There are two functional areas of Active Directory management and security that every organization struggles with; one is changing their password policies and the other is identifying the source of LDAP traffic. StealthINTERCEPT efficiently addresses both of these challenges in Version 6.1.
Password Pain? How to Improve Your Password Policy
The NIST 800-63B password guidelines walk back almost two decades of guidance about how companies should approach password security. And the reality is, not every company is ready to embrace changes to existing password policies to bring them into line with NIST. Regardless of the changes made to a company’s password policy, it always seems to result in increased calls to the help desk and a lot of frustrated users.
I have sat in the room as some brave sole suggests changing the password policy and is given a dunce cap and told to stand in the corner while they think about what they have said.
The real problem is that there is no way to know how much disruption would be caused by a change to the password policy. But what if you could have a trial run? What if you could test a stronger policy that is more like the NIST guidelines over a 3,6, or 9 month period to see how many users would have had a failed a password change due to the new policy?
Imagine implementing a stronger policy across the organization in a passive fashion where the policy is not enforced, but any failure to comply is logged. With this knowledge, you could perform broad or targeted user education prior to actually changing and enforcing a new policy, allowing you to anticipate and minimize business disruptions.
I know it sounds too good to be true, but in StealthINTERCEPT 6.1, your dreams become reality! I think this new feature is going to be a big help, and one that customers will really like.
LDAP Auditing without the Headache
Something less toxic than password policy changes (but perhaps just as daunting to think about) is LDAP traffic analysis.
We all know applications generate a large amount of LDAP traffic, which can dramatically affect AD performance. Active Directory Admins often struggle when trying to understand how much applications affect Active Directory performance, but also if planned AD changes could inadvertently affect application performance.
While this headache is not as painful as anticipating the whining about password policy changes, one peek at LDAP traffic usually has administrators scratching their head as to:
- Why is application X is running the exact same query thousands of times per second?
- How is a query that has so many results valuable to an application?
- Why is a query that has no results run so often by an application?
- It is unbelievable how inefficient this query actually is!
- Which applications are still using unencrypted LDAP queries?
While it is technically possible to do LDAP traffic analysis using native logging to identify and reduce unencrypted traffic or applications targeting a single Domain Controller, it is often a time consuming and manual process – if you can get it working.
LDAP auditing is not a new feature in StealthINTERCEPT, but we made a number of enhancements to improve your ability to answer these questions around LDAP traffic in your environment in v6.1, including:
- Secure LDAP Queries – StealthINTERCEPT now supports LDAPS, as well as Kerberos Sign and Seal detection
- Query Run Time – You can now filter queries that have a run time above or below a given threshold to identify inefficient queries
- Enhanced User and Computer Filtering – StealthINTERCEPT’s LDAP query filter has been enhanced to reduce unnecessary activity
- Exclude Query – Users can now apply exclusion filters based on the search string or search base/base DN of the search
Of course, we made lots of other great enhancements to this latest version of StealthINTERCEPT. To learn more about StealthINTERCEPT 6.1, request a free trial or demo or contact your account representative or STEALTHbits Support to upgrade today!
Rod Simmons is VP of Product Strategy at STEALTHbits Technologies responsible for the vision and strategy of their Active Directory Management and Security solutions. Rod has been in the technology space for over 20 years.
Prior to joining STEALTHbits, he served as Director of Product Management at BeyondTrust responsible for the Privileged Access Management products. He has also held positions leading Solution Architects and Product Managers at Quest Software and Netpro Computing Inc.