Presidio enhances AD and server security monitoring with Log360

Business requirements

Presidio manages a distributed Active Directory and server landscape. Different teams operate domain controllers in multiple locations. For Brian Livan, system administrator, and his team, routine visibility into server activity and account behavior is essential.

The Presidio IT team's requirement was straightforward: they required a single platform that could collect logs from all servers, help them spot unusual activity, and support deeper investigations when issues surfaced.

As Livan put it, the Presidio IT team needed:

Day to day monitoring includes checking for unexpected file deletions, unusual login attempts, and any activity that stands out. When a potential security issue arises, they need reliable data to confirm what happened, who made a change, and when it occurred.

The solution: ManageEngine Log360

Log360 gave Presidio a unified console for collecting and reviewing logs across its AD and server environment. This solution became the team's daily monitoring tool and its investigation platform when something suspicious occurred.

Livan described a recent case where Log360 played a key role:

The IT team checks Log360 every day for anomalies such as deleted files, excessive login failures, or other unusual patterns. The solution supports both routine checks and deeper analysis when required.

Streamlined implementation and expert support

Presidio opted for Log360 onboarding services. Livan worked with Afshaan Ahmed from ManageEngine's OnboardPro team, and the experience was smooth and helpful. OnboardPro provides guided setup and expert assistance to help organizations configure Log360 correctly from day one.

In Livan's words:

A workaround for Presidio's decision to use a least-privileged service account instead of a domain admin account was needed, but support from Log360 onboarding team provided an easy resolution. The solution required coordination across many domain controllers managed by different teams. Livan noted that using a domain admin account would have been easier, but Presidio's least privilege policy was important to maintain. Even with this extra requirement, onboarding support from the Log360 team helped the Presidio IT team implement the correct configuration.

Livan recommended onboarding services for anyone who wants a quick and clear start:

Explore Log360's online demo

Outcomes and improvements

Log360 now supports Presidio's daily operational checks and its incident investigations. It has helped the IT team validate account changes, review suspicious activities, and maintain consistent visibility across the Presidio IT environment.

The IT team has not yet completed an audit cycle since adopting Log360, but expects this solution to be valuable once it is required.

Livan summed up his experience with the product:

When asked to describe the entire implementation experience in one word, he chose

Log360 has become a reliable part of Presidio's internal security operations, improving visibility, speeding investigations, and helping its IT teams maintain control across a distributed infrastructure.

About OnboardPro

OnboardPro is a ManageEngine service that provides solution implementation to clients upon request. This service includes the installation and customized configuration of ManageEngine solutions. It enables clients to seamlessly begin work without worrying about the complexities of product installation, deployment, and use. Every client environment is unique and requires additional support beyond the basic installation and standard features. With custom onboarding, clients have the option to engage a team of product experts to manage the installation, implementation, customization, and training based on their business needs. For more information, visit manageengine.com/onboarding/manageengine-onboardpro-iam-and-siem-professional-service.html.

About Log360

Log360 is a unified SIEM solution from ManageEngine with integrated DLP and CASB capabilities that detects, prioritizes, investigates, and responds to security threats. Vigil IQ, the solution's threat detection and incident response module, combines threat intelligence, an analytical Incident Workbench, ML-based anomaly detection, and rule-based attack detection techniques to detect sophisticated attacks. It provides an incident management console for effective remediation. With reengineered detection—including a centralized detection console, multi-mode rule creation, tuning insights, and object-level filters—Log360 elevates signal quality and reduces false positives. The solution provides holistic visibility across on-premises, cloud, and hybrid environments with intuitive security analytics and monitoring. For more information about Log360, visit manageengine.com/log-management and follow the LinkedIn page for regular updates.