Enterprise IT Activity Auditing, Tracking, and Logging

By Bob Corum, OIT

In order to comply with the Health Insurance Portability and Accountability Act (HIPPA), Sarbanes-Oxley, and Federal Information Processing Standards requirements for numerous agencies, OIT needs to provide the ability to monitor and track the changes that are made to our Active Directory (AD) structure and file servers. The types of events tracked are who, what, and when. To clarify:

Who – who logged in to what systems and when they logged in.

What – what files or parameters were changed or altered by who and when.

When – when did the above events cause an issue that can be correlated in time.

OIT had been using a product called Quest on a limited basis – for domain controllers (DCs) only. With the upgrade of the domain controllers to Server-2008, our version of Quest would no longer run on the DCs. In addition our licensing had expired.

A committee was formed to publish a Request For Proposals to acquire quotes for a system to cover the entire enterprise and not just the domain controllers. Bids were entertained from NetWrix, IBM, and Presidio Systems. After reviewing the bids, NetWrix was selected and a Proof of Concept (POC) acceptance program is currently being developed. Covered under the POC will be AD resources, Windows file and print, and EMC Corp. Network-attached Storage units. OIT's UNIX systems are currently capable of providing most of the required details. The POC is expected to begin around the second week in December.

For more information, contact Bob Corum at 624-8895.