Reporting tool for active directory and NTFS security auditing

kj_syence
kj_syence used Ask the Experts™
on
I'm looking for an all-in-one tool that can report on our Active Directory and NTFS structure from a security standpoint. The organization I work for is preparing to be audited by HIPAA and are looking for a paid solution that can help us get ready.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Systems Admin
Top Expert 2010
Commented:
Nessus: http://www.tenable.com/products/nessus
Retina: http://www.beyondtrust.com/

Those are the two big vulnerability baseline programs that are available. They can go through your servers and check against a database of existing vulnerabilities so you can either address or document them for HIPAA. There are some other free tools you might want to use like DumpSec: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28373896.html which will export ACL and User information.

Those should give you enough to have the information you need to prepare for HIPAA. It should be noted, though, that HIPAA controls care more about encryption and data security than they do network vulnerabilities. Vulnerabilities are a part of it, but you'll get dinged a lot harder if you aren't ensuring encryption of PII data if it leaves your environment.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial