increased audit requirements.
What is the Solution
SailPoint Data Access Security provides visibility and simplifying the structure of even the most complex multi-domain environments. Data Access Security can help uncover issues such as overexposed objects, and incorrect security controls, as well as track changes made to access object, group memberships and GPO policies. Automated governance processes and dynamic review flows allow administrators to take action on access issues, and secure access to critical directory objects.
New Capabilities
- Resource discovery – Discover access objects and directory hierarchical structures across complex active directory domain structures.
- Distributed Environment Support – Easily govern complex Active Directory forest environments, that spans multiple Domain Controllers, servers and regions, through a single centralized governance solution.
- Pre-Reqs and Connectivity Validation - Easily validate access and connectivity requirements are met with a click of a button, to ensure successful application onboarding, and save time avoiding unnecessary changes to settings. Get immediate indication on configurations validations, and get recommendations on remediating incorrect settings.
What is Next Up?
Here are the areas we intend to expand this feature in the coming quarters:
- Permission Collections – Discovering identities and entitlements’ access into Organizations Units, access objects and domain assets hosted on your Active Directory domain forests. Uncover issues such as overexposed objects, incorrect security controls, and over-privileged non-admin accounts.
- Activity Monitoring – Track and monitor identities activity and any modifications made on your Active Directory forests Identities, Entitlements and Group Membership assignments, Access Objects, Policies and configuration settings. Detect and alert on operations that violate organizations policies or best practices, and native changes done outside authorized governance processes to protect your Identity Governance investment and your Identity Security posture.
- Reporting - Leverage automated and scheduled out-of-the-box reporting capabilities detailing data assets and data access distribution, and ad-hoc reports for customized focused insights.
Additional Information
The Data Access Security Active Directory connector requires Virtual Appliance clusters to perform on-premises data collection. Please follow the instructions detailed in the connector documentation.
Who is affected?
All DAS customers.
Important Dates
This new capability is GA’d. Implement it at your earliest convenience.