Netwrix Auditor. Сomplete Visibility into IT Infrastructure Changes and Data Access. netwrix.com netwrix.com/social

Transcription

1 Netwrix Auditor Сomplete Visibility into IT Infrastructure Changes and Data Access netwrix.com netwrix.com/social

2 Product Overview Netwrix Auditor Platform Netwrix Auditor is an IT auditing software that delivers complete visibility into IT infrastructure changes and data access by providing actionable audit data about who changed what, when and where each change was made, and who has access to what. Detect malicious user Pass compliance audits: activity before it results PCI DSS,HIPAA, SOX, automating change in a data breach. FISMA, ISO 270 tracking and reporting and others. tasks. Drive IT efficiency by

3 02 Applications Netwrix Auditor Applications Netwrix Auditor enables auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems, even if they do not produce any logs, by enabling video recording of user screen activity and later search and replay. Netwrix Auditor for Active Directory Netwrix Auditor for File Servers Netwrix Auditor for Windows Server Netwrix Auditor for VMware Netwrix Auditor for Exchange Netwrix Auditor for SQL Server Netwrix Auditor for SharePoint

4 03 Benefits Strengthen Security Detect insider threats by auditing changes to user data, system configurations, permissions, group memberships and file access attempts. Investigate security incidents and prevent breaches by analyzing changes to security settings, secured content and access to critical resources. Overcome limitations of native auditing by filling gaps and reducing the signal-to-noise ratio in audit data with AuditAssurance technology. Streamline Compliance Implement and validate internal controls from a variety of regulatory compliance standards. Get easy access to reports required for passing PCI DSS, HIPAA, SOX, FISMA/NIST800-53, COBIT, ISO/IEC 270 and other compliance audits. Keep a complete audit trail archived for more than 10 years for later review and periodic checks by auditors. Optimize Operations Automate time-consuming manual tasks associated with generating and delivering reports on what s happening in your environment and who has permissions to what. Minimize system downtime and service outages by quickly troubleshooting issues caused by harmful changes to system configurations, whether accidental or malicious. Unify auditing across the entire IT infrastructure, thus eliminating the expense of licensing multiple standalone products and training staff to use them.

5 0 In Action: Strengthen Security CHANGES BY DATE Detect Suspicious Activity at Early Stages SERVERS WITH MOST CHANGES 50 activity across your IT infrastructure with Enterprise Overview Dashboards. See how ex1.enterprise.com 20 fs1.enterprise.com 10 sp1.enterprise.com 0 sql1.enterprise.com 0 USERS WHO MADE MOST CHANGES often changes are made, which users are performing suspicious actions, which dc1.enterprise.com 30 9\ 12 \2 9\ 13 \2 9\ 1 \2 9\ 15 \2 9\ 16 \2 9\ 17 \2 9\ 18 \2 Get a high-level overview of employee Active Directory Exchange Server File Servers ENTERPRISE\N.Key Share Point SQL Server VMware Windows Server Investigate Suspicious Activity Search Whenever Netwrix Auditor detects a change that violates your corporate security policy, use Interactive Search to Who John Smith Actions Read Where ESX SEARCH investigate how it happened so you can prevent similar incidents from occurring in the future. 80 CHANGES BY AUDITED SYSTEM ENTERPRISE\J.Brown systems are affected and more. 20

6 05 In Action: Strengthen Security Control Permissions and Protect Sensitive Data Object Permissions by Object Shows accounts with their inherited or explicitly assigned basic permissions allowing them to access folders and subfolders, results are grouped by object path. Make sure that only the eligible employees in your organization have access to confidential files by getting a complete picture of the Folder path: \\fs1\management\finance User Account Permissions ENTERPRISE\Administrators List folder/ read data Read attributes Read extended attributes Read permissions Change permissions Explicit ENTERPRISE\J.Smith List folder/ read data Read attributes Read extended attributes Read permissions Change permissions Inherited effective permissions for any file or folder. Failed Read Attempts Shows unauthorized file access attempts. This report can be used for compliance audit to show that all unauthorized data access activities are traceable and easily auditable. Action Object Type What Who When Read (Failed Attempt) File \\fs1\finance\cardholders\ Overview.xlsx ENTERPRISE\ B.Green 9/26/25 3:03:08 PM Where: ENTWKS2 Read (Failed Attempt) File \\fs1\finance\accounting\ Statement0313.xlsx ENTERPRISE\ S.Hernandez 9/26/25 3:05:38 PM Where: ENTWKS052 Read (Failed Attempt) File Where: User Permissions Inheritance Monitor File Access Attempts Find out who's trying to access sensitive files by subscribing to daily reports. Whether it s cardholder data, medical records or financial statements, Netwrix Auditor will show who tried to read or \\fs1\hr\newhire\ SalaryList.xlsx ENTERPRISE\ K.Davis 9/26/25 3:07:23 PM modify those files, and when and where the attempt occurred.

