| GLBA Requirement per FFIEC Handbook |
NetWrix Solution |
Components |
Reports |
|
ACCESS CONTROL: Access rights administration(Tier I: Objectives 4 & 7, Tier II: Section A)
|
|
Reviewing periodically user's access rights at an appropriate frequency based on
the risk to the application or system: A monitoring process to oversee and
manage the access rights granted to each user on the system (p. 23).
|
Extensive auditing and reporting of changes to users accounts, security and
distribution groups, policies, permissions, and other objects that control access to
information in Active Directory, Group Policy, Exchange, file servers,
virtual environments (VMware, Microsoft ), and SQL Servers. Detection of who
did what, when, and where with advanced rollback capabilities of unauthorized actions.
|
AD Change Reporter
Group Policy Change Reporter
File Server Change Reporter
Change Reporter for VMware
SQL Server Change Reporter
|
AD Change Reporter / All Active Directory Changes
File Server Change Reporter / All File Server Changes
Change Reporter for VMware / All VMware Changes
SQL Server Change Reporter / All SQL Server Changes
Group Policy Change Reporter / All Group Policy Changes
|
| Logging and auditing the use of privileged access (p. 24). |
Centralized consolidation and archival or audit trials with web-based reporting
using predefined and custom-built reports covering all major types of
privileged access, both successful and failed: logins, logoffs, access to
mailboxes, user account operations, file access.
|
Event Log Manager
AD Change Reporter
File Server Change Reporter
Change Reporter for VMware
Non-owner Mailbox Access Reporter
SQL Server Change Reporter
|
AD Change Reporter / All Active Directory Changes
File Server Change Reporter / All File Server Changes
File Server Change Reporter / Successful File Reads
Change Reporter for VMware / All VMware Changes
SQL Server Change Reporter / All SQL Server Changes
Event Log Manager / All Events by Date
Non-owner Mailbox Access Reporter / Daily reports
|
|
Reviewing privileged access rights at appropriate intervals and regularly
reviewing privilege access allocations (p. 24).
|
Complete auditing of all changes to access rights and privileges with archiving
feature that allows to review all changes at any time for request time frame.
|
AD Change Reporter
File Server Change Reporter
Change Reporter for VMware
SQL Server Change Reporter
|
File Server Change Reporter/Successful File Reads
Change Reporter for VMware/All VMware Changes
SQL Server Change Reporter/All SQL Server Changes
AD Change Reporter/All Active Directory Changes
File Server Change Reporter/All File Server Changes
|
| Prohibiting shared privileged access by multiple users (p. 24). |
Privileged account management system to ensure that every access attempt under a
shared account is assign to an individual account and properly audited.
|
Privileged Account Manager
|
Privileged Account Manager / User Activity
|
| ACCESS CONTROL: Authentication (Tier I: Objective 4, Tier II: Section A) |
|
The user should select them without any assistance from any other user,
such as the help desk.
|
Web-based self-service password management system that operates without
intervention of human personnel to prevent sharing of passwords during
password resets, while enforcing full compliance with required password
policies (such as password strength, prevention of reuse, etc).
|
Password Manager
|
Password Manager/User Activity on-demand report
|
|
Authentication systems should force changes to shared secrets on a schedule
commensurate with risk.
|
Complimentary to the built-in password expiration mechanism in Active Directory,
NetWrix solution minimizes administrative burden related to expired
passwords for users who are never prompted to change their password by
the system (e.g. remote users, VPN clients, non-Windows clients).
|
Password Expiration Notifier
|
Password Expiration Notifier / Daily report, User notification reports
|
|
Prevention of attacks that target a specific account and submits passwords until
the correct password is discovered.
|
Complimentary to the built-in account lockout mechanism in Active Directory, NetWrix
solution helps to reduce the effects of false positives by proactive
monitoring and resolution of account lockout incidents.
|
Account Lockout Examiner
|
N/A |
|
A policy that forbids the same or similar password on particular network devices.
|
Privileged account management system that automatically generates random passwords
and assigns different passwords to different systems on a scheduled basis.
|
Privileged Account Manager |
Privileged Account Manager / User Activity |
| ACCESS CONTROL: Network Access (Tier I: Objective 4, Tier II: Section B) |
| Cross-domain network access monitoring to detect security incidents and unauthorized activity. |
Not provided, a hardware or software-based firewall must be used to
separate and audit clearly defined network segments called domains (e.g. DMZ and
internal network). Network domains are not Active Directory domain per the
Handbook (some vendors mistakenly confuse these concepts).
|
N/A |
N/A |
| ACCESS CONTROL: Operating system access (Tier I: Objective 4, Tier II: Section C) |
| Restricting and monitoring privileged access. |
Auditing of all types of access to critical data and security-related settings
in Active Directory, file servers, virtual machines, databases, to make
sure no change falls under the radar.
|
AD Change Reporter
File Server Change Reporter
Change Reporter for VMware
SQL Server Change Reporter
|
AD Change Reporter / All Active Directory Changes
AD Change Reporter / Object Security Changes
File Server Change Reporter / All File Server Changes
File Server Change Reporter / Successful File Reads
Change Reporter for VMware / All VMware Changes
SQL Server Change Reporter / All SQL Server Changes
|
|
Logging and monitoring user or program access to sensitive resources and
alerting on security events.
|
Centralized consolidation and easy to use reporting of security event with
extensive filtering capabilities and user-friendly reports. Ability to subscribe
to reports generated on schedule.
