How Kenvue modernizes AD security: A guide to identity management

[MUSIC PLAYING] Hi. I'm Chris Lee. I'm Senior Manager of Directory Services. All of our modern applications and our critical systems leverage active directory for its core of authentication and authorization for the organization. The primary threats to our organization are really-- really lie within phishing tactics from outsiders or potential, would-be bad actors. The primary challenges that we're faced with, which made us go and actively look for a third-party solution to help us manage active directory, it really has to do with the resources that we have available, with sheer team size, and even just the complexity of the environment. But a tool like ARS helps us build that base environment that allows us to do more with a smaller team. Having a tool like ARS gives us a lot of confidence in securing our active directory environment, surely, because, one, the permissions that we're setting get set in the tool itself and not directly in active directory, which many admins know can be a headache to manage, and it can be a bear to untangle. So a tool like ARS allows us to do that right in the template. A tool like ARS allows us to be very granular with permissioning, and as much as, like, getting down to a single attribute, the level of a single attribute on a on a single object class. So the advantage of having a tool like Change Auditor in your environment is the just the ability to see who is making what change. I know that's the core competency of the product. But the value of that really can't be understated. The more people that have their hands in active directory, the different tools, the different teams that you have that might that might need access. So you have so many teams in there, and then you have tools, and then you have automation of service accounts. When something breaks with an application, if it's tied to a service account, then the first thing that we're typically doing is going into Change Auditor to see what changed with either a service account or a group. And more oftentimes than not, that really gets to the to the root of the issue. A solution like RMAD DRE gives us great confidence to protect against such things like ransomware, for the sheer ability of the integration with Defender, and the ability to detect that malware on a restore. That, that alone gives me a lot of confidence. It's one of the greatest features of that tool, I think. To be able to restore at the object level gives a lot of granularity to the team. It gives a lot of flexibility to our restore procedures. The object-level restore is pretty critical. Backups are only as good as the integrity of your backup. So if your backups are all infected, and you don't have the ability to restore a healthy environment, then it defeats the purpose of having a recovery tool. We decided to go with Quest tools mainly because it's a toolset that I've used in the past, in previous lives. It's a well-known entity. It's a known quantity. We get great support from Quest.