Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent significant damage. Netwrix Auditor includes applications for:
- Active Directory
- Azure AD
- Office 365
- Windows file servers
- EMC storage devices
- NetApp filer appliances
- Oracle Database
- SQL Server
- Windows Server
The platform is also bolstered by RESTful API and user activity video recording, delivering visibility, actionable audit data and control across all on-premises, virtual and/or cloud-based IT systems in a uniform manner.
Detecting Data Security Threats
Netwrix Auditor enables organizations to detect data security threats by delivering information about critical changes, data access and configurations in on-premises, cloud-based and hybrid IT environments, allowing businesses to continuously assess and proactively mitigate risks. The platform identifies users with high levels of anomalous activity over time and alerts on behavior patterns that indicate a possible insider threat or account takeover, making it easy to investigate any suspicious action or security policy violation. Furthermore, Netwrix Auditor identifies high-risk configurations such as excessive access permissions for security groups and individual users that need immediate attention, minimizing the ability of intruders and/or insiders to cause damage. The platform also provides a high-level view of an organization’s IT infrastructure with Enterprise Overview dashboards, which can be utilized to distinguish surges in anomalous activity, view which users are most active and determine which systems are most affected.
Another benefit of Netwrix Auditor is that it automatically compiles the information required to demonstrate regulatory compliance with the following standards:
- PCI DSS
- NERC CIP
- ISO/IEC 27001
The platform assists organizations with implementing compliance controls across their entire infrastructure and serves as a single point of access to the audit trail for up to 10+ years, in addition to providing compliance report templates that correlate with compliance controls of common regulations such as those previously mentioned.
In sum, Netwrix Auditor is a powerful and versatile tool that can be used to mitigate risk, increase IT productivity and demonstrate compliance with several different standards. Some key report types that Network Doctor recommends are as follows (please click the below links to view available samples):
- File Server changes by users (i.e. moves, deletions and/or permission changes)
- Exchange server changes by users
- Changes to local users and groups (i.e. administrative permissions, etc.)
- Unusual logon activity (i.e. afterhours)
- Specific user logon activity review (as needed)
- Attempted access to restricted folders and/or files
- General user account activity (i.e. monthly review)
- General overview of server changes
For more information regarding the platform, please contact your Account Manager.