netwrix.com | netwrix.com/social

Netwrix Auditor Сomplete visibility into who changed what, when and

where and who has access to what across the entire

IT infrastructure

We needed to comply with global auditing standards, and were instructed by our auditors to find a solution that met their exact requirements. Netwrix allowed us to monitor all critical aspects of our Microsoft environment, thus meeting the auditors’ strict requirements.

Netwrix Auditor enables complete visibility into both security configuration and data

access within the entire IT infrastructure by providing actionable audit data about

who did what, when and where and who has access to what. Netwrix Auditor helps

prevent security breaches caused by insider attacks, pass audits and minimize

compliance costs or just keep tabs on what privileged users are doing in the

environment and why.

Netwrix Auditor is the only platform that combines both security configuration

management and data access governance across the broadest variety of IT systems,

including Active Directory, Exchange, File Servers, SharePoint, SQL Server, VMware

and Windows Server. It also supports privileged user activity monitoring in other

systems, even if they do not produce logs, via user activity video recording with the

ability to search and replay.

“ Mervyn Govender, CIO, CreditEdge

Read the case study: netwrix.com/creditedge

01 Product Overview

Netwrix Auditor for Active Directory

Netwrix Auditor for File Servers Includes auditing of EMC and NetApp

Netwrix Auditor for SQL Server

Netwrix Auditor for Windows Server Includes auditing of Event Logs, Syslog, Cisco, IIS, DNS and more...

Netwrix Auditor for Exchange

Netwrix Auditor for SharePoint

Netwrix Auditor for VMware

02 Applications

Streamline Compliance

Strengthen Security

Optimize Operations

Implement and validate internal controls from a variety of regulatory compliance standards. Get easy access to reports required for passing PCI DSS, HIPAA, SOX, FISMA/NIST800-53, COBIT, ISO/IEC 27001 and other compliance audits. Keep complete audit trail archived for up to and beyond 10 years for later review and periodic checks by the auditors ensuring a quick access to audit data throughout the whole retention period.

Detect insider threats by auditing changes to user data, system configurations, permissions, group memberships and access attempts. Investigate security incidents and prevent breaches through analysis of structural changes, modifications of security settings or any specific secured content and access events to critical organizational resources. Overcome limitations of native auditing by filling gaps and reducing signal -to-noise ratio in audit data using AuditAssurance™ technology.

Automate time-consuming manual tasks associated with generating reports on what’s happening in your environment and who has permissions to what. Minimize system downtimes and service outages by troubleshooting issues caused by human error or incorrect changes to system configurations. Simplify root cause analysis by investigating event sequences and determining their underlying root causes. Unify auditing across the entire IT infrastructure eliminating the need for additional spend and staff trainings on multiple standalone products.

03 Benefits

Get high-level overview of employee activity across

your IT infrastructure with Enterprise Overview

Dashboards. See how often changes are made, which

users are making suspicious actions, which systems

are affected, and more.

Detect Suspicious Activity at Early Stages

Investigate Suspicious Activity

Whenever you detect a change that mismatches

your corporate security policy, use Interactive Search

to investigate why it happened and how to prevent

similar incidents from occurring.

Make sure that only the eligible employees in your

organization have access to confidential files by getting

a complete picture of the effective permissions for a

specific file or folder.

Control Permissions and Protect Sensitive Data

04 In Action: Strengthen Security

Find out who's trying to access sensitive files by

subscribing to daily reports. Whether it’s cardholder

data, medical records or financial statements, Netwrix

Auditor will show who tried to read or modify those

files, when and where.

Monitor File Access Attempts

See System Configurations at Any Point in Time State-in-time™ reports allow you to see configuration

settings at any point in time, for example – see group

memberships or password policies as they were

configured a year ago. With this type of information

you can ensure your systems are “locked down” and

less prone to risk.

In the event that an unauthorized or malicious change

does occur, you can revert the settings to a previous

state without any downtime or having to restore from

backup. This way you can quickly “turn back the clock”

on system changes that indicate a security threat.

Recover Broken System Configurations

05 In Action: Strengthen Security

Use alerts to notify yourself of unauthorized

configuration changes as they happen. Prevent

security breaches by knowing exactly when a critical

change occurs, for example – get notified of when

someone is added to the Enterprise Admins or Domain

Admins group.

Receive Alerts on Critical Changes

Detect the Undetectable

Maintain visibility of any system, even if it does not

produce any logs via user activity video recording

with ability to search and replay.

The two-tiered (file-based + SQL database)

AuditArchive™ storage allows you to keep actionable

audit data archived for historic e-discovery or security

investigations for more than 10 years.

Document and Store Audit Trail for Years

06 In Action: Strengthen Security

Document and Store Audit Trail for Years

The two-tiered (file-based + SQL database)

AuditArchive™ storage allows you to keep audit data

archived in a compressed format for more than 10

years. The data ca be easily accessed anytime.

When you need to prove to compliance auditors that

specific processes and controls are (and were always)

in place, prove it with data. Netwrix Auditor provides

out-of-the-box reports that are mapped toward

specific regulatory compliance standards, including

PCI DSS 3.0, HIPAA, SOX, FISMA/NIST800-53 and ISO/

IEC 27001.

Out-of-the-box Compliance Reports

Address Auditor’s Questions Faster

Quickly find answers to auditors’ questions like who

effected privilege elevation and what was changed in

the enterprise domain admins group a year ago.

What used to take weeks of your time now takes 5

minutes.

07 In Action: Streamline Compliance

See when a specific change was made, who made it

and what was changed with “before” and “after” values.