7 06 In Action: Strengthen Security See System Configurations at Any Point in Time Historical Snapshot Management By default, only the latest snapshot is available for the State-in-Time Reports. To generate reports on the target system's state at a past moment, import the corresponding snapshot to the database first. State-in-time reports enable you to see configuration settings at any point in time. For example, you can see group membership lists or password policies as they were configured a year ago and compare that snapshot to the current configuration. All available snapshots: /18/2 5:51:31 AM /18/2 6:02:13 AM /18/2 8:21:11 AM /18/2 9:50:38 AM /19/2 :11: AM /20/2 9:5:19 AM /21/2 7:0:12 AM /2/2 8:05: AM /2/2 9:00:08 AM Apply Reset Snapshots available for reporting: /18/2 8:33:26 AM /18/2 :55:1 AM Next > Select Changes for Rollback Below is a list of changes that occurred in the specified time range. Highlight an abject to see what action will be performed Key user Group Bill Lloyd (user. Modified) Mary King (user. Modified) Lisa Wilson (user. Removed) John Gates (user. Added) Sarah Connor (user. Removed) Nick Parker (user. Removed) Ronald Moore (user. Removed) Jessica Smith (user. Removed) Select the changes you want to roll back by ticking the corresponding checkbox < Back Next > Details Cancel Recover Quickly to a Known Good System Configuration In the event that an unauthorized or malicious change does occur, you can quickly revert your configuration settings to a previous state without any downtime or having to restore from backup.

8 07 In Action: Strengthen Security Receive Alerts on Critical Changes Netwrix Auditor can alert you to unauthorized configuration changes as they happen so you can prevent security breaches. For example, you can choose to be notified whenever someone is added to the Enterprise Admins or Domain Admins group. Description: Alert Filters Changes to Admin Group Memberships Enable Alert on changes to the Domain Admins and Enterprise Domain Admins groups Specify filters for the changes that must trigger alerts: Addition to Enterprise Admins Group Removal from Enterprise Admins Group Addition to Domain Admins Group Removal from Domain Admins Group Notifications Recipient Type Format Html Edit... Add... Remove Edit... Add... Activity Records Generate a summary of video records Date 9/25/2 Computer User Start Time End Time Duration dc1.enterprise.com ENTERPRISE\J.Smith 9/25/25 :12 PM 9/25/25 :17 PM 00:05:15 dc1.enterprise.com ENTERPRISE\J.Smith 9/25/25 5:12 PM 9/25/25 5:13 PM 00::15 Detect the Undetectable Gain visibility into any system even if it does not produce any logs by video recording a user s screen activity. You can search and replay the recording to determine exactly what actions were performed. This feature is particularly helpful for ensuring that administrators are not abusing their privileged access.

9 08 In Action: Streamline Compliance Welcome to Netwrix Auditor Enable Security Controls Across the Entire IT Infrastructure Click the tile below to create a Managed Object to define the auditing scope. By supporting the broadest variety of audited systems, Netwrix Auditor enables security controls across your entire IT infrastructure and serves as a single point of access to the complete audit trail. Address Auditor s Questions Faster Search Audited system Active Directory Who Object type ENTERPRISE\ J.Smith Group Action Modified Object type Group SEARCH What Where When \enterprise\users\ Domain Admins dc1.enterprise.com /28/25 1:05:3 PM Group Modified \enterprise\users\ Accountants Security Global Group Member: -Added: \enterprise\users\roy Taylor dc1.enterprise.com questions, such as what changes were made to the Enterprise Domain Admins group during the past year and who Security Global Group Member: -Added: \enterprise\users\george Moore ENTERPRISE\ G.Davis Quickly provide answers to auditors made each of those changes. /29/25 11:25:36 AM

