Change Auditing Software Review of Netwrix Change Auditing Software I am going to give you a brief review Netwrix, a change auditing software we have been using for about a year and half.

Netwrix Auditor What is it? It is a change and configuration auditing software. Ability to automatically track configuration changes to: Active Directory Microsoft Exchange Windows Servers Group Policy File servers Microsoft SQL Server SharePoint VMware Ability to track file changes Files on file servers NetApp Filer EMC Storage Netwrix a change and configuration auditing software. It has the ability to track configuration changes to several critical components that make up your IT infrastructure including: It also has the ability to track changes to files, folders, and shares on: SharePoint Windows file servers NetApp Filer And EMC Storage

Netwrix Auditor What is it? Other tools included: User Activity Recording Inactive User Tracking Password Expiration Alerting It also includes some other tools for tracking changes: User Activity Recording – useful for tracking changes in applications that are not recorded in logs – acts like a screen recorder – You can choose which servers and even which applications are recorded Besides auditing changes Netwrix includes some other useful tools Inactive user Tracking – with Inactive user tracking you can automatically reset passwords of inactive accounts, move to a different OU, or delete accounts. Password Expiration Alerting – enables you notify users or managers of passwords that are nearing expiration.

Netwrix Auditor Why? Meet compliance requirements for auditors What changed When was it changed Who changed it Peace of mind Receive immediate notifications of critical changes Ability to trace changes made Rollback capability Netwrix gives the ability to easily rollback changes to Active Directory Files changes can also be rolled back if your have volume shad copy enabled. Auditors wanted us to be able to track what changes were made, by who, and when. Besides making the auditors happy, It brought peace of mind knowing we would know if any changes were made to any of our servers. Ask yourself, How long would it take you to know if someone had gotten into your system and created an account with domain administrator privileges? Also, have you had a user tell you someone changed or deleted their file? It’s nice knowing you can track down who changed the file. Netrix has the a tool that allows easy rollback of changes made to Active Directory, it can also rollback file changes if you enable volume shadow copy (we have not).

Netwrix Auditor How? Purchase the components you need. License based on number of users. Netwrix Auditor for Active Directory Active Directory configuration, Group Policies, password expirations and inactive users Netwrix Auditor for Exchange Exchange configuration, mailboxes, permissions and mailbox access Netwrix Auditor for File Servers Permissions and access on Windows, EMC Storage and NetApp Filers Netwrix Auditor for SharePoint SharePoint farm configurations, security and content Netwrix Auditor for SQL Server SQL configurations and security Netwrix Auditor for VMware VMware vSphere and ESX configuration Netwrix Auditor for Windows Server Windows configuration, registry, services, and more, including user activity video recording Netwrix for Active Directory includes Group Policy tracking and the password expiration and inactive users tool. We purchased: The pieces for AD (which includes Group Policy), Exchange, Windows Servers, and File Servers Our total cost (which they had discounted) was $2,500 (for one year) Maintenance renewal was $625

Netwrix Auditor How? Hardware/Software requirements: Windows 7 or 2008 or later (we are running Windows 7) 8 GB RAM (we have 16GB) Intel Core 2 Duo 2x 64bit, 3GHz (ours is a corei5 3.2GHz) 500MB for install 1GB for audit archive 500MB for SQL Server DB (we are using an existing SQL 2012 server) Hardware and software requirements are minimal. We have it installed on a desktop computer that also runs Shavlik (our patch management software) and Dameware (our remote management software).

Our Experience with Netwrix Netwrix Auditor Our Experience with Netwrix We are using the following components: Auditor for Active Directory Auditor for Group Policy Auditor for Exchange Auditor for Windows Auditor for File Servers Total cost (based on 205 AD users) $2,500 Annual maintenance $625 We purchased: The pieces for AD (which includes Group Policy), Exchange, Windows Servers, and File Servers. We don’t own Vmware or EMC/Netfiler Our total cost (which they had discounted) was $2,500 (for one year) Maintenance renewal was $625

Netwrix Auditor At a glance The interface Netwrix Auditor runs in a Microsoft Management Console, so it can only be viewed on the server hosting Netwrix. It integrates SQL Reporting Services for displaying and configuring dashboards and reports. It isn’t the most intuitive interface but it is fairly straightforward.

Netwrix Auditor At a glance Configuration Configuration is pretty straightforward. All the different components are listed under Managed Objects Under each Managed Object are settings that are set for each one. The software will automatically check, and in many cases, configure the log settings on each server as you go through the setup.

Netwrix Auditor At a glance Reports All of the reports are available by expanding the trees. There are enterprise wide reports and reports by each module This is an example of the report generation interface And this is an example of the report

Netwrix Auditor At a glance It has a subscription feature Besides running the reports Ad-Hoc, you can also subscribe to specific reports and have them delivered to whomever you want on a schedule you determine.

Netwrix Auditor At a glance Example – Daily Email Summaries By default the Netwrix is configured to send you daily summaries for each module containing the changes from the previous day.

Netwrix Auditor At a glance Real-time Alerts and ability to create your own In addition to the Ad-Hoc reports, report subscriptions and daily summaries Netwrix Auditor for Active Directory also has the ability to provide Real-time alerts. Several are pre-configured but you can also create your own.

Netwrix Auditor At a glance Example – Alert Email Notification Here is an example of an e-mail alert

Our Experience with Netwrix- the Good Netwrix Auditor Our Experience with Netwrix- the Good Ability to drill down on dashboards Ok, here is what we Like about Netwrix There are several Dashboard built into the Netwrix interface. There is an Enterprise Dashboard and then one for each module. What I really appreciate is that allows you to drill down into the detail.

Our Experience with Netwrix- the Good Netwrix Auditor Our Experience with Netwrix- the Good Tons of Pre-built Reports >200 The ability to run reports across modules Other useful reports There are a ton of pre-built reports. Netwrix claims there are more than 200. I also like the ability to run reports across module. For example this one show me all the changes John Peebles made in both AD and on the file server. And in addition to reports on configuration changes they include other useful reports like these.

Our Experience with Netwrix- the Good Netwrix Auditor Our Experience with Netwrix- the Good Real-time Alerts and ability to create your own I know I already showed this slide, but this is definitely one of my favorite features. I love to be able to receive real-time alerts about specific kinds of changes. Not just because I’m a little paranoid but it can be a useful tool as well. For example, if you have one person responsible for adding a person to an AD group and a different person responsible for setting them up in an application, you can setup and alert that notifies that person when someone is added to an AD group whose members must also have access to the application.

Our Experience with Netwrix- the Bad Netwrix Auditor Our Experience with Netwrix- the Bad Lots of information generated from normal server processes can be a bit overwhelming. Ok that was the Good, let’s talk about the Bad The daily summaries and reports can contain a lot of noise, many servers have changes they make on their own automatically and these changes show up in the reports. The do have a method for excluding specific actions but this exclusions have to be put in one or more of its exclusion configuration files and has to be formatted just right which is not particularly easy to do.

Our Experience with Netwrix- the Bad Netwrix Auditor Our Experience with Netwrix- the Bad Report creation does not have the most intuitive interface The report creation doesn’t give you any examples or drop downs for constructing the filters so if you are unfamiliar with SSRS creating the filter can be a little difficult at first.

Buy Questions? Netwrix Auditor Conclusion Buy, Try, or Don’t Buy? The software definitely does what it is supposed to do and then some. It has its quirks but overall it gets the job done and then some Questions?