This type of information is available for every change in

Active Directory, Group Policy, Exchange, Files Servers,

SharePoint, SQL Server, VMware and Windows Server.

Simplify Reporting

There is no need to manually review countless event

logs or use PowerShell to generate reports on what’s

changing in your environment, who has permissions

to what, which users are inactive, whose passwords

are about to expire. Get access to over 150

predefined reports and dashboards with filtering,

grouping, sorting, export (PDF, XLS, etc.), email

subscriptions and much more.

Provide full access to actionable audit data to anyone

who needs it in your organization instead of dealing

with numerous report requests from different

departments.

Save Time on Report Delivery

08 In Action: Optimize Operations

In the event that an unauthorized change affecting

system availability does occur, you can quickly “turn

back the clock” and revert the settings to a previous

state without any downtime or having to restore from

backup.

Minimize System Downtimes

Focus on What’s Really Important

Use alerts to notify yourself of the most critical

system configuration changes as they happen.

Choose specific types of changes you want to be

alerted on, for example – set up alerts on changes to

the Enterprise Admins or Domain Admins group

members.

Identify the Root Cause and Troubleshoot Faster Utilize the meaningful and actionable data to

investigate the event sequences and determine their

underlying root causes. Having a single point of

access to the complete audit trail ensures a rapid

response to arising problems.

09 In Action: Optimize Operations

When we implemented Netwrix Auditor we got a very easy to use solution to tell us the who/what/when/where

details for all changes, easily saving us hours of investigative work tracking down who made a specific change. “ Netwrix Auditor helps with our security housekeeping. By using Netwrix solutions for tracking changes made

across IT systems, we’re able to get numerous reports that help us to quickly find out whether there were any

unauthorized access attempts of sensitive data, especially in the case of employees who do not have permission

for it. I cannot think of a better way to keep data safe and secure. “ Richard Staats, Member of the IT Team, VTM Group

10 Addressing Challenges of Your Department and Business

Jeff Salisbury, Director, Global IT Operations, Belkin International Inc.

IT Administrator

Generate and deliver audit and

compliance reports faster.

Investigate suspicious user activity

before it becomes a breach.

IT Manager

Take back control over your IT infrastructure and

eliminate stress of your next compliance audit.

Mitigate security risks and minimize

compliance costs. CIO/CISO

MSP Enable transparency of managed environments and

monetize on offering ‘Compliance as a Service’.

IT Security

Administrator

Change, Configuration and Access Auditing

Unified Auditing Platform

11 Features

Change auditing: detection, reporting and alerting on all configuration changes across

your entire IT infrastructure with Who, What, When, Where details and Before/After values.

Configuration assessment: state-in-time™ reports show configuration settings at present or

any moment in the past, such as group membership or password policy settings as they were

configured a year ago.

Access Auditing: monitoring and reporting of successful and failed access to systems and

data.

Privileged user activity monitoring in any IT system even if the logs are not produced via

user activity video recording with ability to search and replay.

Unified platform to audit the entire IT infrastructure from a single console as opposed to

multiple hard-to-integrate standalone tools from other vendors.

AuditAssurance™: automatically consolidates audit data from multiple independent sources. If

key details are missing from one source, the technology supplements the collected data with

details from another source which ensures accurate and error-free data.

AuditIntelligence™: transforms complex machine audit data into meaningful and actionable

changes.

AuditArchive™: keeps consolidated audit data for up to and beyond ten years in a scalable two

-tiered storage (file-based + SQL database) and ensures quick and easy access to it throughout

the whole retention period.

Delegated Access to Audit Data: Netwrix Auditor client can be installed on an unlimited

number of computers, providing full access to actionable intelligence.

Agentless or lightweight, non-intrusive agent-based modes of operation are supported.

Data Search, Predefined Reports, Alerts and Dashboards

SIEM, Rollback, FIM

Interactive search: Quickly sort through audit data and fine-tune search criteria until you

find the information you need. Export the results or create a custom report meeting your

specific requirements.

Over 150 predefined reports are included with filtering, grouping, sorting, exporting,

email subscriptions, drill-down, web access, granular permissions, and more.

Out-of-the-box compliance reports mapped toward specific regulatory compliance

standards, including PCI DSS 3.0, HIPAA, SOX, FISMA/NIST800-53 and ISO/IEC 27001.

Real-time alerts notify you about critical configuration changes, unauthorized

access to sensitive data, both failed and successful, as well as about other events that may turn

into security incidents.

Enterprise overview dashboards provide complete visibility into what is happening in

your IT infrastructure and allow drilling down to details on every change across all audited

systems. See how often changes are made, which users are making suspicious actions, which

systems are affected, and more.

Integration with SIEM: optionally forwards meaningful audit data into your existing SIEM,

leveraging existing processes, protecting technology investments and reducing console sprawl.

Event log management: "catchall" of non-change events in Windows logs and Syslog, such as

logon/logoff, account lockouts, etc.

Change rollback: Reverts unauthorized or malicious changes to a previous state without

any downtime or having to restore from backup.

File Integrity Monitoring (FIM) through tracking of changes to critical systems, files and

configurations.

12 Features

AWARDS All awards: netwrix.com/awards

Corporate Headquarters: 300 Spectrum Center Drive, Suite 820 Irvine, CA 92618

Phone: 1-949-407-5125 Toll-free: 888-638-9749 EMEA: +44 (0) 203-318-0261 netwrix.com/social

Copyright © Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or one or more of its subsidiaries and may be registered

in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.

Free Trial: setup in your own test environment netwrix.com/freetrial Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive Live Demo: product tour with Netwrix expert netwrix.com/livedemo Contact Sales to obtain more information netwrix.com/contactsales

Next Steps