Active Directory Integration

Long past are the days when an IP could identify a user. Users nowadays are usually combining access through laptops, mobile devices, … In order to properly identify users, AD integration is needed.

User identification through AD

User identification Teldat

Managing a complex network using origin and destination IPs has become obsolete. Identifying user traffic inside a network is a necessary step to handle security, monitorization and optimization systems.

 

    • Both user and group identification are necessary for network management.
    • Needed information is constantly changing and updated.
    • In complex organizations, this information is mostly held in AD servers.
    • Intrusive or resource-consuming solutions are usually problematic to implement.
    • Having this information it in an external microservice can solve these issues.

Active Directory Market Overview

Active directory market Teldat

Seamless integration for multiple scenarios

Organizations usually handle their users and hierarchy organizations through an Active Directory Server. No matter cloud or on-premise servers, this server is understandably a critical part of their architecture, and thus, sysadmins are usually very reluctant to open ports, APIs or any sort of access to external systems.

It is due to this reason that, for security systems, NTAs, or any other software that usually wants to have access to updated information from the AD server, they need to install certain software inside the client´s infrastructure.

Multiple vendors have come up with multiple solutions for this problem. But usually, all available solutions prioritize 3 points: light usage of resources, secure connection for needed services and seamless integration with the current system.

These three factors are key for a successful integration with any production server. The installed plugin will then maintain all user and group related information in the cloud for services to consume.

What are the important points related to Active Directory Integration

Single Sign-on and Active Directory Integration active directory,active directory over sdwan,active directory helpdesk integration,single sign on active directory integration software,next generation active directory

Seamless integration

Active directory plugins cannot mean large system changes or complex maintenance, since this would have a heavy impact in the organization and deter any clients from onboarding the system.

Single Sign-on and Active Directory Integration active directory,active directory over sdwan,active directory helpdesk integration,single sign on active directory integration software,next generation active directory

Security is key

The Active Directory server is key inside any organization. It regulates users access to resources and group hierarchies within the company. Any plugin or proposed integration that compromises security would be a stopper for these type of endeavors.

Single Sign-on and Active Directory Integration active directory,active directory over sdwan,active directory helpdesk integration,single sign on active directory integration software,next generation active directory

Light need of resources

Any plugin running inside an organization´s server cannot be resource-demanding. A slow server executing critical tasks is as good as a dead one for all that matters. Any plugin of this sort would have to make use of the very minimal resources.

Single Sign-on and Active Directory Integration active directory,active directory over sdwan,active directory helpdesk integration,single sign on active directory integration software,next generation active directory

Updated information is pivotal

The information that such plugins handle is not only critical to protect against unwanted access, but must also be immediately updated. This is specially relevant for related security-services, since outdated information might be a security breach.

Understanding Active Directory Integration

UEBA, user-based security policies, anomaly detection, XDR, NTA… All these are features, functionalities and techniques that have come out into the market in recent years. They provide great value to corporate clients, and have allowed system managers monitoring capabilities and control over the network much greater than decades past. But all these technologies have one thing in common. They require user-based monitoring and actions to work.

 And that´s precisely the problem. Users are no longer attached to a single IP or workstation. Nowadays workers can jump from their computer to their laptop, send a videocall meeting to their phones while it´s taking place, connect to their offices through their Ipads, use secondary lines if the main ones are clogged….

The number of devices and ways that users have available for them to jump into internet are countless. Even some IP that has been used by one user can be used by another later. So, how to control what each user is doing?

 That´s where Active Directory comes along. Within a network´s organization, it´s these servers that held key information of what user is having which IP at what time. So having reliable access to this information is key for bringing all these features into the table.

 Any organization that wants to offer these services to its clients will thus have to have a way of properly accessing and update this information in real time without impacting the overall working of their clients. And that´s exactly what Teldat´s Active Directory Plugin brings into the table. 

Active directory integration understanding Teldat

Solution & Teldat Active Directory Integration Products

The background

In Teldat, we have recently updated our networking portfolio with multiple software products such as be.Safe XDR, be.Safe, SDWAN, … When interacting with our clients, we realized that the market slowly but steadily was showing the necessity of no longer speak about IPs, but instead talking about Users. When establishing a security policy in be.Safe, clients wanted to associate a security policy to a user, not an IP. When using be.Safe XDR for monitoring purposes, corporate networking personell was not interested in what IP had generated what traffic, but what user.

 It is for this very reason that we looked into developing a solution that, integrated with all these services, could bring added value to our clients at the same time as it minimized the impact that each of these services had on the Active Directory servers.

Active Directory background Teldat

Single source of information

Single source of information active directory Teldat

bWhen managing multiple networking products, here in Teldat we have seen the necessity of providing a single plugin for all of them. It is not viable that our clients, while adquiring multiple networking products, need to install different plugins for each of them. Thus, the solution that we have adopted can be used for any of our portfolio solutions.

