[MUSIC PLAYING] Welcome. This is "Quest Unscripted."
A vlog series on trending topics--
--and Quest solutions related to Active Directory--
Oh, and don't forget Azure AD.
You are here because you have questions.
We're here because we have answers.
We will address questions we've received from customers--
--experiencing the same challenges as you.
All with the goal of helping you confidently move--
--and secure your Microsoft environment.
We call the show "Quest Unscripted" because--
--except for this intro--
--nothing we say is scripted or rehearsed.
And we're pretty sure you'll notice that right away.
I like your shirt-- BloodHound. We're going to talk about BloodHound. So I have a quick question for you? What's new in On Demand Audit as far as integration with BloodHound Enterprise?
So I think what's new is the fact that there is integration with BloodHound Enterprise. We added ability so you can sync BloodHound Enterprise with On Demand so ODA can gather all the tier zero assets if you've actually defined any of those within BHE.
So talking about it from a security standpoint, so we're basically looking at indications of compromise within On Demand Audit. Whereas the BloodHound Enterprise is looking at-- we define the tier zero and we're looking at indications of-- of exposure that it reports back stuff on. And that's the connection between both of them, correct?
Yeah. Because in reality the tier zero assets-- if there's a change to those, that's more important to know about than if John Doe had a group membership change from accounting. That's much different from [INAUDIBLE] wanted to get added into a group that was a nested member [INAUDIBLE] admins. You know, I need to know about that type of stuff right away. So it helps surface the most critical things. If you've gone through the time and effort to categorize all the tier zero servers, you want to see when people are actually doing behavior that's not adhering to tier zero principles.
How does that add value to me as someone who already uses Change Audit or-- slash On Demand Audit to audit the rest of my environment? Why is this of more value?
I think it's more of a matter of highlighting the most important assets you have out there. So let's think about Audit. There are certain stuff from a compliance perspective you have to audit. Change to be the admins group, schema admins, account operators. People have always had to do those to be able to pass an audit.
I think this is going above and beyond. This is looking at all different tier zero stuff, not stuff that is unique for-- or something that's unique for every environment. Your server name [INAUDIBLE] automatically categorize ADFS, Azure AD Connect, my AD backup tool into a tier zero stuff, we can automatically now see all the different changes that are happening to those different machines. When we get an alert when somebody gets asked to look administrator group on your AD backup server, you can start gathering that visibility. So I think it's taking it to the next step. Not just compliance, but real security.
Gotcha. So obviously as a customer, I would need to have BloodHound Enterprise, I would need to have on Demand Audit. What's the integration mechanism? What do I need to go-- which interface do I need to go to to get that connection going?
There's a step-by-step walkthrough in on Demand Audit. You'll see they have a user account and BloodHound Enterprise that you're signing the pairing to. And once we get that [INAUDIBLE] pairing, On Demand Audit will categorize all those different assets and will even stamp out that this is a tier zero thing so we can start treating them a little bit differently. It literally-- it took me three minutes to get this integration set. If you need help with it, I'm happy to help in the last one.
Well I appreciate it. I'll probably come back to you for help. And this is already out, correct? Anyone can go and take a look at it?
It's been out. If you already own On Demand Audit and you want to try out BloodHound Enterprise, let us know. We'll let you use it for a month. If you're already a BloodHound Enterprise customer and you don't have On Demand Audit, feel free to reach out to us. I think they pair up very well. Bloodhound Enterprise is great for identifying where you're exposed. [INAUDIBLE] Audit or On Demand Audit helps you identify when people are actually taking and traveling those different paths. So I think it's much more powerful together.
Yeah, absolutely. All right, I appreciate it. Thank you so much.