Government agency improves security and CUSTOMER PROFILE productivity North Central Texas Council of Governments gains real-time control over changes across its hybrid IT environment with Platform Management solutions from Quest. Company North Central Texas Council of Governments Industry Government Country Employees 400 Website nctcog.org

BUSINESS NEED The North Central Texas Council of Governments had no ability to audit AD changes and file system auditing was available only after nightly processing by a third-party solution, which limited their ability to respond to audit requests and incidents in a timely manner.

SOLUTION With Change Auditor solutions for AD, Windows file servers and EMC, NCTCOG now has the comprehensive real-time auditing they need. Alerts enable quick response to critical events, scheduled reports facilitate regular review by business owners and the integrated IT Security Search streamlines investigations. The organization has now also invested in Change Auditor modules for SharePoint and SQL, as well as Enterprise Reporter and Security Explorer.

BENEFITS • Delivers real-time auditing, reporting “With our previous solution, if a folder came up missing, and alerting across the environment • Streamlines incident investigations it'd be the next day before I could report and say with integrated cross-system search what happened to it. Now, with Change Auditor, I • Delivers far more functionality for the can immediately tell what happened to the folder. If same price as the previous solution someone accidentally moved it, we can direct them SOLUTIONS AT A GLANCE to move it back or just quickly do it for them.” • Microsoft Platform Management

Brett Ogletree, Information Security Officer, North Central Texas Council of Governments To operate efficiently, government agencies require technology just as much as SMBs and large enterprises do, and they usually run just as lean when it comes to IT staffing. The North Central Texas Council of Governments (NCTCOG), for instance, relies heav- ily on not just technology basics like email and voice over IP (VoIP) systems, but also specialized systems such as geographic - mation systems, document management systems and roadway modeling applications. To automate change monitoring and speed security investigations, NCTCOG’s IT security team relies on a suite of Windows management solutions from Quest.

RISK SKYROCKETS WHEN YOU explains Brett Ogletree, information LACK REAL-TIME INSIGHT INTO security officer at North Central Texas “Change Auditor AD AND FILE SYSTEMS Council of Governments. “For instance, if someone deleted an account or changed The North Central Texas Council of a Group Policy object, we didn’t have any not only improves Governments is a voluntary association of way to determine who was responsible 16 counties and numerous cities, school and whether it was accidental or deliber- security, it also makes districts and special districts in and ate. We simply had to hope that people around Dallas and Fort Worth. NCTCOG the business more would be honest with us about what help its members plan for common needs, they had done.” productive — and recognize regional opportunities and eliminate unnecessary duplication. For And that was just part of the problem. IT saves me a lot of time example, its Transportation department teams need real-time auditing of their file as well. It’s hard to put partners with local governmental entities systems as well as AD. If an important file to prioritize roadway projects and allocate is modified or deleted, for instance, they a monetary value on funding according to those priorities; the need to be able to quickly determine Workforce department offers training who made the change — and what other that functionality; it’s opportunities and facilitates access to resources on the network they had access childcare services; and other depart- to. While the IT team at NCTCOG had invaluable.” ments engage is similar partnerships for more visibility into its file servers than they regional benefit. did into AD, it was not nearly enough. Brett Ogletree, Information Security NCTCOG’s IT teams are acutely aware that Officer, North Central Texas Council of (AD) is essential to both Governments the security and availability of all these applications because it stores crucial PRODUCTS & SERVICES information about users, groups and permissions. A single improper change to a group’s permissions could leave all Change Auditor for members of that group unable to access Active Directory critical resources, crippling important Change Auditor for EMC business processes. Even worse, it could enable everyone in the group to access Change Auditor for SharePoint sensitive data they should never see, putting the organization at risk of both Change Auditor for SQL Server security breaches and compliance failures. Change Auditor for Unfortunately, that was exactly the situ- Windows File Servers ation facing the organization a few years Enterprise Reporter Suite ago. “We had no way of knowing what was happening in our Active Directory,” Security Explorer

