2. About Netwrix Corporation
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: over 8,000
Recognition: Among the fastest growing
software companies in the US with 105
industry awards from Redmond
Magazine, SC Magazine, WindowsIT Pro
and others
Customer support: global 24/5 support
with 97% customer satisfaction
3. Netwrix Locations
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: 6000
Corporate Headquarters:
300 Spectrum Center Drive #1100
Irvine, CA 92618
888-638-9749
www.netwrix.com
5. Industry Awards and Recognition
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: over 7000
Customer support: global 24/5 support with 97%
customer satisfaction
All awards: www.netwrix.com/awards
6. About Netwrix Auditor
Netwrix Auditor
A visibility and governance platform that enables control over
changes, configurations, and access in hybrid cloud IT environments by
providing security analytics to detect anomalies in user behavior and
investigate threat pattern before a data breach occurs.
7. Netwrix Auditor Applications
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
8. Netwrix Auditor for Active Directory
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Active Directory and Group Policy changes
• State-in-Time information on configurations
• Logon auditing
• Alerts and AD change rollback
• Inactive user tracking and password expiration
alerting
9. Netwrix Auditor for Azure AD
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Changes to Azure AD groups, users, passwords, roles,
applications, service principals, devices, contacts, and
more
• Logon auditing
10. Netwrix Auditor for Exchange
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Changes to Exchange Server configuration,
Exchange databases, mailboxes, mailbox
delegation and permissions
• Non-owner mailbox access auditing
11. Netwrix Auditor for Office 365
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Exchange Online administrative changes,
changes to mailboxes, mail users, groups,
permissions, policies, and management roles
• Non-owner mailbox access auditing
• SharePoint Online configuration, security,
and content changes, and data access events
12. Netwrix Auditor for Windows File Servers
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Changes to files, folders, shares and permissions
• Successful and failed access attempts
• File analysis reporting
• State-in-time information on configurations
Netwrix Auditor for
Active Directory
13. Netwrix Auditor for EMC
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
Netwrix Auditor for
Azure AD
• Changes to files, folders, shares and permissions
• Successful and failed access attempts
• File analysis reporting
• State-in-time information on configurations
14. Netwrix Auditor for NetApp
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
Netwrix Auditor for
Exchange
• Changes to files, folders, shares and permissions
• Successful and failed access attempts
• File analysis reporting
• State-in-time information on configurations
15. Netwrix Auditor for SharePoint
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Changes to farm configuration, user content
and security, permissions, group membership,
security policies
• Read access auditing
Netwrix Auditor for
Office 365
16. Netwrix Auditor for Oracle Database
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Changes to roles and permissions, settings and audit
policy, databases, triggers, views, and more
• Content changes
• Login activity
• Data access
17. Netwrix Auditor for SQL Server
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Changes to SQL Server objects and
permissions, server instances, roles and
databases, tables and stored procedures, etc.
• Logon auditing, both failed and successful
18. Netwrix Auditor for Windows Server
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Changes to configuration of Windows-based servers,
Event Logs, Syslog, Cisco, IIS, DNS
• User activity video recording
19. Netwrix Auditor for VMware
Netwrix Auditor for
Active Directory
Netwrix Auditor for
Windows File Servers
Netwrix Auditor for
Oracle Database
Netwrix Auditor for
Azure AD
Netwrix Auditor for
EMC
Netwrix Auditor for
SQL Server
Netwrix Auditor for
Exchange
Netwrix Auditor for
NetApp
Netwrix Auditor for
Windows Server
Netwrix Auditor for
Office 365
Netwrix Auditor for
SharePoint
Netwrix Auditor for
VMware
• Changes to vCenter and its servers, folders and
clusters, resource pools, hardware configurations of
virtual machines
21. Audit Challenges Resolved by Netwrix Auditor
Automated collection from multiple audit data sources
Centralized and unified solution for diverse systems
Automated retrieval of human readable names from machine data
Consolidation of a mass of technical events into meaningful data
Answers that you can get exactly when you need them:
– Interactive Search
– Predefined reports and dashboards with filtering, sorting,
exporting and subscription options
– Real time alerting, etc.
