Case Studies
True tales of customer success with Sentinel
At Sentinel, we build technology solutions to solve business needs. Maximize a customer's investment in technology, while building secure paths for the future. Resolve business issues to build competitive advantages. Learn more about how Sentinel projects yield positive results!
Sentinel Solves Active Directory Issue Using Splunk
Wed Jun 26, 2024
Environment
As an enterprise organization with hundreds of locations throughout the United States, the customer operates and manages an extensive number of IT environments. These primarily cloud-based environments include Microsoft Windows Server and related applications, as well as powerful communication, collaboration, and security solutions from Cisco and Splunk.
Challenge
While each of the customer’s 40,000+ user accounts had its own identity and access permissions based on role within the organization, they had no way to easily delineate between privileged and service accounts within Active Directory (AD). This created unnecessary complexity and notable security risks for the customer’s IT team, as due to their size and amount of activity it was exceptionally difficult to determine what users had accessed in the environment. Additionally, this configuration was not in alignment with regulatory requirements, which would result in serious consequences during their next SOX audit.
Solution
The Sentinel Consulting team conducted an assessment of the customer’s Active Directory instance to determine its operational state and develop the best possible solution to the issue based on their current environment and investments.
In collaboration with Sentinel’s Enterprise Applications team, the customer’s Splunk monitoring solution was used as a filter by aggregating and ingesting Windows Event Logs for successful logins from all servers. Splunk queries were then created to identify which were service accounts and which were privileged accounts, along with where they were being used. Sentinel consultants also provided the customer with guidance on proper event alerting to ensure the efficacy and accuracy of the logs and Splunk queries.Results
The creation of the Splunk queries significantly simplified identity and access permissions for the customer and their IT team. They are now able to easily differentiate between service and privileged accounts, which eliminates an implicit security risk and places them within SOX compliance should they be required to pass an audit. The customer expressed gratitude to Sentinel for enabling them to minimize a large portion of their operational complexity by taking full advantage of the Splunk solution already deployed in their environment.