JumpCloud Releases Directory Insights, a 360° View of User Access Activity

June 11, 2020 Off By David
Object Storage

JumpCloud, the world’s first Directory-as-a-Service, today announced the General Availability of its new premium feature, Directory Insights. JumpCloud Directory Insights gives system administrators, IT admins, and security operators a complete, centralized view of activity data detailing what users did, when, and from where when accessing corporate resources. Further, Directory Insights logs all user and admin changes to access, group membership, password changes, and more. This feature adds robust auditing capabilities to JumpCloud’s consolidated identity access control and device management platform. 

Leveraging Directory Insights’ full directory visibility, customers can use this data to audit, report on, and investigate all user and resource activity, providing a comprehensive view of a user’s access pattern. Directory Insights consolidates access and change-control data into one view of a user’s access pattern, eliminating the need to compile data from disparate log sources. Historically, IT admins needed to capture, normalize, and store log data from a wide range of solutions. Now, with one place to review all user data, IT admins can pinpoint security breaches, troubleshoot access problems, and ensure proper access rights.

“Having a concise and clear view of what an employee is accessing, when they accessed it, and now from locations outside an office’s protected domain, is incredibly hard for IT and security personnel,” said Greg Keller, CTO at JumpCloud. “To see a complete picture, often a cacophony of tools and solutions need to be cobbled together. Directory Insights provides the first, 360 degree view of employees’ access patterns across their applications, networks, servers, and endpoints, regardless of whether the resource is in the cloud or on-premises, helping our customers to remediate threats, and ensure compliance.”

“We’re thrilled with Directory Insights,” said Justin Price, IT manager at Chase International. “We can rest easy that we have a single pane of glass for identity access control and device management, and now full 360 degree audit and compliance visibility into our computers, networks, and applications.”

IT teams can use Directory Insights in the JumpCloud Admin Portal with its Activity Log UI, as well as via the API or the JumpCloud PowerShell module, eliminating the need for admins to manually search for, export, and integrate data across a number of different tools. 

Auditing Features:

  • Complete event logs and user action data for auditors to certify compliance with industry standards and procedures, including SOC2 and HIPAA
  • Event logs are accessible via Directory Insights’ Activity Log UI, which can be captured with screenshots or exported (JSON and CSV) and ingested into a SIEM or other tool, as well as demonstrated live to prove compliance standards
  • Enforcement for organizational data policies that require storing historical records over time, or expunging data for privacy

User Activity and Authentication Tracking Features:

  • Full visibility into what users did, when, and from where across JumpCloud’s directory authentication endpoints: SAML applications, LDAP resources, RADIUS networks, MDM commands, and Mac®/Windows®/Linux® authentications
  • Admin and user changes to access rights, group membership, passwords, and more are also logged
  • UI- and API-accessible logs with detailed event information, including search, and filtering capabilities

Directory Investigation Features:

  • Capability to analyze event trends and user behavior to spot anomalies and threats, including authentication attempts from unknown actions and locations
  • Search functionality for diagnosing problems that allows full review of a trail of events surrounding what happened before and after reported issues
  • Directory Insights API to extract logs and ingest the data into security monitoring and analytics tools

“Especially now, organizations of all sizes recognize the need for total visibility into user access activity,” said Mitchell Ashley, Accelerated Strategies CEO and managing analyst. “JumpCloud’s Directory Insights gives IT teams a panoramic view of directory and user access activity along with the flexibility to export that data to existing SIEMs, making auditing and generating compliance reports easy. Directory Insights adds one more critical layer of functionality to JumpCloud’s comprehensive platform.”

Availability:

Directory Insights is available for organizations now. JumpCloud customers get access to 90 days of Directory Insights events; JumpCloud free account users get access to the most recent 15 days of events.