10 09 In Action: Streamline Compliance Reports Benefit from Out-of-the-box Compliance Reports ALL REPORTS COMPLIANCE User Accounts Group Membership User Accounts Last Logon Time All Group Policy Changes by Group Account Policy Changes FISMA Compliance Audit Policy Changes HIPAA Compliance Netwrix Auditor makes it easy to prove your Interactive Logon Settings Changes ISO/IEC 270 Compliance compliance with hard data by providing Password Policy Changes PCI DSS v3.0 out-of-the-box reports mapped to specific Restricted Groups Policy Changes SOX Compliance regulatory compliance standards, including PCI DSS 3.0, HIPAA, SOX, FISMA/NIST Group name: \Enterprise\Users\Domain Users and ISO/IEC 270. Action Who What When Added ENTERPRISE\J.Brown Audit Object Access Policy /30/25 Where: Workstation: dc1.enterprise.com Long Term Archive Location and retention settings for the local file-based storage of audit data. Location and retention settings 2:29:11 AM Store and Access Your Audit Trail for Years Netwrix Auditor s two-tiered (file-based + Modify... SQL database) AuditArchive storage Write audit data to: C:\ProgramData\Netwrix Auditor\Data enables you to keep audit data archived in Keep audit data for: 2 months a compressed format for more than 10 years, reducing storage requirements while ensuring that all audit data can easily be accessed at any time.

11 10 In Action: Optimize Operations All Changes by User Keep Tabs on What s Changing in Your Environment Shows all changes across the entire IT infrastructure grouped by the users who made the changes. Who Changed: ENTERPRISE\F.Wilson Audited System: Active Directory Action Modified This detailed information is available for Object Type What User \enterprise\users\glen Williams When 9/09/25 :31:9 PM Where: ex1.enterprise.com Principal Name set to [email protected] every change in Active Directory, Group Policy, Exchange, files servers, SharePoint, Audited System: VMware SQL Server, VMware and Windows Server. Action Removed Object Type What VirtualMachine \ha-folder-root\ha-datacenter\vm1 When 9/11/25 3:11:1 PM Where: File Servers Overview ACTIVITY BY DATE Simplify Reporting SERVERS WITH MOST ACTIVITY 5 fs1 3 There is no need to manually review 2 countless event logs or use PowerShell to fs /2 0 MOST ACTIVE USERS what, which users are inactive, and so on. READS VS CHANGES ENTERPRISE\J.Smith Reads ENTERPRISE\S.King Changes ENTERPRISE\K.Allen generate reports on what s changing in your environment, who has permissions to 9/ 9/ 20 /2 /2 9/ 19 /2 9/ 18 /2 17 9/ /2 / / 9/

12 11 In Action: Optimize Operations Speed Up Report Delivery Netwrix Auditor Launch Enterprise Overview Jettison slow, manual reporting processes that require users to request the reports Search Enterprise Active Directory Exchange File Servers SharePoint SQL Server VMware Windows Server Saved Searches All Changes they need from IT and wait their turn in the queue. Reports All Active Directory Changes Subscriptions Active Directory Object Restore Select Rollback Source Restore from state-in-time snapshots This option allows restoring deleted AD objects down to their attribute level based on the state-in-time snapshots made by Netwrix Auditor. Monitored domain: enterprise.com Select a state-in-time snapshot 5/18/25 3:00:59 AM Restore from AD tombstones This option provides partial AD objects restore based on the information retained on deleted AD objects tombstones. Use this option if no state-in-time snapshots are available for the selected period. Audited domain: enterprise.com Minimize System Downtimes In the event that an unauthorized change affecting system availability does occur, you can quickly turn back the clock by reverting the settings to a previous state without any downtime or having to restore from backup.

13 12 In Action: Optimize Operations Focus on What s Really Important Real-time Alert Changes to Admin Group Membership Severity Critical Use alerts to ensure you are notified about Domain ENTERPRISE.COM critical system configuration changes as they Change Type Modified happen. You can choose the specific types of Object Type Group changes you want to be alerted about for When Changed 7/6/25 :58:53 AM Who Changed ENTERPRISE\J.Smith Where Changed dc1.enterprise.com Object Name \enterprise\users\domain Admins Details Security Global Group Member: Added: \enterprise\users\nick White example, you can be alerted whenever any change is made to the membership of the Enterprise Admins group or the Domain Admins group. All Group Policy Changes Shows all changes to Group Policy objects, settings, GPO links and permissions with the name of the originating workstation from which a user made the change. Identify the Root-cause Faster Action What Who When Modified Security Policy ENTERPRISE\J.Smith 7/23/25 7:55:11 AM Where: dc1.enterprise.com through, but meaningful and actionable Workstation: Path: Computer Configuration (Enabled)/Policies/Windows Settings/Security Settings/ Account Policies/Password Policy intelligence that enables you to quickly Modified Policy: Enforce password history; Setting: 2 passwords remembered -> 3 passwords remembered; Modified Modified Modified Policy: Maximum password age; Setting: 20 days -> 200 days; Modified Policy: Minimum password length; Setting: 7 characters-> characters; When a problem arises, Netwrix Auditor delivers not mountains of raw data to pore investigate the sequence of events involved and determine the underlying root cause of the issue.