No matter for be.Safe XDR, SDWAN, be.Safe, … All of them can integrate with the single Active Directory plugin. By having a single source of truth, all products will act as one, bringin to our corporate clients a simplified and unified solution ecosystem for extracting the maximum value of their network capabilities.

Light, Safe and seamless

Our Active Directory plugin has been developed with the fundamental characteristics that these plugins require. It is a light service that our clients can install in their AD Servers, and with minimal use of resources, can provide service to an unlimited number of associated products.

 In order to ensure the security of the server, our plugin does not respond to any incoming petitions from any unauthorized IP. The needed information, and only the strictly necessary one, gets updated into an external microservice, which later our NTA, be.Safe or any other´s Teldat´s product can consume for the requested functionalities. This allows us to provide a fast, scalable and secure service to our clients without the need to impact their infrastructure directly, or any extra configuration of what they already have.

AD servers active directory Teldat

Security through integration

Security through active directory Teldat

Attacks and impersonations can occur in a matter of seconds. The timespan between a compromised user and the reaction inside the network can determine the difference between a secure and a compromised organization. It is for this very reason that here in Teldat we have prioritized both a fast and reliable update of the information as well as the capacity to fully bring security into every level of the organizational organigram.

 Through our reactive network, our proprietary AI can monitor user behavior and, when an anomaly or a compromised user is detected, through our plugin we can modify permissions and access rules inside the AD server, isolating and containing the possible thread from spreading within the network.

Use Cases

Access policies in hybrid networks use case by Teldat

Per-user resource access policies in hybrid networks

Assignment of customized per-user policies for access to resources in software-defined networks.

Network by connected users use case by Teldat

Network usage by connected users

Customized network resource usage reports per user.

Control and visibility overs applications use case by Teldat

Control and visibility over applications

A company uses MPLS and VPN connections to access corporate servers and wants to increase access control and gain more information on the use of its applications.

Per-user resource access policies in hybrid networks

Assignment of customized per-user policies for access to resources in software-defined networks.

Challenge

Nowadays, the concept of network use is changing. Before, networks routinely connected IP addresses with other IP addresses, and now it’s a matter of connecting users with resources, regardless of where each interconnected element is, and all from multiple types of devices. But managing resource access for lots of users, each with different permissions, is complicated. Each department must have a delimited scope of action and each employee can only have access to the platforms or services defined in the corporate regulations.

Solution

Per-user resource access policies use case Teldat

Thanks to SDWAN solutions, it is possible to manage multiple resource access policies, hybrid connection environments, teleworking, remote access, etc. With these solutions, any user can access corporate resources from anywhere.

Through integration with Active Directory, each user’s resource access policies can be customized regardless of the device they are using, or if they are using several at the same time, since even if the IP address changes, the platform synchronizes with the Directory and automatically updates the rules.

 

Why Teldat?

Thanks to integration with Active Directory, Teldat’s be.SDWAN solution offers the ability to manage policies per user, making user mobility within the network more flexible and automating the process.

Network usage by connected users

Customized network resource usage reports per user.

Challenge

In order to accurately estimate network size, administrators need to know how users are using it. Checking that allowed accesses are being complied with and that users are not trying to access other departments’ resources or unauthorized devices (generating alerts in case of an attempt) is also necessary.

Solution

Network to connect users use case Teldat

In NTA solutions, it is possible to view the amount of traffic that each device generates and, more importantly, the amount of traffic that each user generates, since they can be connected from anywhere in the network, both corporate and external.

This is achieved through integration with Active Directory, uniquely identifying each user regardless of which network they are connected to or the number and type of devices they are using to connect. In this way, all the operations performed on the network can be traced exactly, allowing forensic analysis to estimate the size of the network or prevent security breaches due to unauthorized access.

 

 

Why Teldat?

Thanks to integration with Active Directory, Teldat’s be.Safe XDR solution establishes a unique identification per user, making user mobility in the network more flexible and automating the process.

Control and visibility over applications

A company uses MPLS and VPN connections to access corporate servers and wants to increase access control and gain more information on the use of its applications.

Challenge

As the company uses MPLS connections from branch offices and VPN clients for remote workers, it cannot grant granular access permissions to applications according to user or device type. It also lacks a visualization tool to show the network and resource consumption by each user or how these are being accessed. Consequently, estimating the size of network access and server capacity is a difficult task for the IT team.

Solution

Control and visibility active directory use case Teldat

With Teldat’s security solutions, it is possible to control access to all corporate applications and access to the Internet and SaaS platforms in a personalized and granular way thanks to their integration with active directory and SSO tools.

Both access from branch offices and access from remote connections can be controlled.

In addition, Teldat’s visibility solutions provide all the information necessary to understand how resources are accessed and by whom, and thus obtain information on possible attempts to violate rules by devices that may have been hacked.

Why Teldat?

Teldat’s be.Safe and be.Safe XDR solutions offer secure and reliable access, with customized Dashboards to display information in graphical format and generate polices and reports based on specific users thanks to their integration with Active Directory.

Read our latest Blog Posts