Upload
phil-glenn
View
47
Download
0
Embed Size (px)
Citation preview
netwrix.com | netwrix.com/social
Netwrix Auditor Сomplete visibility into who changed what, when and
where and who has access to what across the entire
IT infrastructure
We needed to comply with global auditing standards, and were instructed by our auditors to find a solution that met their exact requirements. Netwrix allowed us to monitor all critical aspects of our Microsoft environment, thus meeting the auditors’ strict requirements.
Netwrix Auditor enables complete visibility into both security configuration and data
access within the entire IT infrastructure by providing actionable audit data about
who did what, when and where and who has access to what. Netwrix Auditor helps
prevent security breaches caused by insider attacks, pass audits and minimize
compliance costs or just keep tabs on what privileged users are doing in the
environment and why.
Netwrix Auditor is the only platform that combines both security configuration
management and data access governance across the broadest variety of IT systems,
including Active Directory, Exchange, File Servers, SharePoint, SQL Server, VMware
and Windows Server. It also supports privileged user activity monitoring in other
systems, even if they do not produce logs, via user activity video recording with the
ability to search and replay.
“ Mervyn Govender, CIO, CreditEdge
Read the case study: netwrix.com/creditedge
01 Product Overview
Netwrix Auditor for Active Directory
Netwrix Auditor for File Servers Includes auditing of EMC and NetApp
Netwrix Auditor for SQL Server
Netwrix Auditor for Windows Server Includes auditing of Event Logs, Syslog, Cisco, IIS, DNS and more...
Netwrix Auditor for Exchange
Netwrix Auditor for SharePoint
Netwrix Auditor for VMware
02 Applications
Streamline Compliance
Strengthen Security
Optimize Operations
Implement and validate internal controls from a variety of regulatory compliance standards. Get easy access to reports required for passing PCI DSS, HIPAA, SOX, FISMA/NIST800-53, COBIT, ISO/IEC 27001 and other compliance audits. Keep complete audit trail archived for up to and beyond 10 years for later review and periodic checks by the auditors ensuring a quick access to audit data throughout the whole retention period.
Detect insider threats by auditing changes to user data, system configurations, permissions, group memberships and access attempts. Investigate security incidents and prevent breaches through analysis of structural changes, modifications of security settings or any specific secured content and access events to critical organizational resources. Overcome limitations of native auditing by filling gaps and reducing signal -to-noise ratio in audit data using AuditAssurance™ technology.
Automate time-consuming manual tasks associated with generating reports on what’s happening in your environment and who has permissions to what. Minimize system downtimes and service outages by troubleshooting issues caused by human error or incorrect changes to system configurations. Simplify root cause analysis by investigating event sequences and determining their underlying root causes. Unify auditing across the entire IT infrastructure eliminating the need for additional spend and staff trainings on multiple standalone products.
03 Benefits
Get high-level overview of employee activity across
your IT infrastructure with Enterprise Overview
Dashboards. See how often changes are made, which
users are making suspicious actions, which systems
are affected, and more.
Detect Suspicious Activity at Early Stages
Investigate Suspicious Activity
Whenever you detect a change that mismatches
your corporate security policy, use Interactive Search
to investigate why it happened and how to prevent
similar incidents from occurring.
Make sure that only the eligible employees in your
organization have access to confidential files by getting
a complete picture of the effective permissions for a
specific file or folder.
Control Permissions and Protect Sensitive Data
04 In Action: Strengthen Security
Find out who's trying to access sensitive files by
subscribing to daily reports. Whether it’s cardholder
data, medical records or financial statements, Netwrix
Auditor will show who tried to read or modify those
files, when and where.
Monitor File Access Attempts
See System Configurations at Any Point in Time State-in-time™ reports allow you to see configuration
settings at any point in time, for example – see group
memberships or password policies as they were
configured a year ago. With this type of information
you can ensure your systems are “locked down” and
less prone to risk.
In the event that an unauthorized or malicious change
does occur, you can revert the settings to a previous
state without any downtime or having to restore from
backup. This way you can quickly “turn back the clock”
on system changes that indicate a security threat.
Recover Broken System Configurations
05 In Action: Strengthen Security
Use alerts to notify yourself of unauthorized
configuration changes as they happen. Prevent
security breaches by knowing exactly when a critical
change occurs, for example – get notified of when
someone is added to the Enterprise Admins or Domain
Admins group.
Receive Alerts on Critical Changes
Detect the Undetectable
Maintain visibility of any system, even if it does not
produce any logs via user activity video recording
with ability to search and replay.
The two-tiered (file-based + SQL database)
AuditArchive™ storage allows you to keep actionable
audit data archived for historic e-discovery or security
investigations for more than 10 years.
Document and Store Audit Trail for Years
06 In Action: Strengthen Security
Document and Store Audit Trail for Years
The two-tiered (file-based + SQL database)
AuditArchive™ storage allows you to keep audit data
archived in a compressed format for more than 10
years. The data ca be easily accessed anytime.
When you need to prove to compliance auditors that
specific processes and controls are (and were always)
in place, prove it with data. Netwrix Auditor provides
out-of-the-box reports that are mapped toward
specific regulatory compliance standards, including
PCI DSS 3.0, HIPAA, SOX, FISMA/NIST800-53 and ISO/
IEC 27001.
Out-of-the-box Compliance Reports
Address Auditor’s Questions Faster
Quickly find answers to auditors’ questions like who
effected privilege elevation and what was changed in
the enterprise domain admins group a year ago.
What used to take weeks of your time now takes 5
minutes.
07 In Action: Streamline Compliance
See when a specific change was made, who made it
and what was changed with “before” and “after” values.
