Control Library
      Back to home
      1. Help Center
      2. Data Governance
      3. Control Library

      Improve IT security with exMon continuous monitoring

      In today's IT landscape it's essential to minimise the risk of external and internal intrusion.

      Here is an overview of exMon controls our customers have implemented to increase their security.

       

      Active Directory

      With exMon you can query domain controllers to ensure users and groups are configured properly and monitor user behaviour.

      Examples of controls our customers have done against Active Directory:

      • Users that haven't logged in for 90 days
      • Users that haven't taken vacation for X number of days in the past year
      • Users without expiring passwords
      • User is Active but should be disabled according to HR system or AD group
      • Contractor not logged in for X number of days
      • Contractors without expiry date or too far into the future
      • Contractors without a Manager or the Manager is not enabled in AD
      • Contractors in groups they should not belong to (e.g. Office365)
      • Users or contractor usernames not according to policy
      • Changes to Domain Admins
      • Notifications of users changing passwords or unlocking other users

      Databases

      Databases can contain very sensitive information which rouge user accounts can either destroy or steal.
      Here are common controls our customers use to controls their databases. These apply to most types of databases.

      • Failed database logins
      • SA / Administrator account changes / additions
      • Dormant accounts - accounts not used for X weeks
      • Dormant service accounts - accounts not used for X weeks
      • Too much privilege for a single service account
      • Employee accounts used as service accounts
      • Enforcement of password policies
      • Sensitive data outside perimeter

       

      Cloud Solutions

      Companies use more and more cloud solutions where the security model is different. It's essential to take extra care when configuring and monitoring these systems as they do not follow the same perimeter based security as on premise solutions.
      Most systems have APIs to fetch security related information.

      • Cloud applications used without SSO - ensure all users have SSO and MFA enabled
      • Cloud user that is enabled in a third party system but has been disabled in Active Directory
      • Comparing privileges in a cloud solution to AD group membership for the user
      • Dormant user accounts