The four “W”s: (WHO, WHAT, WHEN, WHERE details)
“Before” and “After” values of changes
System’s state at any moment in time
Audit Challenges: Answers to the challenges by Netwrix Auditor
Numerous sources
of audit data
Abundance
of “noise” data
Ease of use
of audit data
Comprehensiveness
of audit data
22. Netwrix Auditor Benefits
Relieves IT departments of
manual crawling through weeks
of log data to get the
information about who
changed what, when and
where and who has access to
what.
Detect Data Security
Threats – On Premises
and in the Cloud
Pass Compliance Audits
with Less Effort and
Expense
Increase the
Productivity of Security
and Operations Teams
Bridges the visibility gap by
delivering security analytics
about critical changes, state of
configurations and data access
in hybrid cloud IT environments
and enables investigation of
suspicious user behavior.
Provides the evidence required
to prove that your
organization’s IT security
program adheres to PCI DSS,
HIPAA, SOX, FISMA/NIST, GLBA,
FERPA, NERC CIP, ISO/IEC 27001
and other standards.
23. #completevisibility
#completevisibility
Addressing the IT
and Business Challenges
IT Administrator
Generate and deliver audit
and compliance reports
faster.
IT Security
Administrator
Investigate suspicious user
activity before it becomes a
breach.
IT Manager
Take back control over your
IT infrastructure and eliminate
the stress of your next
compliance audit.
IT Director, CIO/CISO
Prevent data breaches and
minimize compliance costs.
24. Maximized visibility and transparency of all changes within your
IT infrastructure.
Netwrix Auditor - Enterprise Overview
Refresh Subscribe
Enterprise Overview
Dashboards provide a high-level overview of changes across all audited systems in the IT environment.
Top: 15 From: 2/10/2016 4:44:28 AM To: 4/1/2016 4:44:28 AM
CHANGES BY DATE SERVERS WITH MOST CHANGES
USERS WHO MADE MOST CHANGES CHANGES BY AUDITED SYSTEM
50
40
30
20
10
0
fs1.enterprise.com
dc1.enterprise.com
enterprise.onmicrosoft.com
81.95.121.125
http://enterprise.com/2880
orcl/orcl.enterprise.com
0 20 40 60 80 100 120 140
ENTERPRISEAdministrator
ENTERPRISEJ.Smith
ENTERPRISEA.Buden
ENTERPRISEF.Brazzo
ENTERPRISEK.Clark
ENTERPRISEA.Lynch
ENTERPRISEA.Green
0 20 40 60 80 100 120
79
34
14
26
File Servers
Active Directory
Azure AD
Netwrix API
SharePoint
Oracle Database
Exchange Online
Windows Server
25. Complete picture of changes made by a specific user across all
IT systems.
Netwrix Auditor - All Changes by User
Refresh Subscribe
All Changes by User
Shows all changes across the entire IT infrastructure grouped by the users who made the changes. Review this report to paint the whole picture, detect users that need your special attention and investigate suspicious activities.
Action Object Type What Changed Where Changed When Changed
Modified User comenterpriseUsersB.Atkin dc1.enterprise.com 3/20/2016 8:35:55 PM
Principal Name set to “B.Atkin@enterprise.com”
Who Changed: ENTERPRISE/J.Carter
Action Object Type What Changed Where Changed When Changed
Removed Registry Key
RegistryHKEY_LOCAL_MACHINEsoftwareMicrosoftWindow
sCurrentVersionInstallerInProgress
wsrv07.enterprise.com 3/20/2016 9:20:24 PM
(REG_SZ): “C:WindowsInstaller591ac9.ipi”
Ownership: “Owner: ENTERPRISEN.Key”
Audited System: Windows Servers
Action Object Type What Changed Where Changed When Changed
Removed VirtualMachine ha-folder-rootha-datacentervmkn https://10.0.4.48:443 3/25/2016 10:21:55 PM
Audited System: VMware
Action Object Type What Changed Where Changed When Changed
Modified Group Farm Administrators https://rpwin2012.enterprise.com 3/25/2016 10:21:55 PM
Members: Added: “ENTERPRISET.Simpson”
Audited System: SharePoint
Audited System: Active Directory
27. Who, What, When, Where details and Before/After values of
everything that seems suspicious.
