You can’t complete a puzzle with missing pieces. Nor can IT teams get a full picture of user activity, resource access, and authentications without a trail of events to follow.
This view of events has been challenging for IT administrators to see and orient around in one central location. Historically, to collect all the data they wanted to use, companies needed to buy a bunch of different and disparate tools to put together their puzzle of who did what, when, from where, and how. Then, to complete the puzzle, admins had to sessionize this data in its different formats, then aggregate and manage it before being able to glean clear insights.
Organizations can say goodbye to those challenges and hello to their new solution: JumpCloud Directory Insights™, a rich directory event data feature that adds robust auditing capabilities to JumpCloud’s consolidated identity access control and device management platform.
Introducing Directory Insights
IT teams can leverage end-to-end visibility across JumpCloud directory services with the event data supplied by Directory Insights, available now and accessible via its Admin Console Activity Log, API, and JumpCloud PowerShell Module.
Directory Insights’ data is unique to JumpCloud’s Directory-as-a-Service: Directory Insights shows virtually all user access activity and changes to a user’s access rights and endpoint authentications as first party data. This includes SAML applications, LDAP resources, RADIUS networks, MDM commands, and Mac®/Windows®/Linux® authentications. No other tool or platform offers the same type or level of insights together in one console, which maximizes IT teams’ productivity by centralizing data and making it easy to filter, search, and save.
Organizations that use Directory Insights can utilize its data in a number of ways, including downloading logs as JSON or CSV, and exporting the data with the API or PowerShell Module into a SIEM or tool of choice for further security, analytics, and monitoring. JumpCloud customers get access to 90 days of Directory Insights events when purchased; JumpCloud free account users get access to their most recent 15 days of events.
This scope of insights, surfaced in a single platform, empowers IT teams of any size to secure user identities and seamlessly handle auditing, investigating potential security events, and tracking user and admins events in their environment.
Join fellow admins each week at JumpCloud Office Hours, and mark your calendar for June 26th’s event when we’ll be joined by Paul Nguyen, lead product manager for Directory Insights and System Insights™!
Audit for Compliance with End-to-End Event Logs
Seasonal audits can be a chore to prepare when logs are needed from a number of sources. Directory Insights’ centralized event logs make preparing for audits to meet compliance a much simpler process.
- Send comprehensive event logs to auditors to certify compliance with SOC2, GLBA, PCI, and HIPAA, among many others.
- Use Directory Insights’ Activity Log UI to document event logs with screenshots, or even demo live, to prove compliance.
- Secure chain of custody of logs within the JumpCloud platform.
- Adhere to organizational data policies that require storing records over time, or prove removal of data for privacy regulations such as GDPR.
Investigate and Remediate Security Incidents
Identity breaches are a primary culprit when companies are hacked and their data is compromised. Directory Insights’ data helps IT teams rapidly investigate and contain breaches, and ensure companies are operating with a world-class security posture in which the right people have the right access to the right resources.
- Analyze trends around user behavior and directory events to identify suspicious activities, like an authentication attempt from an unknown person.
- Filter and search data to resolve problems, and review complete logs of what happened before and after any event.
- Use the API to put your logs into a security monitoring or analytics tool of your choice.
Track Access & Events Across Every Endpoint
Directory Insights gives IT administrators, system admins, and security operators a full view of activity and authorization data, ensuring the appropriate access and provisioning is granted for active and dormant employees.
- Track user actions, when they happened, how, and from where across JumpCloud’s directory authentication endpoints.
- See admin and user changes to access rights, groups, passwords, and more events.
- Drill down using the UI- and API-accessible logs with robust event data that you can search and filter through.
Critical Insights in JumpCloud’s All-in-One Platform
Organizations can use Directory Insights data to audit, report, and secure employees’ identities. The feature consolidates access and change-control data into one place — the JumpCloud Admin Console — to look at user access patterns. From there, IT admins can pinpoint security breaches, troubleshoot access problems, and ensure proper access rights.
Accelerated Strategies CEO and Managing Analyst Mitchell Ashley has the final word: “Especially now, organizations of all sizes recognize the need for total visibility into user access activity. JumpCloud’s Directory Insights gives IT teams a panoramic view of directory and user access activity along with the flexibility to export that data to existing SIEMs, making auditing and generating compliance reports easy. Directory Insights adds one more critical layer of functionality to JumpCloud’s comprehensive platform.”
There’s no barrier to access your directory data: You can set up a free JumpCloud account to try out Directory Insights with up to 10 users and systems. If you’d like a demo, reach out to connect with a directory services expert.