Yesterday, I was reviewing some pen test (penetration testing) concepts for an upcoming certification exam and came to the realization that JumpCloud's Directory Insights may be a good security *control* in more than one sense. Directory Insights is a logging and compliance feature that provides our users with additional visibility into their infrastructure(s). Yes, it's where you may monitor user authentications and access events, but it also serves as a backup for those same log files. Hear me out...
A smart attacker that has super admin level access can do many things to hide. Modifying or corrupting log files is sometimes one of those tactics. Having a place where logs reside outside of an impacted system serves a "control" for what that log file should be reporting. JumpCloud accomplishes this without an external SIEM for monitoring. The onus is on the admin to do it.
Check it out.
