Introduction
Cayosoft Inc. is a global software vendor that develops products to help organizations manage and protect their Microsoft infrastructure, as well as adopting a modern cloud infrastructure.
Two of its main products are Cayosoft Administrator, a powerful and complete management solution for Active Directory (AD) on-premises, in Azure, and/or hybrid, and Cayosoft Guardian, which we will cover in this review (v1.2.2, released on May 19, 2020). Guardian is a new product from Cayosoft that aims at protecting and recovering Active Directory data, be that on-premises, Azure, or hybrid. It monitors all directory changes so that administrators can quickly see, understand, and rollback mistakes or malicious changes across their directory. When rollback is needed, Guardian provides an automated recovery plan that does not involve incomplete or time-consuming backup files.
Why would we need Guardian?
Most AD, Exchange, or Azure/Office 365 administrators have faced at least one case where they had to restore one or more objects such as a user account or a group for example. This can be an easy task, or it can easily be a nightmare for several reasons. Let us consider the following:
- Microsoft will not restore your directory data. If you have to restore something, you have to know how to it yourself (if it is even possible).
- The AD Recycle Bin only protects against deletions. But what about those cases where an admin makes a change by accident? It is not as bad if it is one or two objects and we know which ones and what changes were made, but what if it is hundreds of objects? What if the Recycle Bin feature is not even enabled?
- Not all object types are protected. For example, Azure AD Recycle Bin was primarily designed to protect user objects. It will also protect Office 365 groups (aka unified groups), but it does not offer any protection for distribution or security groups! If one of these gets deleted, that is the end of it.
- What happens if an attacker, or rogue administrator, disables the Office 365 unified log and makes changes? How will other admins know what was changed and roll back those changes?
- Organizations can make use of a Security Information and Event Management (SIEM) solution to centralize and secure all audit logs, but these don’t make rolling back changes much easier.
Key features
Guardian has several key features that distinguish it from the competition:
- It continuously monitors the directory and records any changes made in the on-premises and Azure AD;
- It makes it extremely easy to find a particular change and roll it back immediately, while other tools typically rely on backup files. Additionally, it proactively identifies and alerts critical changes, plus users can create additional alerts;
- It goes beyond Microsoft’s Recycle Bin. Guardian allows admins to restore what native tools cannot, such as groups, changes to an object’s attributes, Office 365 licenses, hard-deleted objects, and more;
- It provides a single solution for any scenario, on-premises, cloud, or hybrid, by centralizing and continuously recording all directory changes;
- Quick recovery. The key to minimize outages and reduce end-user downtime is the ability to roll back the change(s) that caused the outage in the first place, and Guardian provides immediate rollback without wasting time searching dozens of backup or log files;
- It supports multi-tenant and multi-forest environments. After all, not every organization runs a single tenant/forest, so Guardian makes it easy to protect multiple environments from a single console.
Requirements and installation
The requirements for Guardian are simple. In terms of hardware, we need a physical or virtual server, or a pre-built Azure VM, with a 2GHz or higher Intel-compatible dual/quad-core CPU, at least 8GB of RAM (32GB or more recommended for environments with over 100k users), and at least 180GB of storage.
In regards to software, Guardian runs on Windows 10 or Windows Server 2016 and above. Additionally, we need Google Chrome, Mozilla Firefox, or Microsoft Edge based on Chromium. As its database, Guardian uses Microsoft SQL Local DB engine (included), with support for SQL Server coming soon.