Change Summary
Added 1
Removed 1
Modified 1
Active Directory – Administrator@entreprise.com - Outlook
FILE HOME SEND / RECEIVE FOLDER VIEW
Reply Reply All Forward
Thu 5/7/2015 1:06 AM
J.Carter@enterprise.com [J.Carter@enterprise.com]
Netwrix Auditor: Active Directory Change Summary – enterprise.com
Sent: Thursday, March 15, 2016 3:02 AM
To: John Carter
To Administrator
Netwrix Auditor for Active Directory
Action
Object
Type
What Where Who When Workstation Details
Remove
d
User comenterpriseUsersJohn Smith DC1.enterprise.com ENTERPRISEJ.Carter
3/14/2016
1:00:51 AM
NY-T5005 none
Added User comenterpriseUsersDavis Brad DC1.enterprise.com ENTERPRISEJ.Carter
3/14/2016
1:02:20 AM
NY-T5005 none
Modified Computer comenterpriseComputersdepartment DC1.enterprise.com ENTERPRISEJ.Carter
3/14/2016
1:02:30 AM
NY-T5005
Computer
Account
Disabled
This message was sent by Netwrix Auditor from netwrix.enterprise.com
www.netwrix.com
28. Out-of-the-box compliance reports mapped toward specific
requirements of regulatory compliance standards.
-
Netwrix Auditor
Reports
Appropriate policies and procedures, technical measures, administrative efforts, and physical security should
supplement each other in the organization in order to ensure continuous compliance with PCI Requirements.
Please note that the efforts and procedures required to establish compliance in each section may vary in different
organizations depending on their systems configuration, internal procedures, nature of business, and other factors.
Software implementation will not guarantee organizational compliance without proper processes in place. Not all the
controls that Netwrix can possibly support are included. This mapping should be used as a reference guide for
implementation of an organization tailored policies and procedures.
Netwrix Auditor can help with the PCI DSS controls listed below.
Requirement 3: Protect stored cardholder data
3.1 Keep cardholder data storage to a minimum by implementing data-retention and disposal policies
3.2 Do not store sensitive authentication data after authorization
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
5.3 Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless
specifically authorized by management on a case-by-case basis for a limited time period
Requirement 6: Develop and maintain secure systems and applications
6.3.1 Remove development, test and/or custom application accounts, user IDs, and passwords before applications
become active or are released to customers.
6.4 Follow change control processes and procedures for all changes to system components.
Requirement 7: Restrict access to cardholder data by business need to know
7.1 Limit access to system components and cardholder data to only those individuals whose job requires such
access.
7.2 Establish an access control system for systems components that restricts access based on a user’s need to know
ALL REPORTS COMPLIANCE
FISMA Compliance
HIPAA Compliance
ISO/IEC 27001 Compliance
PCI DSS v3.0 Compliance
SOX Compliance
PCI DSS v3.0
29. Why Netwrix Auditor?
Sharp focus on visibility and governance
Broadest coverage of on-premises and cloud systems
Truly integrated as opposed to multiple hard-to-integrate standalone tools from
other vendors
Noise-free security analytics
Non-intrusive architecture
API-enabled ecosystem integrations via free Add-On Store
Cost-effective two-tiered storage (file-based + SQL database) holding consolidated
audit data for more than 10 years
Fast, 15-minute deployment, with no professional services required
First-class customer support with 97% customer satisfaction
Editor's Notes
Provide description of Netwrix Auditor for those who aren’t that familiar with what we do, almost like it’s written on the slide.
Explaining a little bit how we help with Operational challenges.
With Netwrix Auditor there’s no need to crawl through a mass of log data to get the answers to questions of who did what, when and where and who has access to what. The product delivers actionable audit data to whoever needs it in your organization by either subscribing the stakeholders to scheduled reports or via Netwrix Auditor client that enables full access to actionable intelligence and can be installed on any desktop or laptop.
Automates time-consuming manual tasks associated with generating reports on what’s happening in your environment and who has permissions to what.
Minimizes system downtimes and service outages via assisting with troubleshooting of issues caused by human error or incorrect changes to system configurations.
Simplifies root cause analysis via investigation of event sequences and determination of their underlying root causes.
Unifies auditing across the entire IT infrastructure eliminating the need for additional spend and staff trainings on multiple standalone products.