This type of information is available for every change in
Active Directory, Group Policy, Exchange, Files Servers,
SharePoint, SQL Server, VMware and Windows Server.
Simplify Reporting
There is no need to manually review countless event
logs or use PowerShell to generate reports on what’s
changing in your environment, who has permissions
to what, which users are inactive, whose passwords
are about to expire. Get access to over 150
predefined reports and dashboards with filtering,
grouping, sorting, export (PDF, XLS, etc.), email
subscriptions and much more.
Provide full access to actionable audit data to anyone
who needs it in your organization instead of dealing
with numerous report requests from different
departments.
Save Time on Report Delivery
08 In Action: Optimize Operations
In the event that an unauthorized change affecting
system availability does occur, you can quickly “turn
back the clock” and revert the settings to a previous
state without any downtime or having to restore from
backup.
Minimize System Downtimes
Focus on What’s Really Important
Use alerts to notify yourself of the most critical
system configuration changes as they happen.
Choose specific types of changes you want to be
alerted on, for example – set up alerts on changes to
the Enterprise Admins or Domain Admins group
members.
Identify the Root Cause and Troubleshoot Faster Utilize the meaningful and actionable data to
investigate the event sequences and determine their
underlying root causes. Having a single point of
access to the complete audit trail ensures a rapid
response to arising problems.
09 In Action: Optimize Operations
When we implemented Netwrix Auditor we got a very easy to use solution to tell us the who/what/when/where
details for all changes, easily saving us hours of investigative work tracking down who made a specific change. “ Netwrix Auditor helps with our security housekeeping. By using Netwrix solutions for tracking changes made
across IT systems, we’re able to get numerous reports that help us to quickly find out whether there were any
unauthorized access attempts of sensitive data, especially in the case of employees who do not have permission
for it. I cannot think of a better way to keep data safe and secure. “ Richard Staats, Member of the IT Team, VTM Group
10 Addressing Challenges of Your Department and Business
Jeff Salisbury, Director, Global IT Operations, Belkin International Inc.
IT Administrator
Generate and deliver audit and
compliance reports faster.
Investigate suspicious user activity
before it becomes a breach.
IT Manager
Take back control over your IT infrastructure and
eliminate stress of your next compliance audit.
Mitigate security risks and minimize
compliance costs. CIO/CISO
MSP Enable transparency of managed environments and
monetize on offering ‘Compliance as a Service’.
IT Security
Administrator
Change, Configuration and Access Auditing
Unified Auditing Platform
11 Features
Change auditing: detection, reporting and alerting on all configuration changes across
your entire IT infrastructure with Who, What, When, Where details and Before/After values.
Configuration assessment: state-in-time™ reports show configuration settings at present or
any moment in the past, such as group membership or password policy settings as they were
configured a year ago.
Access Auditing: monitoring and reporting of successful and failed access to systems and
data.
Privileged user activity monitoring in any IT system even if the logs are not produced via
user activity video recording with ability to search and replay.
Unified platform to audit the entire IT infrastructure from a single console as opposed to
multiple hard-to-integrate standalone tools from other vendors.
AuditAssurance™: automatically consolidates audit data from multiple independent sources. If
key details are missing from one source, the technology supplements the collected data with
details from another source which ensures accurate and error-free data.
AuditIntelligence™: transforms complex machine audit data into meaningful and actionable
changes.
AuditArchive™: keeps consolidated audit data for up to and beyond ten years in a scalable two
-tiered storage (file-based + SQL database) and ensures quick and easy access to it throughout
the whole retention period.
Delegated Access to Audit Data: Netwrix Auditor client can be installed on an unlimited
number of computers, providing full access to actionable intelligence.
Agentless or lightweight, non-intrusive agent-based modes of operation are supported.
Data Search, Predefined Reports, Alerts and Dashboards
SIEM, Rollback, FIM
Interactive search: Quickly sort through audit data and fine-tune search criteria until you
find the information you need. Export the results or create a custom report meeting your
specific requirements.
Over 150 predefined reports are included with filtering, grouping, sorting, exporting,
email subscriptions, drill-down, web access, granular permissions, and more.
Out-of-the-box compliance reports mapped toward specific regulatory compliance
standards, including PCI DSS 3.0, HIPAA, SOX, FISMA/NIST800-53 and ISO/IEC 27001.
Real-time alerts notify you about critical configuration changes, unauthorized
access to sensitive data, both failed and successful, as well as about other events that may turn
into security incidents.
Enterprise overview dashboards provide complete visibility into what is happening in
your IT infrastructure and allow drilling down to details on every change across all audited
systems. See how often changes are made, which users are making suspicious actions, which
systems are affected, and more.
Integration with SIEM: optionally forwards meaningful audit data into your existing SIEM,
leveraging existing processes, protecting technology investments and reducing console sprawl.
Event log management: "catchall" of non-change events in Windows logs and Syslog, such as
logon/logoff, account lockouts, etc.
Change rollback: Reverts unauthorized or malicious changes to a previous state without
any downtime or having to restore from backup.
File Integrity Monitoring (FIM) through tracking of changes to critical systems, files and
configurations.
12 Features
AWARDS All awards: netwrix.com/awards
Corporate Headquarters: 300 Spectrum Center Drive, Suite 820 Irvine, CA 92618
Phone: 1-949-407-5125 Toll-free: 888-638-9749 EMEA: +44 (0) 203-318-0261 netwrix.com/social
Copyright © Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or one or more of its subsidiaries and may be registered
in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.
Free Trial: setup in your own test environment netwrix.com/freetrial Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive Live Demo: product tour with Netwrix expert netwrix.com/livedemo Contact Sales to obtain more information netwrix.com/contactsales
Next Steps