Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Transcription

1 Netwrix Auditor Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure netwrix.com netwrix.com/social

2 01 Product Overview Netwrix Auditor enables complete visibility into both security configuration and data access within the entire IT infrastructure by providing actionable audit data about who did what, when and where and who has access to what. Netwrix Auditor helps prevent security breaches caused by insider attacks, pass audits and minimize compliance costs or just keep tabs on what privileged users are doing in the environment and why. Netwrix Auditor is the only platform that combines both security configuration management and data access governance across the broadest variety of IT systems, including Active Directory, Exchange, File Servers, SharePoint, SQL Server, VMware and Windows Server. It also supports privileged user activity monitoring in other systems, even if they do not produce logs, via user activity video recording with the ability to search and replay. We needed to comply with global auditing standards, and were instructed by our auditors to find a solution that met their exact requirements. Netwrix allowed us to monitor all critical aspects of our Microsoft environment, thus meeting the auditors strict requirements. Mervyn Govender, CIO, CreditEdge Read the case study: netwrix.com/creditedge

3 02 Applications Netwrix Auditor for Active Directory Netwrix Auditor for Exchange Netwrix Auditor for File Servers Includes auditing of EMC and NetApp Netwrix Auditor for SharePoint Netwrix Auditor for SQL Server Netwrix Auditor for VMware Netwrix Auditor for Windows Server Includes auditing of Event Logs, Syslog, Cisco, IIS, DNS and more...

4 03 Benefits Strengthen Security Detect insider threats by auditing changes to user data, system configurations, permissions, group memberships and access attempts. Investigate security incidents and prevent breaches through analysis of structural changes, modifications of security settings or any specific secured content and access events to critical organizational resources. Overcome limitations of native auditing by filling gaps and reducing signalto-noise ratio in audit data using AuditAssurance technology. Streamline Compliance Implement and validate internal controls from a variety of regulatory compliance standards. Get easy access to reports required for passing PCI DSS, HIPAA, SOX, FISMA/ NIST800-53, COBIT, ISO/IEC and other compliance audits. Keep complete audit trail archived for up to and beyond 10 years for later review and periodic checks by the auditors ensuring a quick access to audit data throughout the whole retention period. Optimize Operations Automate time-consuming manual tasks associated with generating reports on what s happening in your environment and who has permissions to what. Minimize system downtimes and service outages by troubleshooting issues caused by human error or incorrect changes to system configurations. Simplify root cause analysis by investigating event sequences and determining their underlying root causes. Unify auditing across the entire IT infrastructure eliminating the need for additional spend and staff trainings on multiple standalone products.

5 04 In Action: Strengthen Security Detect Suspicious Activity at Early Stages Get high-level overview of employee activity across your IT infrastructure with Enterprise Overview Dashboards. See how often changes are made, which users are making suspicious actions, which systems are affected, and more. Investigate Suspicious Activity Whenever you detect a change that mismatches your corporate security policy, use Interactive Search to investigate why it happened and how to prevent similar incidents from occurring. Control Permissions and Protect Sensitive Data Make sure that only the eligible employees in your organization have access to confidential files by getting a complete picture of the effective permissions for a specific file or folder.

6 05 In Action: Strengthen Security Monitor File Access Attempts Find out who's trying to access sensitive files by subscribing to daily reports. Whether it s cardholder data, medical records or financial statements, Netwrix Auditor will show who tried to read or modify those files, when and where. See System Configurations at Any Point in Time State-in-time reports allow you to see configuration settings at any point in time, for example see group memberships or password policies as they were configured a year ago. With this type of information you can ensure your systems are locked down and less prone to risk. Recover Broken System Configurations In the event that an unauthorized or malicious change does occur, you can revert the settings to a previous state without any downtime or having to restore from backup. This way you can quickly turn back the clock on system changes that indicate a security threat.

7 06 In Action: Strengthen Security Receive Alerts on Critical Changes Use alerts to notify yourself of unauthorized configuration changes as they happen. Prevent security breaches by knowing exactly when a critical change occurs, for example get notified of when someone is added to the Enterprise Admins or Domain Admins group. Detect the Undetectable Maintain visibility of any system, even if it does not produce any logs via user activity video recording with ability to search and replay. Document and Store Audit Trail for Years The two-tiered (file-based + SQL database) AuditArchive storage allows you to keep actionable audit data archived for historic e-discovery or security investigations for more than 10 years.

8 07 In Action: Streamline Compliance Address Auditor s Questions Faster Quickly find answers to auditors questions like who effected privilege elevation and what was changed in the enterprise domain admins group a year ago. What used to take weeks of your time now takes 5 minutes. Document and Store Audit Trail for Years The two-tiered (file-based + SQL database) AuditArchive storage allows you to keep audit data archived in a compressed format for more than 10 years. The data ca be easily accessed anytime. Out-of-the-box Compliance Reports When you need to prove to compliance auditors that specific processes and controls are (and were always) in place, prove it with data. Netwrix Auditor provides out-of-the-box reports that are mapped toward specific regulatory compliance standards, including PCI DSS 3.0, HIPAA, SOX, FISMA/NIST and ISO/ IEC

9 08 In Action: Optimize Operations See when a specific change was made, who made it and what was changed with before and after values. This type of information is available for every change in Active Directory, Group Policy, Exchange, Files Servers, SharePoint, SQL Server, VMware and Windows Server. Simplify Reporting There is no need to manually review countless event logs or use PowerShell to generate reports on what s changing in your environment, who has permissions to what, which users are inactive, whose passwords are about to expire. Get access to over 150 predefined reports and dashboards with filtering, grouping, sorting, export (PDF, XLS, etc.), subscriptions and much more. Save Time on Report Delivery Provide full access to actionable audit data to anyone who needs it in your organization instead of dealing with numerous report requests from different departments.

