Investigation breeze
Mar 15th, 2019 by Jesper Kråkhede
It is very interesting to see what happens when legal gets involved and starting reading paragraphs to the sourcing provider. Apparently we are now allowed to do more or less anything we want as long as we don´t make changes to service accounts or restart the servers.
We have just deployed Azure ATP at the premises to get some understanding what is happening with all the domain admin accounts. We have killed off all accounts that where personalised and currently we are running with just five accounts that are heavily monitored. It is amazing for my customer to see what the sourcing provider actually is doing and be able to monitor what they do according to the contract just be being able to capture where they logon compared to the tickets they receive.
Not to be frank but their service provider is most probably not up for renewal next year. Monitoring of accounts sure is valuable.