I first stumbled on Netwrix solutions when I had a strange problem of being locked out of Windows Accounts. Luckily Netwrix Account Lockout Examiner was able to help me.Now, several years later, I have been looking for a reliable Audit solution. June is the time of year when IT auditors usually knock on my door, which means it’s crucial to come up with a good solution.
While this was happening, I started working for a company that was a spin-off from a global company. Running the IT at that company didn’t present a challenge initially. But after the company grew and began to expand rapidly, the once easily handled environment erupted into a hardly manageable infrastructure. I was determined that in spite of the company’s enlargement, I would retain control over its IT, as I’d done when I first started. It only came down to using the right tools, after all.
Whether the sector is governmental or private, the fact is that you need to keep excellent documentation of the environment. You also have to keep tabs on all changes that occur in it. For example, do you know who added or changed the group policy? Do you know who changed file share permissions? Your answer might be affirmative for a modification happening last week, but what about an alteration that took place three months ago?
Let’s have a look at what could and should be audited by Netwrix. If you are not yet a consumer of a software auditing solution, you are likely to think highly of it after reading this article. Immediately, you are presented with solutions for auditing Active Directory, NetApp storage, file shares, Windows Servers, Microsoft Exchange, SharePoint, EMC VNX/VNXe, User Activity, Event Log, Group Policy and VMware. Furthermore, there are two great essential tools bundled in the product: Inactive User Tracking and Password Expiration Notifier.
Netwrix Auditor Installation
Installing Netwrix Auditor is a simple process. First, got to Netwrix Auditor website and download the trial. The minimum installation requirements are: 2GHz, 32 bit CPU, 2GB RAM, and a recommended 1TB HDD. The minimum OS requirements are 64 bit Windows 7 or Windows Server 2008R2 SP1. Netwrix Auditor uses an SQL database for operating. MS SQL can automatically be installed as part of the installation process.
In my opinion, a simple installation process is one of the best characteristics of Netwrix Auditor. If you are dedicated to operating with Netwrix Auditor, you can probably hardly wait to use it. When starting an installation, a user-friendly window pops up and presents you with a range of tools that are available for set up. You can either click on an Overview or a Quick-Start Guide, offering more information about the audit service.
When proceeding with the installation, you are presented with a simple Installation Wizard. The set-up process is not complicated. Instead, you’ll complete the wizard mostly by pressing the Next button. Netwrix Auditor does require a Microsoft Database, but you can use the Express version. As Netwrix Auditor relies a lot on reporting, you need to use the version with Advanced Services. This shouldn’t worry you since the complete process is handled by the Netwrix installation process, even downloading a setup file from the Microsoft website.
If you’re installing from scratch, you’re covered, as installation is very simple. What if you’re upgrading to the latest version? I had a version 7.1 installed and my goal was to upgrade to the latest version 8.0, as it had just been released. I found out that the process would be very simple for that too. The last step involved upgrading the database, which was completed without any problems.
Using Netwrix Auditor
One can clearly see the evolution of the product. Not only because of its features but its usability as well. When you start the client, you will see a tutorial-styled console where each of the client’s features is explained in a way that it can be immediately used.
As soon as you press the OK button, you can begin using it. Netwrix Auditor version 8 is made to impress.
Information at your disposal
Netwrix Auditor is all about information. Data is available in the infrastructure, but it is hard to obtain. For example, you may review all the logs, but the question is how much time you spend looking for THE right information.
With Netwrix Auditor you define the scope you are interested in and the right information emerges.
Audit, Audit, Audit
I can’t imagine a company that would use only one Windows Server. Usually, in a corporate environment, a farm of servers, ranging from physical to virtual, is used. VMware or Hyper-V can be used for the virtualization. Furthermore, one will find File servers, SQL servers, Exchange email servers, SharePoint servers (for Intranet and collaboration), NetApp filers, Office 365 and more. It is essential to be aware that all of the services require management, because someone will have to publish the information. However, as soon as people are included, the access needs to be restricted. Once this is accomplished, we need to have knowledge of who is in charge of what in a working environment. The last step is to monitor and save the configuration changes. That way, we can easily pinpoint the person and change that caused any problems.
If you fail to do that, you might cause a leak of company information or the wrong person receiving permissions without the changes being monitored.
When you configure the Windows Computer section, you have many options to choose from. The best part is that you can audit Windows Server AND storage devices. For example, you can audit EMC Celerra/VNX, EMC Isilon and NetApp filers. In addition, you can monitor SQL Server, file shares and Windows Server. On the other hand, if you have a mixed environment, it’s good to know that you can also monitor various Linux distributions using a Syslog.
You can use one central server even though you may have many remote locations connected via WAN. By using a special compression on the network side, Netwrix can reduce data traveling on slow links so you don’t have to invest in faster links to leverage all the benefits of Netwrix solution.
You can let Netwrix set default audit settings for your environment or you can manually set the settings, such as Log Size Retention Settings. You can also tweak any settings you want. However, you should note: the settings have great defaults.
Finally, you can select what components to enable; and let me tell you: you have a vast selection. For example, you can choose to audit select system components: hardware, add/remove programs, services, scheduled tasks, local users and groups, DNS configuration, file sharing settings, OS security, patches, Windows Firewall, remote desktop, USB devices, startup and autorun, etc. As you can see, you can audit everything.
A computer that’s being managed receives a notification telling us that the system is being monitored. This is just as it should be done. Good work, Netwrix!
