โ05-24-2022 04:33 PM
Yesterday, I was reviewing some pen test (penetration testing) concepts for an upcoming certification exam and came to the realization that JumpCloud's Directory Insights may be a good security *control* in more than one sense. Directory Insights is a logging and compliance feature that provides our users with additional visibility into their infrastructure(s). Yes, it's where you may monitor user authentications and access events, but it also serves as a backup for those same log files. Hear me out...
A smart attacker that has super admin level access can do many things to hide. Modifying or corrupting log files is sometimes one of those tactics. Having a place where logs reside outside of an impacted system serves a "control" for what that log file should be reporting. JumpCloud accomplishes this without an external SIEM for monitoring. The onus is on the admin to do it.
Check it out.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.