This document discusses the top 10 critical IT changes that should be audited and introduces the NetWrix Change Reporter Suite for auditing these changes. The suite collects audit data from multiple sources, stores it scalably, and provides flexible reporting and long-term archiving. It audits changes to Active Directory, Group Policy, Exchange, file servers, SQL, routers/firewalls, virtual environments, and user logon/logoff activity. The demonstration shows how it clearly displays who made what changes, when, and where using a unified platform.
1. #1 for Change Auditing
Simple, Efficient, Affordable
Top 10 Critical Changes to Audit in
Your IT Infrastructure
Bob Bobel, Director of Product Management
E-mail: bob.bobel@netwrix.com
Twitter: @rbobel
LinkedIn: www.linkedin.com/in/robertbobel
#1 for Change Auditing
Simple, Efficient, Affordable
2. Agenda
• Understand WHY you need to audit
• Define key audit requirements
• Identify the 10 most critical changes to audit
• Introduction to NetWrix Change Reporter Suite
• Demonstration
• Why NetWrix?
• Questions
#1 for Change Auditing
Simple, Efficient, Affordable
3. Why you need to Audit
• Security - Changes in security settings may have
unexpected consequences
• Unauthorized Access - Prevention of Data theft, files
and email
• Troubleshooting - it worked before, what happened?
• Root Cause Analysis - The system is broken, what lead
to this?
• Admin Activity & Delegation Permissions- Hold all
Admins accountable
• Change Control Management
• Compliance - PCI, SOX, HIPAA, etc.
#1 for Change Auditing
Simple, Efficient, Affordable
4. Solution Requirements
1. Automated collection
2. Use of diverse audit data sources (single-source
= less detail)
3. Filtering and consolidation (no log noise)
4. Centralized securable storage for short and long-
term
5. Flexible Reporting
6. Shows 4Ws: (WHO, WHAT, WHEN, WHERE)
7. Shows BEFORE and AFTER detail clearly
#1 for Change Auditing
Simple, Efficient, Affordable
5. Solution Requirements (continued)
• Centralized secure auditing
• Simply and efficiently display key WHO,
WHAT, WHEN and WHERE changes details
with both BEFORE and AFTER values
• Efficient sort term and long term storage of
audit & configuration data
• Enterprise Scalability
#1 for Change Auditing
Simple, Efficient, Affordable
7. Top-10 Critical Changes and Activities
1. Active Directory: Group Memberships
2. Group Policy: Password Policy
3. Exchange: Message store
4. Mailbox access by non-owners
5. Windows Server: Local Users and Groups
6. File Servers: Access Attempts and Changes
7. SQL: Security and roles
8. Router and Firewall changes
9. Virtual environment changes
10. User Logon/Logoff Activity
#1 for Change Auditing
Simple, Efficient, Affordable
8. Introducing…
NetWrix Change Reporter Suite
Unified Auditing for Key IT Systems
• Simple – Easy to use, installs in minutes &
built on NetWrix Change Reporter AAA
platform
• Efficient - lightweight architecture without
dangerous agents or OS level drivers
• Affordable - modular and part of the NetWrix
Enterprise Suite
#1 for Change Auditing
Simple, Efficient, Affordable
9. Features and Benefits
Audit data we collect AuditAssurance™
• Configuration
• Native Events
• Other
Scalable Storage
• The Backbone of reporting
• Normalized the 4W details of Who, What, When and
Where across systems and applications
AuditIntellegence™
• Searchable and supports custom reports
#1 for Change Auditing
Simple, Efficient, Affordable
10. Features and Benefits
Analysis & Reporting
• Pre-built reports many designed from customer
feedback
• View on-screen, over the Web, Export in various
formats & subscriptions for automation
• Clearly displays 4W detail Who, What, When
and Where
• Uses Microsoft SQL Reporting Services
#1 for Change Auditing
Simple, Efficient, Affordable
11. Features and Benefits
AuditArchive™
• Configurable Retention Policy
– Store years of data, competitors may only store
months of data
• Can be accessed when needed for historical
purposes (import)
#1 for Change Auditing
Simple, Efficient, Affordable
12. NetWrix AAA Platform Technology
• AuditAssurance™ technology consolidates audit
data from multiple independent sources, filling-in
key details not present in any single source.
• AuditIntelligence™ technology provides a
complete audit picture by transforming raw audit
data into meaningful and actionable intelligence.
• AuditArchive™ technology provides long-term
archiving, making your data available for
historical reporting and forensics analysis.
#1 for Change Auditing
Simple, Efficient, Affordable
13. #1 for Change Auditing
Simple, Efficient, Affordable
Demonstration
#1 for Change Auditing
Simple, Efficient, Affordable
14. Others who chose NetWrix
Financial Federal, State & Local Government
• ING Direct • Columbia University
• Forex Capital Markets • Bureau of National Affairs
• Berkshire Hathaway • State of Maine
• Zurich Financial Services • NYC Dept. of Transportation
• Thomson Reuters • US District Court, SDNY
• Fiserv • Massachusetts Port Authority
• Alaska State Legislature
Healthcare & Pharmaceutical • Columbia University
• Vertex Pharmaceuticals • Verizon Business Systems
• Blue Cross of Idaho • Black & Decker
• Berkeley National Laboratory • Universal NBC
• National Institute of Health (NIH) • US Military Academy
• Massachusetts General Hospital
• WebMD
#1 for Change Auditing
Simple, Efficient, Affordable
15. NetWrix Suites
All-in-One Suite
Change Reporter Suite IDM Suite
Active Directory SharePoint Password Manager
Object Restore SQL Server Password Expiration
Group Policy Windows Server Notifier
Exchange VMware Logon Reporter
Mailbox Access Event Log Manager Inactive Users Tracker
File Servers Activity Recorder
NetApp & EMC FREE Trials at
www.netwrix.com
#1 for Change Auditing
Simple, Efficient, Affordable
16. Protect your investment
• Upgrade to any suite = 100% credit applied
from any prior license purchase
• New product additions to suites are provided
to you at no charge so long as support and
maintenance fees are current
#1 for Change Auditing
Simple, Efficient, Affordable
17. Next Steps…
• Download a FREE TRIAL at www.netwrix.com
– Trial license is included with the download
– Support is provided during trial period
• Virtual POC
– Virtual TestDrive™ is available in some areas
– Online server allows you to quickly understand the
incredible value of our software
#1 for Change Auditing
Simple, Efficient, Affordable
18. #1 for Change Auditing
Simple, Efficient, Affordable
Thank you
For more information visit www.netwrix.com
Bob Bobel, Director of Product Management
E-mail: bob.bobel@netwrix.com
Twitter: @rbobel
LinkedIn: www.linkedin.com/in/robertbobel
#1 for Change Auditing
Simple, Efficient, Affordable
Editor's Notes
AuditAssurance™ technology consolidates the audit data from multiple independent sources (event logs, configuration snapshots, change history records, etc.), and therefore is able to detect a change even if one or more of the sources does not contain all the required data. AuditIntelligence™ technology transforms raw audit data into meaningful and actionable intelligence to drive security and compliance efforts and delivers human-readable reports designed with administrators and auditors in mind to paint the most complete picture.