2 “We're getting a “Initially, we tried using native tools to headache of native tools. IT teams can roll determine who was making changes on back unauthorized or otherwise improper multitude of products the file system, and it was just unwieldy; changes with the click of a button, and we had to do a lot of work to try to ascer- even proactively prevent changes to from Quest for tain what happened,” recalls Ogletree. “So their most important AD objects, such we purchased a solution that could tell us as specific organizational units (OUs) or the same annual who modified or deleted a file, as well as Group Policy objects (GPOs). what a particular user or group of users maintenance cost we had access to on the network.” The solution was such a success that NCTCOG decided to look into its sister were paying for our However, that information was up to 24 applications for file auditing: Change hours old, which limited its usefulness. Auditor for Windows File Servers and previous solution.” “The tool did not provide us with real-time Change Auditor for EMC. In particular, file server auditing; rather, it would crawl the organization needed to get the same Brett Ogletree, Information Security through our file servers each night on real-time insight into its file systems that it Officer, North Central Texas Council of schedule, interrogating them for important was now getting for AD — something their Governments data, so our information was always out of current solution simply could not deliver. date,” Ogletree adds. “For example, if a Since they already had the infrastructure request came in at noon one day asking for Change Auditor for Active Directory what happened to a missing folder, I was installed, deploying the two additional not able to answer that question until applications for evaluation could not the following morning. That could result have been easier; all they had to do was in productivity losses and also put file deploy a trial key. system security at risk.” With Change Auditor for Windows File COMPREHENSIVE REAL-TIME Servers and Change Auditor for EMC, AUDITING FROM QUEST the IT team now has real-time tracking, auditing, reporting and alerting on all The IT team at NCTCOG decided to changes to their files and folders, so tackle the lack of AD auditing first. After they can respond promptly to security carefully reviewing several solutions, they threats, availability issues and requests chose Quest® Change Auditor for Active from users. Moreover, Change Auditor Directory. The solution tracks all changes delivers all the “who, what, when, where to AD in real time, enabling users to and originating workstation” details, along quickly and easily detect potential insider with the original and current values, which attacks as well as accidental modifications are essential for fast troubleshooting. Plus, that could threaten security or business it can protect critical files and folders from continuity, all without the complexity and

3 being modified or accidentally deleted in accidentally moved it, we can direct them the first place. to move it back or just quickly do it for them. If the folder was deleted, in the past, In addition to the functionality advantages, we would have to order tapes from off site, switching to Quest solutions offered two wait until they were delivered and then go additional benefits. First, consolidating through the restoration process. Now we on the Change Auditor family of solutions can restore the folder immediately.” simplified maintenance and operations. Second, it delivered far more value. “By Reports can even be generated and packaging everything we needed from delivered automatically to stakeholders. Quest, we got more bang for our buck,” This scheduled reporting facilitates regular Ogletree says. “We’re getting a multitude review of changes to data and systems of products from Quest for the same by the respective business owners, which annual maintenance cost we were paying helps ensure that errant changes are for our previous solution.” detected promptly. “I’ve set up some reports that show what changes are made REAL-TIME ALERTS ENABLE to a specific area of the file system, and QUICK RESPONSE TO THREATS they are delivered to the data owner on a weekly basis,” says Ogletree. “For With the Change Auditor applications example, a certain department might in place, the IT team at NCTCOG now have a set of files that they don’t touch knows about critical changes immediately, every day. Before we had Change Auditor, “If high-severity events instead of up to a day later. “If high-sever- they might have discovered one day that ity events occur, Change Auditor alerts us several of those files had been modified occur, Change Auditor by email, so we can determine whether or had gone missing, and then they would the change was made properly through alerts us by email, so have to come to me to help them recreate our change management process or is what happened on the system since they we can can determine a malicious act by a hacker,” explains last used the files. With Change Auditor, Ogletree. “For example, we use Change they can review what’s happening with whether the change was Auditor for Active Directory to alert on their files on a weekly basis, instead of changes to the membership of specific made properly through stumbling upon problems later.” sensitive groups, such as groups that our change management handle protected healthcare information.” Plus, all the Change Auditor applications, as well as several other Quest Windows process or is a malicious Change Auditor provides similar real- management solutions, come with a time alerting for NCTCOG’s file systems. act by a hacker.” powerful interactive search engine: IT “We’ve got managers who want to Security Search correlates disparate IT be alerted if their secure folders are Brett Ogletree, Information Security data from numerous systems and devices accessed by an unauthorized person,” Officer, North Central Texas Council of into a single console to speed security Ogletree says. “The previous solution Governments incident response and forensic analysis. couldn’t do that. But now we can simply set up those alerts and then sit back and let Change Auditor automatically monitor EXPANDING VISIBILITY for the suspicious activity.” ACROSS THE ENTERPRISE Having real-time insight into Active STREAMLINING INCIDENT Directory and file systems benefits INVESTIGATION NCTCOG in multiple ways. “Change Auditor not only improves security, it also NCTCOG gets further insight into suspi- makes the business more productive — cious changes and other user behavior and saves me a lot of time as well,” notes with Change Auditor’s flexible, compre- Ogletree. “It’s hard to put a monetary hensive reporting. “We can easily do value on that functionality; it’s invaluable.” forensics on incidents — go back and see NCTCOG's success with the Change exactly what happened on the system,” Auditor solutions for auditing Active Ogletree explains. “For example, with Directory, Windows file servers and EMC our previous solution, if a folder came provided justification for adding two addi- up missing, it’d be the next day before I tional Change Auditor applications to their could say what happened to it. Now, with licensing: Change Auditor for SQL Server Change Auditor, I can immediately tell and Change Auditor for SharePoint. what happened to the folder. If someone