10 09 In Action: Optimize Operations Minimize System Downtimes In the event that an unauthorized change affecting system availability does occur, you can quickly turn back the clock and revert the settings to a previous state without any downtime or having to restore from backup. Focus on What s Really Important Use alerts to notify yourself of the most critical system configuration changes as they happen. Choose specific types of changes you want to be alerted on, for example set up alerts on changes to the Enterprise Admins or Domain Admins group members. Identify the Root Cause and Troubleshoot Faster Utilize the meaningful and actionable data to investigate the event sequences and determine their underlying root causes. Having a single point of access to the complete audit trail ensures a rapid response to arising problems.

11 10 Addressing Challenges of Your Department and Business IT Administrator Generate and deliver audit and compliance reports faster. Investigate suspicious user activity before it becomes a breach. IT Security Administrator IT Manager Take back control over your IT infrastructure and eliminate stress of your next compliance audit. Mitigate security risks and minimize compliance costs. CIO/CISO MSP Enable transparency of managed environments and monetize on offering Compliance as a Service. Netwrix Richard When we implemented Netwrix Auditor we got a very easy to use solution to tell us the who/what/when/where details for all changes, easily saving us hours of investigative work tracking down who made a specific change. Jeff Salisbury, Director, Global IT Operations, Belkin International Inc. Auditor helps with our security housekeeping. By using Netwrix solutions for tracking changes made across IT systems, we re able to get numerous reports that help us to quickly find out whether there were any unauthorized access attempts of sensitive data, especially in the case of employees who do not have permission for it. I cannot think of a better way to keep data safe and secure. Staats, Member of the IT Team, VTM Group

12 11 Features Change, Configuration and Access Auditing Change auditing: detection, reporting and alerting on all configuration changes across your entire IT infrastructure with Who, What, When, Where details and Before/After values. Configuration assessment: state-in-time reports show configuration settings at present or any moment in the past, such as group membership or password policy settings as they were configured a year ago. Access Auditing: monitoring and reporting of successful and failed access to systems and data. Privileged user activity monitoring in any IT system even if the logs are not produced via user activity video recording with ability to search and replay. Unified Auditing Platform Unified platform to audit the entire IT infrastructure from a single console as opposed to multiple hard-to-integrate standalone tools from other vendors. AuditAssurance : automatically consolidates audit data from multiple independent sources. If key details are missing from one source, the technology supplements the collected data with details from another source which ensures accurate and error-free data. AuditIntelligence : transforms complex machine audit data into meaningful and actionable changes. AuditArchive : keeps consolidated audit data for up to and beyond ten years in a scalable two -tiered storage (file-based + SQL database) and ensures quick and easy access to it throughout the whole retention period. Delegated Access to Audit Data: Netwrix Auditor client can be installed on an unlimited number of computers, providing full access to actionable intelligence. Agentless or lightweight, non-intrusive agent-based modes of operation are supported.

13 12 Features Data Search, Predefined Reports, Alerts and Dashboards Interactive search: Quickly sort through audit data and fine-tune search criteria until you find the information you need. Export the results or create a custom report meeting your specific requirements. Over 150 predefined reports are included with filtering, grouping, sorting, exporting, subscriptions, drill-down, web access, granular permissions, and more. Out-of-the-box compliance reports mapped toward specific regulatory compliance standards, including PCI DSS 3.0, HIPAA, SOX, FISMA/NIST and ISO/IEC Real-time alerts notify you about critical configuration changes, unauthorized access to sensitive data, both failed and successful, as well as about other events that may turn into security incidents. Enterprise overview dashboards provide complete visibility into what is happening in your IT infrastructure and allow drilling down to details on every change across all audited systems. See how often changes are made, which users are making suspicious actions, which systems are affected, and more. SIEM, Rollback, FIM Integration with SIEM: optionally forwards meaningful audit data into your existing SIEM, leveraging existing processes, protecting technology investments and reducing console sprawl. Event log management: "catchall" of non-change events in Windows logs and Syslog, such as logon/logoff, account lockouts, etc. Change rollback: Reverts unauthorized or malicious changes to a previous state without any downtime or having to restore from backup. File Integrity Monitoring (FIM) through tracking of changes to critical systems, files and configurations.

14 Next Steps Free Trial: setup in your own test environment netwrix.com/freetrial Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive Live Demo: product tour with Netwrix expert netwrix.com/livedemo Contact Sales to obtain more information netwrix.com/contactsales AWARDS All awards: netwrix.com/awards Corporate Headquarters: 300 Spectrum Center Drive, Suite 820 Irvine, CA Phone: Toll-free: EMEA: +44 (0) netwrix.com/social Copyright Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.