netwrix auditor 6 - it security...
TRANSCRIPT
1
IT SECURITY GURU
PRODUCT REVIEW
Netwrix Auditor 6.5
Supplier: Netwrix Corporation
Product: Netwrix Auditor 6.5
Website: www.netwrix.com
Price: Active Directory per user, £8 ex VAT
File Server per user, £4 ex VAT
Verdict: A sophisticated and affordable change and configuration auditing solution
capable of providing stunning levels of information about all your business critical
systems
Change auditing in today’s diverse IT infrastructures is a major challenge but
businesses have a clear duty to implement these systems for their own safety and to
comply with data protection regulations. A fundamental requirement is Active Directory
(AD) auditing but add in Exchange services, file servers and databases and you have an
administrative nightmare in the making.
Netwrix Auditor looks to have every base covered and the latest v6.5 on review goes
way beyond this basic remit. Not only can it audit AD and Group Policy but it keeps you
abreast of inactive accounts and provides complete visibility of Exchange, SQL Server,
Windows Server and SharePoint systems.
Scores
Performance
Features
Value for Money
Ease of Use
Support
Overall
2
Virtualised environments come under its umbrella as it can monitor VMware vCenter,
vSphere, ESX and ESXi systems. Along with Windows file servers, Netwrix Auditor also
supports NetApp filers plus EMC VNX, VNXe and Celerra storage devices.
Picture 1: NETWRIX 1.PNG – Netwrix Auditor’s dashboard provides a complete summary of all detected changes, where and when they occurred and who made them.
Modules and installation
We like the fact that Netwrix Auditor uses modules for each option so you only need to
purchase the ones you want. Host system requirements are reasonable as it can run on
any OS from Windows 7 or Server 2008 R2 upwards.
3
The installation process is well documented and easy to follow. Some manual
intervention is required for Group Policy auditing as Microsoft’s Group Policy
Management Console (GPMC) must be installed on the host system.
For testing we introduced Netwrix Auditor to the lab network which uses a Windows
Server 2012 R2 AD domain controller. We also had systems running Exchange 2013,
SQL Server 2014 and Windows Server 2012 R2 file servers.
Picture 2: NETWRIX 2.PNG – Netwrix Auditor provides a wealth of information about Active Directory changes and heaps of predefined reports.
4
Swift AD audit setup
Netwrix Auditor impresses from the outset as every component is integrated seamlessly
into a single console. Our first task was to create managed objects and a handy wizard
helped set up auditing for our AD domain, Group Policy and Exchange environments.
The process is very smooth and the wizard spotted that our domain had an Exchange
organisation and automatically enabled auditing for this.
During this process you can set data collection to use Netwrix Auditor’s lightweight
agent. Ideal for distributed networks, it gathers audit data on remote systems and
compresses it before transmission to the main console.
Along with auto-configuration of native log collections for AD, Group Policy and
Exchange, the wizard offers options for real-time alerts. These watch out for critical AD
modifications such as changes to the Admin group membership and domain
configuration and send email alerts to selected recipients.
5
NETWRIX 3.PNG – The File Server module showed us everything we needed to know about activity on
our network shares.
AD reporting
The Netwrix Auditor console opens with an Enterprise Overview showing what changes
have been detected over the selected time period. Using the drop-down menu, we could
quickly swap views for specific modules such as AD, Exchange, File Servers and SQL
Server.
AD reporting is incredibly detailed as Netwrix provides hundreds of predefined reports
covering everything from all AD changes by date and modified computer accounts to
user account or organisational changes. The bottom line is we could easily see what
was changed or added, when it happened and which user was responsible.
The same high level of detail was provided for Group Policy and Exchange and we
could schedule data collections for specific intervals each day. Using subscriptions, we
could set up regular report generation and have them emailed to selected individuals in
PDF, Word or Excel formats.
The rollback feature uses Netwrix Auditor’s snapshots to provide recovery and rollback
services allowing us to restore any AD object from a user to an entire Organisational
Unit. And if you need cast-iron proof that unauthorised changes had been made, the
video report service provides links to video recordings of activity on monitored systems.
6
NETWRIX 4.PNG – The Video Report Player gives you all the proof you need that
unauthorised changes have been made.
File Server module
We found the File Server module the lengthiest to set up. We needed to create a new
audit object for Group Policy, configure advanced security settings for every monitored
share and add Netwrix Auditor managed objects for each one. The manual does cover
all these steps in detail and we think it’s well worth the effort as the information provided
is extensive. The Enterprise Overview dashboard shows the most active file servers and
users along with logged read and changes.
As with all dashboard views, we could select a graph and drill down for more
information. Reports showed us which folders and files has been added, removed and
modified, which server this occurred on, when it happened and the users involved.
7
The best of the rest
For our Exchange 2013 system, we could keep a close eye on mailbox and recipient
management activities along with any modifications to servers, groups and stores.
Creating a managed object for our SQL Server 2014 system was swift and its object
change reports covered modifications ranging from application role, credential and
schema to columns, tables and users.
VMware reporting is impressive as well as Netwrix Auditor covers modifications of
datacenters and hosts to resource changes and snapshot activity. The VM sprawl report
is very useful as it shows VM creation trends over time.
Conclusion
Netwrix Auditor 6.5 impressed us during testing as the amount of information it provided
about our key systems was quite remarkable. Components such as the File Server
module can take a while to configure correctly but the single management console
means it’s all very accessible and the modular design makes it excellent value.