4 “We appreciate the increased visibility we across their Microsoft platforms from a have into our AD, EMC and file servers, single console. and we knew it would be great to have the same visibility into SharePoint and READY FOR THE CLOUD SQL Server,” Ogletree says. “For example, As NCTCOG grows and expands its IT monitoring schema changes environment to the cloud, it will get even and other modifications within our SQL more value from its Quest solutions. For Server environment will help us keep example, Change Auditor for Active those systems up and running, and the Directory audits Azure Active Directory — “Before, it was hard to data in them secure.” ensuring that changes to cloud-only answer questions like, The organization recently adopted objects and attributes are tracked and Enterprise Reporter Suite as well. Its alerted on. Similarly, Change Auditor ‘who has a database comprehensive access assessments and for SharePoint supports SharePoint owner (DBO) role on any built-in reporting provide deep visibility Online and OneDrive for Business, into users, groups, permissions and other and Enterprise Reporter covers Azure of the dozen or so SQL Active Directory, Exchange Online and configurations across the Microsoft envi- servers we have?’ We ronment. “Before, it was hard to answer OneDrive for Business. questions like, ‘who has a database owner would have had to look at (DBO) role on any of the dozen or so ABOUT QUEST SQL servers we have?’ We would have At Quest, our purpose is to solve complex each server individually. had to look at each server individually,” problems with simple solutions. We With Enterprise Reporter, notes Ogletree. “With Enterprise Reporter, accomplish this with a philosophy focused we’ll be able to answer questions like on great products, great service and we’ll be able to answer that easily.” Plus, with their investment in an overall goal of being simple to do the Enterprise Reporter Suite, NCTCOG business with. Our vision is to deliver tech- questions like that easily.” now has the full functionality of Security nology that eliminates the need to choose Explorer, which offers a combination of between efficiency and effectiveness, Brett Ogletree, Information Security reporting and remediation capabilities which means you and your organization Officer, North Central Texas Council of that enable IT teams to manage access can spend less time on IT administration Governments controls, permissions and security and more time on business innovation.

View more case studies at Quest.com/Customer-Stories

Quest and the Quest logo are trademarks and registered trademarks of Quest Software Inc. For a complete list of Quest marks, visit www.quest.com/legal/trademark-information.aspx. All other trademarks are property of their 5 respective owners. © 2018 Quest Software Inc. ALL RIGHTS RESERVED. CaseStudy-NCTCOG-US-GM-34291