This is a short video to demonstrate the powerful forensic capabilities of IT Security Search, or ITSS. my name is Shawny Reiner, and I'm a Strategic Solutions Consultant for Quest Software. IT Security Search is a web-based interface and console for several of our management and security solutions.
It's free with any of the five solutions it works with, and it can be used with any one or all five. And the solutions are Change Auditor, Enterprise Reporter, Entrust, Active Roles, and Recovery Manager for Active Directory. ITSS uses the data from these products to provide quick, consolidated, and correlated forensic searching of changes, issues, and general information in your environment.
As you can see, the ITSS launch page looks very much like an internet search engine, and it pretty much works like that, but searching across the data of the solutions I mentioned before. One headache that IT always seems to deal with, and always starts at the help desk is account lockouts and finding the source. With IT Security Search, it's easy to discover the source of these problematic and frequent lockouts for a user.
I used an account in our lab named Zane Shine, and purposely locked him out trying to map a drive to simulate that situation where there's a map drive using a specific count and the password has expired. But any reason for a lockout will be just as easy to find with ITSS. Then, to simulate what the help desk or IT admin might be facing, the known information to begin troubleshooting would be the user's name and that he's experienced unexplained lockouts.
So to begin the search, I'm going to use wild cards around the word lock. And then Zane's name. And then the only other filter is I'm going to filter by date to just quicken the results of the search. It starts to search, and as it begins to search, it populates whatever data it finds so that you can begin looking. It'll continue the search unless you stop it, or until it finds all of the related data.
And as you can see, it quickly found the relevant events to Zane's issue. You can see already that just in the normalized data over here in the left-hand column, the who, where, what, we scroll down, workstation, whom, that I can see the involved workstations without even clicking into the events or doing any further searching. The way ITSS is designed, it gives you the ability to visually understand this data very quickly, and then each item becomes a hyperlink so that you can quickly ensue a new search or filters for further forensic investigation. But if I click on the involved workstations-- and we'll just click on one of these-- it'll will start to filter by just that workstation and also Zane, and then I can start to see, oh, yes, there are frequent lockouts here. I can also see the who that is involved.
And for the lockout events-- so if we take a look here, for example, the user account lockout-- we can see that it is Zane's account that is locking out his account. But this is a hint to what you might need to further investigate. If it wasn't Zane, it could be a hacking attempt, it could be a script that's running, a service account. But the who will be an identifier so that you can do further investigation. And I could simply click on the who that's up here, like, if it was this account and not Zane's locking out, I could click on this and it would do further filtering and investigation to help you understand what other activity might be involved with that account.
But in this case, it's Zane that's locking the account out, and these are the two workstations involved. So in this case, we can go back to Zane and look at those source devices, and quickly find what is locking him out from those devices, and resolve the issue. Help desk and IT admins can use this powerful searching capability to stay ahead of trouble tickets by doing daily searches for frequent lockouts and working to resolve them.
And this is just one way that ITSS, with the data from our management security and auditing solutions can provide powerful forensic searching to effectively manage and know your environment. Look for other ITSS videos for examples of more powerful uses.
04:47
