Detect fraud and malicious activity

Receiving high confidence results in detecting fraud and malicious activity by running Splunk’s AI and unsupervised machine learning algorithms on LT Auditor+ user activity combined with data from other sources (e.g. smart cards, telephony, CRM, facility access, accounting, HR, etc.). Bad or missing data = Bad decisions; Good and complete data = Good decisions

Save time and Optimize resources

Not processing the raw, noisy, duplicate, uncorrelated windows event logs.

Reduce Cost

Unmanaged sprawl of data files, over time, costs organizations in acquiring large storage and archiving solutions, wasted time for employees searching for information, and causes performance degradation across the system.

Reduce Compliance Risk

Unmanaged data files increase compliance risks since access control and data classification becomes onerous and cumbersome due to the sheer size and volume of data collected in organizations.

Business Challenges faced By System Admins

Solution: Superior Visibility into User Behavior Contact Us

No visibility

Network administrators need visibility into critical actions around creates, renames, moves and modifications on file shares. For example, a single rename operation creates over 100 Event Id 4656 entries into the event logs. Even after analyzing, parsing and correlating these entries a rename operation cannot be detected. Similarly, creates, moves and modifications generate noise but cannot be detected.

SOLUTION

LT Auditor+ App for Splunk, through a single pane, provides unparalleled visibility into user behavior and actions detailing file events (open, close, create, delete, rename, modify, ownership change, permission change, user name, IP Address and timestamp) to easily detect unauthorized access of sensitive and confidential information.

Insufficient details

Network administrators need details of modifications to Group Policies (GPO) to deduce whether system configuration changes are malicious or unintentional. Windows event logs only provide the GPO GUID that was modified (e.g. 31B2F340-016D-11D2-945F-00C04FB984F9). Details on changes to policies for Account Lockout, Administrative Templates, Audit, Password, Security Options, Registry Settings, Restrictive Groups, User Rights, and others are not available.

SOLUTION

Details of modifications containing before and after values made to GPO objects and attributes are embedded in correlated, de-duplicated, indexed LT Auditor+ audit events ingested by LT Auditor+ App for Splunk. Network administrators are armed with details necessary to deduce malicious or unintentional system configuration changes.

Inability to verify

Detection of the precise source from where the user performed an action is required to verify whether credentials have been shared, or if someone else is masquerading as the user. None of the Windows events, other than authentication events, record the network source address (IP address)

SOLUTION

Detection of the precise source (IP address) from where the user performed an action is embedded in correlated, de-duplicated, indexed LT Auditor+ audit events ingested by LT Auditor+ App for Splunk. Network administrators are armed with details necessary to verify whether a user has performed an action, or determine if credentials have been shared, or if someone else is masquerading as the user.

Detect Ransomware

Ransomware attacks are characterized by renaming or modifying a very large number of files at the same time, by the same user from the same IP address. Details on file renames or modification events are not available in the Windows event logs, making detection of ransomware attacks impossible.

SOLUTION

LT Auditor+ App for Splunk detects and alerts network administrators to ransomware attacks and identifies the origin inside the network by rapidly correlating details of file events (open, close, create, delete, rename, modify, ownership change, permission change, user name, IP Address and timestamp).

Data Exfiltration

Early detection of data exfiltration attempts is not possible through Windows event logs. Data thieves copy information in mass and clear event logs to remove all traces. Forensics is tedious and cumbersome, requires expertise, and costly.

SOLUTION

LT Auditor+ App for Splunk quickly detects data exfiltration attempts and eliminates tedious and cumbersome forensic activities. Network administrators are alerted in real time to bulk copy actions and clearing of event logs.

Missing Data

Detecting missing or lost data is not possible through Windows event logs. Users often lose folders and files by accidentally dragging and dropping them to an unintended location. Finding and locating these missing folders is time consuming and tedious.

SOLUTION

LT Auditor+ App for Splunk eliminates the time consuming and tedious nature of detecting missing or lost data. Visibility into user actions and behaviors, via a single pane, is delivered for all file and folder activities by users, source network nodes, servers and operations.

Reduce Costs

Unmanaged sprawl of data files, over time, costs organizations in acquiring large storage and archiving solutions, wasted time for employees searching for information, and causes performance degradation across the system.

SOLUTION

Discovering stale files (files that have not been accessed or modified over a long period of time) to reclaim costly storage space by scanning petabytes of files and folders is made possible by processing the file system metadata with LT Auditor+ App for Splunk. LT Auditor+ App for Splunk can quickly categorize millions of files by last accessed or last modified date, enabling clean up actions to move stale files to alternative and cheaper storage.

Compliance

Unmanaged data files increase compliance risks since access control and data classification becomes onerous and cumbersome due to the sheer size and volume of data collected in organizations.

SOLUTION

LT Auditor+ App for Splunk quickly organizes information to identify permissions assigned to files and folders to improve information governance and enable actions to comply with principals of least privilege by reducing user access.

HELP Frequently asked questions

LT Auditor+ Express Installation

Installation of LT Auditor+ App for Splunk on Single Instance of Splunk Enterprise

Active Directory Dashboard

  • Coming Soon...

Group Policy Dashboard

  • Coming Soon...

Logon Server Dashboard

  • Coming Soon...

Files/Folders Dashboard

  • Coming Soon...

Suspicious Activity Dashboards

  • Coming Soon...

Best Practice Dashboards

  • Coming Soon...

Solution: Superior Visibility into User BehaviorContact Us

Contact us