The document discusses the importance of auditing in Active Directory, highlighting the challenges and consequences of audit failures, including security risks and compliance violations. It identifies the top five critical changes to audit, emphasizing the need for effective reporting and analysis tools. Additionally, it presents the Netwrix audit platform as a solution that provides comprehensive auditing capabilities and outlines next steps for interested users, including trial downloads.

1. #1 for Change Auditing
Simple, Efficient, Affordable
Top 5 Critical Changes to Audit in Active
Directory
Webinar
Bob Bobel, Director of Product Management
E-mail: bob.bobel@netwrix.com
Twitter: @rbobel
LinkedIn: www.linkedin.com/in/robertbobel
#1 for Change Auditing
Version 3
Simple, Efficient, Affordable

2. About NetWrix Corporation
• Founded in 2006 HQ located in New Jersey
• Philosophy - Simple, Efficient and Affordable
• Global customer base of approximately 6000
• As of 2011 approximately 6M licenses sold
• Focused on Auditing with an R&D to staff ratio 3:1
• Offices in North America, UK and APACJ
• Microsoft Gold Certified Partner
#1 for Change Auditing
Simple, Efficient, Affordable

3. Agenda
• Challenges of auditing Active Directory
• Why auditing matters
• Consequences of audit failures
• Key audit requirements
• Top 5 Critical Active Directory Changes to Audit
• Demonstration
• Why NetWrix?
• Questions
#1 for Change Auditing
Simple, Efficient, Affordable

4. Challenges of auditing Active Directory
• Event data can be complex and time consuming
to collect and manage
• Native audit logs lack key information and is
often confusing
• Native tools don’t provide point-in-time or
configuration reporting
• Most 3rd-Party utilities have heavy deployments
require scary OS level drivers or agents
#1 for Change Auditing
Simple, Efficient, Affordable

5. “It worked yesterday,
now it stopped
Why auditing matters working”
• Native tools are not enough
• Security problems go unidentified
• Material findings during audits
• Compliance failures
• Delays in troubleshooting and issues go
unresolved
• Clarify who is making changes to “my” system
#1 for Change Auditing
Simple, Efficient, Affordable

6. Consequences of audit failures
• Expensive outages
• Administrators who are unaccountable for
their actions
• Changes in security settings that may have
unexpected consequences
• Intellectual Property or data theft
• Fines for violations of compliance
requirements - PCI, SOX, HIPAA, etc.
#1 for Change Auditing
Simple, Efficient, Affordable

7. Epic Audit FAIL
• Large Global Oil Company
– Someone mistakenly deleted 2000 user accounts
because of a mistake in a script
– Monday morning, people couldn’t logon
• Insurance firm saw a spike in expenses
– People could access expense XLS files after they
were submitted
#1 for Change Auditing
Simple, Efficient, Affordable

8. Key audit requirements
• Clearly show WHO, WHAT, WHEN, WHERE
change detail with BEFORE and AFTER values
• Coordinate details from multiple sources for a
complete picture (single-source = less detail)
• Flexible Reporting and Filtering (no log noise)
• Automated Reporting and Analysis
• No dangerous agents or drivers
#1 for Change Auditing
Simple, Efficient, Affordable

9. Key audit requirements (continued)
• Predefined reports that can be customized for
specific needs
– Critical to sustain Compliance, Security or Access
Governance needs
• Centralized securable storage for short and
long-term analysis and reporting
• Enterprise Scalability
#1 for Change Auditing
Simple, Efficient, Affordable

10. Top 5 Critical Active Directory Changes to Audit
1. Privileged user activity
2. Privileged group Membership changes
3. Changes to Security Delegation
4. Structural changes to Active Directory
5. Changes to Group Policy Security Settings
#1 for Change Auditing
Simple, Efficient, Affordable

11. Competitor’s Architecture
Deployment Console
Events from
Agent Management Console
Critical Systems Install, Update, Repair & Un-install
Collection
Custom Required
OS Agent SQL Analyze Alert
Events
database
Agent side issues
Reporting in
• BSOD when OS Updates
Separate Product
• Agent stops you loose data
#1 for Change Auditing
Simple, Efficient, Affordable

12. NetWrix Audit Platform Architecture
Critical Systems
Scalable Storage
Native Events AuditAssurance™
4W Database with
AuditArchive™
before & after
Configuration
AuditIntelligence™
Permissions or
Access Rights
Analyze Report Alert AD Rollback
#1 for Change Auditing
Simple, Efficient, Affordable

13. #1 for Change Auditing
Simple, Efficient, Affordable
Demonstration
#1 for Change Auditing
Simple, Efficient, Affordable

14. Others who chose NetWrix
Financial Federal, State & Local Government
• ING Direct • Columbia University
• Forex Capital Markets • Bureau of National Affairs
• Berkshire Hathaway • State of Maine
• Zurich Financial Services • NYC Dept. of Transportation
• Thomson Reuters • US District Court, SDNY
• Fiserv • Massachusetts Port Authority
• Alaska State Legislature
Healthcare & Pharmaceutical • Columbia University
• Vertex Pharmaceuticals • Verizon Business Systems
• Blue Cross of Idaho • Black & Decker
• Berkeley National Laboratory • Universal NBC
• National Institute of Health (NIH) • US Military Academy
• Massachusetts General Hospital
• WebMD
#1 for Change Auditing
Simple, Efficient, Affordable

15. NetWrix Suites
All-in-One Suite
Change Reporter Suite IDM Suite
Active Directory SharePoint Password Manager
Object Restore SQL Server Password Expiration
Group Policy Windows Server Notifier
Exchange VMware Logon Reporter
Mailbox Access Event Log Manager Inactive Users Tracker
File Servers Activity Recorder
NetApp & EMC FREE Trials at
www.netwrix.com
#1 for Change Auditing
Simple, Efficient, Affordable

16. Protect your investment
• Upgrade to any suite = 100% credit applied
from any prior license purchase
• New product additions to suites are provided
to you at no charge so long as support and
maintenance fees are current
#1 for Change Auditing
Simple, Efficient, Affordable

17. Next Steps…
• Download a FREE TRIAL at www.netwrix.com
– Trial license is included with the download
– Support is provided during trial period
• Virtual POC
– Virtual TestDrive™ is available in some areas
– Online server allows you to quickly understand the
incredible value of our software
#1 for Change Auditing
Simple, Efficient, Affordable

18. #1 for Change Auditing
Simple, Efficient, Affordable
Thank you
For more information visit www.netwrix.com
Bob Bobel, Director of Product Management
E-mail: bob.bobel@netwrix.com
Twitter: @rbobel
LinkedIn: www.linkedin.com/in/robertbobel
#1 for Change Auditing
Simple, Efficient, Affordable