top of page
Image by Kelly Sikkema

Stay on top with real-time monitoring of critical AD groups

setup, automate and get notified about any suspicious modifications to your critical AD & AAD groups 
ADEMA

Make sure your highly sensitive AD groups are adequately monitored

Some Active Directory groups have highly sensitive accesses, which means they bring significant security risks, but it also means strong additional controls should be put in place to make sure no parallel process are used to change AD group memberships out of IAM control. This is of primary importance for well-known native AD groups like “Domain Admins” or “DnsAdmins”, but also for groups consumed by critical business applications or highly sensitive IT systems like PAM, VPNs and more.   

With ADEMA, You can monitor your critical AD groups in real-time. You can easily configure ADEMA for the AD groups you want to put under supervision and for the events you want to be notified for as, for example, “new member”, “new nested group”, “changed OU” … 

For a “new member” event, ADEMA is even smart enough to compare with known (legitimate) AD group memberships as registered in NetIQ IDM. When a suspicious change is detected an email alert is sent to designated email addresses, for example to both the IAM and security teams. 

ADEMA guarantees you that any abnormal group change operated by any user, any malware or any process is detected & reported

Monitor changes

for each AD group or critical business application

Detect anomalies

based on your own priorities and preferences

Alert security teams

whenever a suspicious change is detected

Setting up ADEMA to silently monitor your AD groups is fast and easy! 

ADEMA comes as an add-on driver to install on the NetIQ IDM platform. You can either self-add ADEMA to your existing environment, without changing anything to your existing AD provisioning driver. Alternatively, you can set up ADEMA through a Windows server (preferably dedicated).

Once installed and configured ADEMA is silently monitoring your critical AD groups; it will notify/alert you for the selected events happening on these groups. By sitting next to AD and running on an independent platform, ADEMA guarantees you that any abnormal group change operated by any user, any malware or any process is detected & reported. 

ADEMA is also configurable to send alerts when it is “disabled”, intentionally or not, for example if ADEMA’s technical account is disabled on AD side, preventing ADEMA from operating as it should… 

bottom of page