Active Directory Integration
Long past are the days when an IP could identify a user. Users nowadays are usually combining access through laptops, mobile devices, … In order to properly identify users, AD integration is needed.
User identification through AD
Managing a complex network using origin and destination IPs has become obsolete. Identifying user traffic inside a network is a necessary step to handle security, monitorization and optimization systems.
-
- Both user and group identification are necessary for network management.
- Needed information is constantly changing and updated.
- In complex organizations, this information is mostly held in AD servers.
- Intrusive or resource-consuming solutions are usually problematic to implement.
- Having this information it in an external microservice can solve these issues.
Active Directory Market Overview
Seamless integration for multiple scenarios
Organizations usually handle their users and hierarchy organizations through an Active Directory Server. No matter cloud or on-premise servers, this server is understandably a critical part of their architecture, and thus, sysadmins are usually very reluctant to open ports, APIs or any sort of access to external systems.
It is due to this reason that, for security systems, NTAs, or any other software that usually wants to have access to updated information from the AD server, they need to install certain software inside the client´s infrastructure.
Multiple vendors have come up with multiple solutions for this problem. But usually, all available solutions prioritize 3 points: light usage of resources, secure connection for needed services and seamless integration with the current system.
These three factors are key for a successful integration with any production server. The installed plugin will then maintain all user and group related information in the cloud for services to consume.
What are the important points related to Active Directory Integration
Seamless integration
Active directory plugins cannot mean large system changes or complex maintenance, since this would have a heavy impact in the organization and deter any clients from onboarding the system.
Security is key
The Active Directory server is key inside any organization. It regulates users access to resources and group hierarchies within the company. Any plugin or proposed integration that compromises security would be a stopper for these type of endeavors.
Light need of resources
Any plugin running inside an organization´s server cannot be resource-demanding. A slow server executing critical tasks is as good as a dead one for all that matters. Any plugin of this sort would have to make use of the very minimal resources.
Updated information is pivotal
The information that such plugins handle is not only critical to protect against unwanted access, but must also be immediately updated. This is specially relevant for related security-services, since outdated information might be a security breach.
Understanding Active Directory Integration
UEBA, user-based security policies, anomaly detection, XDR, NTA… All these are features, functionalities and techniques that have come out into the market in recent years. They provide great value to corporate clients, and have allowed system managers monitoring capabilities and control over the network much greater than decades past. But all these technologies have one thing in common. They require user-based monitoring and actions to work.
And that´s precisely the problem. Users are no longer attached to a single IP or workstation. Nowadays workers can jump from their computer to their laptop, send a videocall meeting to their phones while it´s taking place, connect to their offices through their Ipads, use secondary lines if the main ones are clogged….
The number of devices and ways that users have available for them to jump into internet are countless. Even some IP that has been used by one user can be used by another later. So, how to control what each user is doing?
That´s where Active Directory comes along. Within a network´s organization, it´s these servers that held key information of what user is having which IP at what time. So having reliable access to this information is key for bringing all these features into the table.
Any organization that wants to offer these services to its clients will thus have to have a way of properly accessing and update this information in real time without impacting the overall working of their clients. And that´s exactly what Teldat´s Active Directory Plugin brings into the table.
Solution & Teldat Active Directory Integration Products
The background
In Teldat, we have recently updated our networking portfolio with multiple software products such as be.Safe XDR, be.Safe, SDWAN, … When interacting with our clients, we realized that the market slowly but steadily was showing the necessity of no longer speak about IPs, but instead talking about Users. When establishing a security policy in be.Safe, clients wanted to associate a security policy to a user, not an IP. When using be.Safe XDR for monitoring purposes, corporate networking personell was not interested in what IP had generated what traffic, but what user.
It is for this very reason that we looked into developing a solution that, integrated with all these services, could bring added value to our clients at the same time as it minimized the impact that each of these services had on the Active Directory servers.
Single source of information
bWhen managing multiple networking products, here in Teldat we have seen the necessity of providing a single plugin for all of them. It is not viable that our clients, while adquiring multiple networking products, need to install different plugins for each of them. Thus, the solution that we have adopted can be used for any of our portfolio solutions.
No matter for be.Safe XDR, SDWAN, be.Safe, … All of them can integrate with the single Active Directory plugin. By having a single source of truth, all products will act as one, bringin to our corporate clients a simplified and unified solution ecosystem for extracting the maximum value of their network capabilities.
Light, Safe and seamless
Our Active Directory plugin has been developed with the fundamental characteristics that these plugins require. It is a light service that our clients can install in their AD Servers, and with minimal use of resources, can provide service to an unlimited number of associated products.
In order to ensure the security of the server, our plugin does not respond to any incoming petitions from any unauthorized IP. The needed information, and only the strictly necessary one, gets updated into an external microservice, which later our NTA, be.Safe or any other´s Teldat´s product can consume for the requested functionalities. This allows us to provide a fast, scalable and secure service to our clients without the need to impact their infrastructure directly, or any extra configuration of what they already have.
Security through integration
Attacks and impersonations can occur in a matter of seconds. The timespan between a compromised user and the reaction inside the network can determine the difference between a secure and a compromised organization. It is for this very reason that here in Teldat we have prioritized both a fast and reliable update of the information as well as the capacity to fully bring security into every level of the organizational organigram.
Through our reactive network, our proprietary AI can monitor user behavior and, when an anomaly or a compromised user is detected, through our plugin we can modify permissions and access rules inside the AD server, isolating and containing the possible thread from spreading within the network.
Use Cases
Per-user resource access policies in hybrid networks
Assignment of customized per-user policies for access to resources in software-defined networks.
Per-user resource access policies in hybrid networks
Assignment of customized per-user policies for access to resources in software-defined networks.
Challenge
Nowadays, the concept of network use is changing. Before, networks routinely connected IP addresses with other IP addresses, and now it’s a matter of connecting users with resources, regardless of where each interconnected element is, and all from multiple types of devices. But managing resource access for lots of users, each with different permissions, is complicated. Each department must have a delimited scope of action and each employee can only have access to the platforms or services defined in the corporate regulations.
Solution
Thanks to SDWAN solutions, it is possible to manage multiple resource access policies, hybrid connection environments, teleworking, remote access, etc. With these solutions, any user can access corporate resources from anywhere.
Through integration with Active Directory, each user’s resource access policies can be customized regardless of the device they are using, or if they are using several at the same time, since even if the IP address changes, the platform synchronizes with the Directory and automatically updates the rules.
Why Teldat?
Thanks to integration with Active Directory, Teldat’s be.SDWAN solution offers the ability to manage policies per user, making user mobility within the network more flexible and automating the process.
Network usage by connected users
Customized network resource usage reports per user.
Challenge
In order to accurately estimate network size, administrators need to know how users are using it. Checking that allowed accesses are being complied with and that users are not trying to access other departments’ resources or unauthorized devices (generating alerts in case of an attempt) is also necessary.
Solution
In NTA solutions, it is possible to view the amount of traffic that each device generates and, more importantly, the amount of traffic that each user generates, since they can be connected from anywhere in the network, both corporate and external.
This is achieved through integration with Active Directory, uniquely identifying each user regardless of which network they are connected to or the number and type of devices they are using to connect. In this way, all the operations performed on the network can be traced exactly, allowing forensic analysis to estimate the size of the network or prevent security breaches due to unauthorized access.
Why Teldat?
Thanks to integration with Active Directory, Teldat’s be.Safe XDR solution establishes a unique identification per user, making user mobility in the network more flexible and automating the process.
Control and visibility over applications
A company uses MPLS and VPN connections to access corporate servers and wants to increase access control and gain more information on the use of its applications.
Challenge
As the company uses MPLS connections from branch offices and VPN clients for remote workers, it cannot grant granular access permissions to applications according to user or device type. It also lacks a visualization tool to show the network and resource consumption by each user or how these are being accessed. Consequently, estimating the size of network access and server capacity is a difficult task for the IT team.
Solution
With Teldat’s security solutions, it is possible to control access to all corporate applications and access to the Internet and SaaS platforms in a personalized and granular way thanks to their integration with active directory and SSO tools.
Both access from branch offices and access from remote connections can be controlled.
In addition, Teldat’s visibility solutions provide all the information necessary to understand how resources are accessed and by whom, and thus obtain information on possible attempts to violate rules by devices that may have been hacked.
Why Teldat?
Teldat’s be.Safe and be.Safe XDR solutions offer secure and reliable access, with customized Dashboards to display information in graphical format and generate polices and reports based on specific users thanks to their integration with Active Directory.
Read our latest Blog Posts
Cybersecurity vulnerabilities are affecting to suppliers and customers
In addition to being a data protection tool, cybersecurity software is the first line of defense against external threats or cybersecurity vulnerabilities. So, what happens if the software itself is vulnerable? In the last few years, we’ve seen how attackers exploit...
Developing a Robust Disaster Recovery Plan in the Cloud
In an increasingly digital world, businesses depend on cloud-based systems for everything from data storage to critical applications. While the cloud offers significant benefits—such as scalability, flexibility, and cost efficiency—it also presents new challenges in...
Quadruple Extortion in Ransomware: The Evolution of Cybercrime
The advance of the Internet and new technologies has led to major developments in companies and organizations, but it has also led to a large number of threats in the field of cybersecurity. The Evolution of Ransomware to Quadruple Extortion Ransomware has emerged as...