1 Introduction
With the IT landscape changing from traditional network infrastructures with a perimeter protecting the internal systems to a more open and heterogeneous infrastructure, the focus of protecting sensitive corporate information has gradually shifted towards discovery and mitigation of threats, by both external and internal attackers. Reliable and comprehensive tools for managing and monitoring systems and analyzing the state and activities on these systems have become essential.
There are various levels such systems can operate. We find tools local to specific environments, both built-in and provided as add-on solutions. There are integrated capabilities offered by some of the cloud services for advanced analytics. There are SIEM (Security Information and Event Management) offerings, helping to collect and analyze information from a broad range of systems, offered as both tools and managed services. And there are products that help in managing a certain set of systems, bridging the gap between system-specific and built-in (native) solutions and the rather complex SIEM tools, that are targeted at enterprise-level solutions in larger organizations.
There are pros and cons for each of these approaches. Native tools are immediately available, without extra investment. However, they frequently fall short in functionality and are insufficient for the complex security challenges businesses are facing today. Integrated capabilities provided by cloud services also commonly are limited to that specific service, and only some of the cloud services provide mature and advanced integrated capabilities.
SIEM solutions, which have been positioned as the ideal solution for many years, are complex to implement and use. While managed service offerings might help in deploying SIEM solutions, these frequently are beyond what many organizations need. Furthermore, they are targeted at enterprise-level, cross-system deployments, leaving a gap for the use cases where administrators of a certain part of the IT infrastructure require specialized solutions with deep out-of-the-box integration into their system environment.
Common scenarios for specialized solutions that can manage certain parts of the environment include
- Solutions for managing Microsoft Active Directory, Windows file systems, and the related environments
- Solutions for managing Linux and Unix environments
- Solutions for managing enterprise business applications such as SAP
For the first group of solutions, there are two common scenarios. On one hand, there are the small to mid-market businesses in which such environments commonly form a major part of the IT infrastructure that is centered around Windows Servers. On the other hand, most larger organizations run a Windows infrastructure, with the administrator teams requiring specialized tools for the in-depth management of these.
While the requirements are changing, on-premise Microsoft Active Directory and Windows Servers are still widely deployed and used. While Microsoft 365 with Azure Active Directory and Office 365 is also used on broad scale, most organizations still are (and will remain) in a hybrid mode for long, thus requiring tools that help their teams managing these environments.
Cygna Labs is a provider of a set of such solutions. They recently acquired the former BeyondTrust PowerBroker Auditor product suite, which now is brought to market as part of the Cygna Auditor Platform. Cygna Labs has been founded by the team of people that developed the Blackbird Management Suite, which was acquired by BeyondTrust back in 2012 and formed the foundation for the BeyondTrust PowerBroker Auditor.