Monitor file access attempts
I can’t imagine a company not keeping important files. Files are highly sensitive. For example, they could contain medical records, financial statements and reports, cardholder data and HR documents. With Netwrix Auditor, you have a trail. You will see who tried to access or modify particular files, the locations of those files and the time the access was made.
Inactive User Tracking is an essential feature for every company. The system can track and report inactive users in your domain. When people leave the company, they are a potential threat. Inactive users also use licenses, so it’s important you act on this problem. If the IT staff do not disable inactive users, they could potentially harm the company or cause you to pay more money for the licenses that aren’t being used.
To combat this problem, you can automate the procedure using Netwrix Auditor. First, you have to set the number of days of user inactivity that causes that user to be categorized as inactive. Then, after the X number of days, you will have to notify a manager via email. You can then set a random password for the user after a desired period. We can even move the user to a specific OU. In my case, I created an OU named Disabled, to which I moved all accounts after 120 days of inactivity. I prefer to wait a little bit before deleting them.
You can use Inactive User Tracking for both users and computers, which is pretty amazing I think.
Password expiration – a bonus you will love
You can buy the Password Expiration tool as a stand-alone product from many vendors. However, this costs a lot of money. In Netwrix Auditor, the tool comes bundled in the suite. One of the reasons this is one of my favorite tools is that it makes running a service desk or helpdesk so much easier. Password-related problems ranked at the top of our list. As soon as we started using the password expiration notification tool, we reduced password-related problems by 90%.
When you enable Password Expiration Notifier, reports are sent to the administrator. You can attach reports as CSV files and can send them to managers as well. You can set how many days before the password expires the user is notified with an email. Fourteen days might be a bit too much, but notifying users 5 days before their password expires can do wonders for your security.
Because not all users work in the office, you have the option of notifying them by sending them a text message. You can also filter users by OUs. This is a very powerful tool.
The best features
Netwrix Auditor is very good for reporting. In fact, I think it has one of the biggest reporting databases. When you look at the reports, you will soon realize that no matter what kind of system you have, there’s a report for it. For example, you can gain valuable information for VMware, SQL Server, Windows file servers, NetApp filer and EMC storage devices, MS Exchange, Active Directory and Organization Level, including really great reports.
Apart from reports, there are also dashboards. Active Directory dashboard will not only give you exact data about who changed what, but you will also see a TOP list in a graphical way, where you can see the date and number of changes, the top users doing changes in AD, the top servers where changes are being made and top modified objects (users, groups, computers).
You will have a very similar experience when running all reports. The first thing you will see is an easy-to-understand global overview of the changes. For example, MS Exchange dashboard will show a date range for the changes, the top servers where the changes occurred, the users who made the most changes and the most modified object types (user, mobile device, Mailbox Move Request and Hub transport / Receive connection).
Each report has a subscription option. When you click on a button, a new window will open where you can subscribe to a report. You can receive an email with the latest reports very easily. You can even select PDF as the file format.
You can also create custom reports, but the beauty of creating reports is that the process is very simple. Using filters, you can immediately filter out the datathat’s important to you.
All public companies in the U.S. are subject to Sarbanes-Oxley (SOX) compliance. Netwrix Auditor has a shortcut called COMPLIANCE where you can see only reports related to certain compliance standards. And boy, let me tell you that all standards are covered. If you have to be compliant, there’s a report waiting for you.
Perhaps the most innovative feature is the ability to grant auditors access to reports. That way, you can also save your valuable time and show auditors you mean business.
I also like the API functionality, which you can use to communicate with the Netwrix Auditor platform.
Best of all the features
See system configurations at any point in time
Configurations are changed constantly. In most cases, this is intentional and well-motivated. Occasionally, however, a configuration can be changed unintentionally, and sometimes, a configuration can be changed with the goal of harming the company. It could just be that a user is given more access than he should be given. What matters most is that you have the ability to see configurations at any point in time. This operates like a time machine. Everything is recorded.
Recover broken system configurations
How do you deal with malicious changes? If a breach occurs, such as a rogue administrator changing various settings, you’ll know about it. To fix the problem, you could restore the configurations from a backup. However, with Netwrix, you can just revert the configuration changes, thereby saving you time.
Alerts on critical changes
It’s important that you receive alerts when real changes occur, especially changes that could be devastating. With Netwrix Auditor, you can receive alerts when important changes happen. For example, changes to the domain admins group will surely interest you, as these changes can have quite an impact.
Detect the undetectable
How can you audit systems that do not support logging? In such cases, you will be happy to know that you have the ability to video record a user’s activity session. That way, you can see and track all the changes the user makes.
10 years audit trail
Having an audit database with the most important events in your IT environment is pretty awesome. However, does it matter how long you store the information for? In some cases, it’s imperative to have the ability to store data for 5 years. With Netwrix Auditor, you can store audit data for 10 years easily. How cool is that?
Netwrix Auditor is an amazing tool that can save you a lot of time and money. More importantly, it ensures that your complete infrastructure stays clean and that you have a reliable audit trail for practically everything managed by IT: VMware, Windows Servers, Group Policy, Active Directory, EMC, NetApp, MS Exchange, SharePoint, SQL Server and so on. It also supports the latest trends in technology, which means that support for Office 365 is no exception. In addition, Netwrix Auditor is also available as a virtual image and as an Amazon, CenturyLink and Azure appliance.
Every time IT auditing is announced, I get a bit nervous. With Netwrix Auditor, I know that I have all the information I need right at my fingertips. Also, I don’t lose time preparing reports for auditors.