Netwrix Auditor Competitive Checklist DATA COLLECTION AND STORAGE Non-intrusive architecture Operates without agents so it never degrades system performance or causes downtime. Certified collection of audit data Doesn t use any undocumented methods to collect data from your systems, since such methods can result in denial of support from Microsoft or other core vendors. Noise-free security intelligence Collects raw machine data and transforms it into clear, actionable information about every user action, without the noise associated with raw data. Reliable audit data Consolidates audit data from multiple sources (event logs, configuration snapshots, change history records, etc.) to get the most reliable audit data without gaps. Detailed information about every change and access event Captures and delivers full details about changes and access attempts, including when and where the change or access attempt was made, who made it, and what exactly was changed or accessed. Before and after values Performs full side-by-side comparisons and captures the before and after values for all modified objects. Long-term storage Utilizes a scalable two-tiered storage system (SQL database for reporting and file-based compressed storage for long-term storage). This storage keeps a complete audit trail for more than 10 years without performance degradation, and ensures easy access to it throughout the whole retention period. Netwrix Auditor Product A Product B Product C
Consolidated approach for hybrid IT infrastructures Collects audit data from both on-premises and cloud applications and stores it in a secure central repository, enabling unified alerting, searching, reporting and security risk analysis. SUPPORTED SYSTEMS AND AUDIT SCOPE Active Directory and Group Policy Reports on Active Directory and Group Policy changes Time-specific information on AD and Group Policy configurations, including group membership across multiple domains and effective permissions Logon auditing Support for both trusted and non-trusted domains Exchange Information on changes to Exchange Server configuration, Exchange databases, mailboxes, mailbox delegation and permissions Non-owner mailbox access auditing Support for Exchange 2016 Windows File Server, NetApp and EMC Reports on changes to files, folders, shares and permissions Reports on files moved, renamed or copied Information on successful and failed read attempts Time-specific information on effective permissions, including excessive access rights Predefined reports on data ownership, data usage and data volumes, stale files, and duplicate files Reports on sensitive data, including its location, effective permissions and owners, as well as successful and failed attempts to access it and changes to permissions Support for multiple file servers and file appliances in multiple sites, domains and OUs Support for EMC Isilon, Celerra, VNX/VNXe, Unity and NetApp Data ONTAP 9
Windows Server Reports on all changes made to server configuration hardware and software, services, applications, network settings, registry settings, DNS, file shares and more Information on audit log clearance, changes to local audit policy, Windows service failures, system shutdowns and time changes Time-specific information on Windows Server configurations, including OS name and version, antivirus status, file shares, local users and groups, services, and installed programs SharePoint Reports on changes to farm configurations and user content, permissions and permissions inheritance, group membership, and security policies Read access auditing Support for SharePoint 2016 Azure AD Reports on changes to Azure AD groups, users, passwords, roles, applications, service principals, devices, contacts and more Logon auditing Office 365 Reports on Exchange Online administrative changes, as well as changes to mailboxes, mail users, groups, permissions, policies and management roles Non-owner mailbox access auditing Reports on changes to SharePoint Online configuration, security and content Reports on changes to files stored in OneDrive for Business Tracking of data access in SharePoint Online and OneDrive for Business
Oracle Database Reports on changes to roles and permissions, settings and audit policy, databases, triggers, views, and more Reports on content changes Logon auditing Reports on data access Support for Oracle Database 11g and 12c SQL Server Reports on changes to SQL Server permissions, server instances, roles and databases, tables, columns, stored procedures, etc. Reports on content changes Logon auditing Support for SQL Server 2016 VMware Reports on changes to vcenter and its servers, clusters, resource pools, hardware configurations and settings of virtual machines, and virtual machine permissions and power state REPORTING AND ALERTING Predefined reports and dashboards Includes predefined audit reports and dashboards that deliver detailed information about changes, access and configurations in a human-readable format and allow users to filter, sort and export the audit data. Custom reports Enables users to easily build custom reports based on their specific requirements, including cross-system reports. Email report subscriptions Automatically delivers reports to specified recipients by email or saves them to a file share on a specified schedule (daily, weekly, etc.). Multiple report export options Supports export of reports in seven different formats, including PDF, XLS(X), DOC(X) and CSV.