14 13 IT Administrator Addressing the IT Auditing Challenges of Your Department and Your Business Generate and deliver audit and compliance reports faster. Investigate suspicious user activity before it becomes a breach. IT Manager Take back control over your IT infrastructure and eliminate stress of your next compliance audit. Mitigate security risks and minimize compliance costs. MSP IT Security Administrator Increase revenue by enabling transparency of managed environments and offering compliance as a service. CIO/CISO

15 Analyst Coverage...configuration auditing tools help you analyze your configurations according to best practices, enforce configuration standards and adhere to regulatory requirements......auditing is generally a rather difficult task, especially if done manually. All of the many details you need to consider and remember are taken care of by Netwrix Auditor......best Active Directory/Group Policy product and Best Auditing/Compliance product years in a row......full five out of five stars and recommended to anyone with an AD environment give the product a whirl...

16 1 Features Change, Configuration and Access Auditing Change auditing: Netwrix Auditor detects all configuration changes across your entire IT infrastructure. Reports and alerts include who, what, when and where details, including before and after values. Configuration assessment: State-in-time reports show current configuration settings or settings from any moment in the past, such as group membership or password policy settings as they were configured a year ago. Access auditing: Monitoring and reporting of successful and failed access to systems and data helps keep sensitive data safe. Monitoring of privileged user activity: Video recordings capture user activity in any IT system, even if no logs are produced. The recordings can be searched and replayed. Unified Auditing Platform Unified platform: Netwrix Auditor enables auditing of the entire IT infrastructure from a single console, as opposed to struggling with multiple standalone tools from other vendors that are often hard to integrate. AuditAssurance : Netwrix Auditor maximizes signal-to-noise ratio in the audit data by consolidating information from multiple independent sources. If key details are missing from one source, the technology supplements the collected data with details from another source, ensuring complete and accurate data. AuditArchive : Scalable, two-tiered storage (file-based + SQL database) keeps consolidated audit data for more than 10 years and ensures quick and easy access to the data throughout the whole retention period. AuditIntelligence : Netwrix Auditor transforms raw data into meaningful and actionable intelligence. Agentless or agent-based operation: Both agentless and lightweight, non-intrusive agent-based modes of operation are supported.

17 15 Features Data Search, Predefined Reports, Alerts and Dashboards Interactive search: Netwrix Auditor enables you to quickly sort through audit data and fine-tune search criteria until you find the information you need. You can export the results or easily create custom reports. Over 150 predefined reports: Netwrix Auditor provides commonly needed reports out of the box, with easy filtering, grouping and sorting capabilities. Out-of-the-box compliance reports: Netwrix Auditor includes reports mapped to many regulatory compliance standards, including PCI DSS 3.0, HIPAA, SOX, FISMA/NIST and ISO/IEC 270. Real-time alerts: Users can choose to be notified in real time about critical configuration changes that could turn into security incidents." на "Alerts: Users can choose to be notified about critical configuration changes that could turn into security incidents. Enterprise overview dashboards: Dashboards provide a high-level overview of what is happening in the IT infrastructure with the ability to drill down to details on any change across all audited systems. SIEM, Rollback, FIM Integration with security information and event management systems (SIEMs): Netwrix Auditor can forward actionable audit data into your existing SIEM so you can leverage your existing processes, protect your technology investments and reduce console sprawl. Event log management: Netwrix Auditor provides a catchall for non-change events in Windows logs and Syslog, such as logons, logoffs and account lockouts. Change rollback: Netwrix Auditor enables you to quickly revert unauthorized or malicious changes to a previous state without any downtime or having to restore from backup.

18 Built for IT environments of all sizes, Netwrix Auditor architecture supports the growth of your organization 3 TM Banking and Finance, 100 employees Heritage Bank relies on Netwrix Auditor to govern essential security and compliance policies. Technology, 1,3K employees Even with IT expansion, Belkin controls changes in Active Directory and Exchange Server with Netwrix. Aerospace & Defense, 5K employees L-3 Communications uses Netwrix to track Active Directory and Group Policy changes to fulfill SOX compliance requirements. Education, 5,5K employees American Career College ensures campus data security with Netwrix Auditor for Active Directory.

19 Next Steps Free Trial: setup in your own test environment netwrix.com/freetrial Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive Live Demo: product tour with Netwrix expert netwrix.com/livedemo Contact Sales to obtain more information netwrix.com/contactsales Awards Corporate Headquarters: 300 Spectrum Center Drive, Suite 1100, Irvine, CA Phone: Toll-free: EMEA: + (0) netwrix.com/social Copyright Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.