[MUSIC PLAYING] My name is Aaron Jackson. I'm a senior technical manager. I work for a large bio manufacturer. We do both research, development, and manufacturing of many different pharmaceutical drugs, as well as cancer treatment solutions. 
As we know, data is the most important thing to an organization, and nowadays, that information is digital. The only way to get to it is via identity, and so we have to safeguard that identity to make sure that it's the proper person with the proper credentials. And using the Quest solutions, we're able to track that, manage it, have those audits and those pieces of information to put together to meet our needs. 
Active Directory is probably the most critical application in our entire environment. It is truly a tier-zero solution. All of our accounts feed into Active Directory, and then from there, we fan out to all other services. So if we are down, all of our SaaS solutions are down. Solutions that are making the LDAP calls into our Active Directory are key critical. So if I'm out of service, my cloud solutions are out of service, my cloud applications, all of our on-prem, our manufacturing. So we are talking hundreds of millions of dollars of loss. 
So we've got to make sure that we protect Active Directory at all cost. Reliability, stability, recoverability, all those are important and more. We do need to protect this. This is truly the crown jewels of an organization and, as such, it needs to be treated correctly and funded correctly. 
And additionally, we have things like GPOAdmin is another function within Active Directory. It's an attack vector. It's attack point. We're able to control so GPOs can't be easily overwritten. 
So one of the things that we look at in our environment is we see GPOs can be exploited in our environment, and GPOAdmin allows us to solve that. We're able to close that attack vector. We're able to monitor those changes, prevent those changes. And then even when we make a mistake, as we all do by mis-setting a variable and pushing out via GPO, we can quickly revert that back. And so we feel that the products and solutions that we got from GPOAdmin helped solve all that. 
We find it really amazing that we have Change Auditor deployed in our environment. And not only is it auditing all the objects that we need to but it is protecting our environment because one of the great things is I've got protection on my dit. File. So I know if my dit file is being attempted to be lifted and looked at. We're monitoring for spray attacks so that as people try and attempt to hack those passwords at a slow process, we get detection. We alert our security teams. They begin doing investigation. 
We also monitor critical accounts and groups for unique modifications. So I think that's really kind of amazing because it's misleading. When you look at the name Change Auditor, you're expecting, oh, this is a postevent, and Quest is taking it a step further. They're actually getting in front of it and getting in real time before you have that issue or that problem. 
We find Active Roles to be a great benefit to our organization. It's really kind of interesting. Being a large company, we have support staff cycle in and out. And when they first come on board, they want to revert back to the old Microsoft MMC, try and do things natively. We don't allow that. We use Active Roles in front of our Active Directory acting like a firewall proxy system, for the most part. And we also limit the scope and what they can administer and manage. 
So it's great. They get in. They're focused. They only have the rights that they need, whether it's group manipulation within a certain section of Active Directory. They're focused just that. They're not seeing everything else. So that's a lot of savings for us because we don't have to worry about prying eyes going in the wrong area. 
For us, we know that the threat of ransomware is real. We are a target. We all are. The larger you get, the bigger your target gets on your back. Using the Quest DRE solution, we're able to know that we can recover our forest and everything, spin up in just a matter of minutes is a lot. We do that every six months, and it has proved invaluable. We haven't had to execute on it, but just that assurance that we can see it, we can play with it. 
I would say that the RMAD solution has saved us hundreds of hours a year because we can restore objects quickly, effectively. We have a very large environment, pushing well over 100 to 200 domain controllers, and knowing that it's done right is very important to us. Additionally, having that documented process helps, and the integration into Change Auditor is very important to us. 
We've done exercises where everything is scrambled for the accounts, recovering that system, restoring those passwords, resetting it. And so that is pretty amazing that the Quest folks have taken what they've learned, integrate it, and made it very simple and smooth to use. 
In some of our initial testing with the DRE and forced recovery, we have seen it take somewhere in the ballpark maybe 25, 30 minutes using the Quest solution. Whereas if we had to rely upon using the Microsoft solution, we're probably looking at closer to a week or more, and it's pretty intensive. So for us, that's a lot of cost savings. 
We engage with the Quest support teams, their leadership when we have questions or concerns, and they've been addressed every time, and so we feel very confident. Additionally, we find a lot of comfort that when we do encounter-- because everybody will encounter a major issue-- that their support is on call 24/7 to be with