Google-like interactive search Enables users to quickly sort through audit data and fine-tune search criteria so they can easily hone in on the exact information they need. State-in-time reports Shows the current configuration settings or settings from any moment in the past, including effective permissions by user or by object, Group Policy settings and Windows Server configuration details. Out-of-the-box compliance reports Includes ready-to-use reports aligned with compliance controls from PCI DSS, HIPAA, SOX, GLBA, FISMA/NIST800-53, CJIS, FERPA, NERC CIP, ISO/IEC 27001 and GDPR. Alerts Notifies staff about suspicious behavior or events that could turn into security incidents, including activity that exceeds the normal baseline (threshold-based alerts), by email or SMS message. Reporting using SQL SRS Utilizes industry-standard SQL Server Reporting Services (free SQL Express is supported) to provide a wide selection of audit reports. No proprietary reporting engines. SECURITY INTELLIGENCE IT risk assessment dashboards Enables users to identify and assess risks in three key areas: account management, security permissions and data governance. Behavior anomaly discovery dashboard Improves detection of malicious actors in the IT environment by delivering an aggregated trail of anomalous user activity with the associated risk scores. User behavior and blind spot analysis reports Delivers security intelligence on potential security incidents, such as activity outside business hours, unusual logons, spikes in failed activity, access to archived data, actions by previously inactive users and potentially harmful files on file servers.
DATA DISCOVERY AND CLASSIFICATION Deep insight into sensitive data Includes predefined reports that provide detailed information about where sensitive files are, what content is inside them, who can access the files and who actually uses them, and which sensitive files are overexposed. Predefined classification rules Provides out-of-the box rules for identifying data protected by GDPR, PCI DSS, HIPAA and GLBA, as well as PII, PHI, records prohibited by GDPR and generic financial records. Custom classification rules Enables users to modify predefined rules and create custom rules. Search of sensitive data Enables users to quickly find all indexed files that contain the words they specify. Statistical сoncept-based analysis Uses statistical analysis of multi-word concepts to suggest sensitive information patterns that can be used as clues for classification rules, both predefined and custom. Reusable index Accumulates complex, multi-term metadata that is not based on phrases, proximity, keywords or pre-configured taxonomies, thereby eliminating the need to re-index the entire data repository whenever a classification rule is added or changed. Incremental indexing Automatically detects, classifies and indexes new files and changes to existing files, without full re-collection. MISCELLANEOUS CAPABILITIES AD change rollback Reverts unwanted changes to a previous state without any downtime or having to restore from backup. Password expiration notification Automatically reminds AD users to change their passwords before they expire.
Inactive user tracking Automatically detects and deactivates inactive user and computer accounts based on custom criteria. Event log management Automatically collects, consolidates and archives event log data so users can audit generic events, service events, user logons and remote desktop sessions. Video recording of user screen activity Captures user screen activity in any IT system or application, including remote sessions, even if no logs are produced. The recordings can be searched and replayed. Health status dashboard and daily summary report Enables users to spot issues that affect audit health and easily drill down to the detailed information they need to fix them. Users can also receive a daily email that summarizes product operations for the past 24 hours. MANAGEMENT INTERFACE AND USAGE Centralized management console instances Supports multiple servers from a single installation, each with its own configuration settings. Integrated platform Supports auditing of multiple systems and applications, including systems integrated with Netwrix Auditor through a RESTful API, in a unified way, including through cross-system dashboard and reports. Single pane of glass solution Includes all functionality in a single platform, eliminating the need to run multiple tools Role-based access control Enables granular segregation of security monitoring duties to provide each user with exactly the right access to audit data and settings.
INTEGRATION CAPABILITIES Fully documented RESTful API Can be integrated with security, compliance and IT automation tools and business applications to centralize auditing and reporting or facilitate IT workflows like change management and service desk. Integration with SIEMs Protects existing investments in third-party SIEM platforms by offering integration with Splunk, HP ArcSight, IBM QRadar, Intel Security, LogRhythm, AlienVault, Solarwinds and other SIEMs, bringing more context to their output data and reducing the volume of input data. Free add-ons Offers free prebuilt add-ons that simplify integration of the product with applications such as SIEMs, ServiceNow ITSM, Cisco network devices and Linux systems. INSTALLATION AND CONFIGURATION Easy to install and configure Does not require professional services engagement or vendor assistance to fully implement. Various deployment options Offers not only traditional on-premises deployment but also virtual and cloud deployment options that speed time to value and don t require provisioning of any hardware or software. Easily scalable for large enterprise environments Fits well into small and mid-size enterprises; scales seamlessly to serve big enterprises with hundreds of thousands users and hundreds of DCs.