|
Event Log Manager
File Server Change Reporter
|
File Server Change Reporter / All File Server Changes
File Server Change Reporter / Successful File Reads
Event Log Manager / All Events by Date
|
|
Update operating systems with security patches and using appropriate change
control mechanisms.
|
Complimentary to a patch management system such as WSUS, NetWrix provides a tool to
report on patch compliance for a defined set of patches and updates. This tool
can be used to verify patch deployment status on multiple systems in bulk.
|
Windows Update Checker
|
N/A |
|
Log user or program access to sensitive system resources including files,
programs, processes, or operating system parameters.
|
Audit trail archiving and consolidation to track access to files and
programs. Monitoring of user activities related to changes to system parameters.
|
File Server Change Reporter
Server Configuration Monitor
Event Log Manager
|
File Server Change Reporter/All File Server Changes
File Server Change Reporter / Successful File Reads
Event Log Manager / All Events by Date
Server Configuration Monitor / All Server Changes
|
|
Filter logs for potential security events and provide adequate reporting and
alerting capabilities.
|
Extensive event log collection system with filtering, reporting, and real -time
alerting capabilities to ensure that critical security events never happen unnoticed.
|
Event Log Manager
|
Event Log Manager/All Events by Date
Event Log Manager/Real-time Alerts
|
|
Monitor operating system access by user, terminal, date, and time of access.
|
Auditing of access to all types of systems with reporting of who did what and when.
|
AD Change Reporter
Event Log Manager
File Server Change Reporter
SQL Server Change Reporter
|
AD Change Reporter / All Active Directory Changes
File Server Change Reporter / All File Server Changes
File Server Change Reporter / Successful File Reads
SQL Server Change Reporter / All SQL Server Changes
Event Log Manager / All Events by Date
|
| ACCESS CONTROL: Application access (Tier I: Objective 4, Tier II: Section G) |
|
Monitoring access rights to ensure they are the minimum required for the user's
current business needs.
|
Monitoring of security group membership, privileges, and access rights to ensure
that no excessive rights are given and no rights are given proper
without authorization.
|
AD Change Reporter
Group Policy Change Reporter
File Server Change Reporter
|
AD Change Reporter/ Administrative Group Membership Changes
AD Change Reporter / Security Group Modifications
Group Policy Change Reporter / Security Policy Changes
File Server Change Reporter / Permission Changes
|
| Logging access and security events. |
Auditing
of all administrative and user activities with configurable alerts and
reporting that documents all security incidents and helps with early
detection and prevention of further security incidents. |
AD Change Reporter
File Server Change Reporter
Event Log Manager
|
AD Change Reporter / Administrative Group Membership Changes
File Server Change Reporter / All File Server Changes
File Server Change Reporter / Successful File Reads
Event Log Manager / All Events by Date
|
| Using software that enables rapid analysis of user activities. |
Real-time alerting and schedule reporting of different types of user activities,
such as logons, changes to files and permissions, changes to system
configurations.
|
Event Log Manager
AD Change Reporter
File Server Change Reporter
|
AD Change Reporter / Administrative Group Membership Changes
File Server Change Reporter / All File Server Changes
File Server Change Reporter / Successful File Reads
Event Log Manager / All Events by Date
|
|
Maintaining consistent processes for promptly removing access to departing employees.
|
Routine detection of inactive user accounts and automatic deactivation based
specified thresholds to ensure that no account remain active for
terminated and reassigned employees. |
Inactive Users Tracker
|
Inactive Users Tracker / Daily report |
| ACCESS CONTROL: Remote access (Tier I: Objective 4) |
|
Tightly controlling remote access rights through management approvals and
subsequent audits. Regularly review remote access approvals and rescind
those that no longer have a compelling business justification. |
Auditing of dial-in and VPN access on user accounts. Predefined reports that
show newly granted remote access rights to users. Ability to review all
remote access permissions granted within specific timeframe.
|
AD Change Reporter |
AD Change Reporter / Dial-in Access Modifications |
| Logging
and monitoring all remote access communications. Log and monitor the
date, time, user, user location, duration, and purpose for all remote
access. |
Auditing
of logins, remote desktop connections, and other types of remote access
with full information on who logged in and when, source IP address, etc. |
Event Log Manager
Logon Reporter
|
Logon
Reporter / All logon reports
Event Log Manager / All Events by Date |
| SECURITY MONITORING (Tier I, Objective 6, Tier II: Section M) |
|
Analyzing the results of monitoring to accurately and quickly identify, classify,
escalate, report, and guide responses to security events.
|
Web-based
reporting system with predefined reports and ability to create custom
reports for specific analysis needs. |
AD Change Reporter
File Server Change Reporter
SQL Server Change Reporter
Change Reporter for VMware
Event Log Manager |
AD Change Reporter / All Active Directory Changes
File Server Change Reporter / All File Server Changes
File Server Change Reporter /
Successful File Reads
Change Reporter for VMware / All VMware Changes
SQL Server Change Reporter / All SQL Server Changes |
| Monitoring
network and host activity to identify policy violations and anomalous
behavior. |
Complete
auditing of user and administrative activities, including logons,
access to data and configuration. |
AD Change Reporter
File Server Change Reporter
Event Log Manager
Logon Reporter
|
AD Change Reporter / All Active Directory Changes
File Server Change Reporter / All File Server Changes
File Server Change Reporter / Successful File Reads
Logon Reporter / All logon reports
Event Log Manager / All Events by Date
|
| Monitoring
host and network condition to identify unauthorized configuration and
other conditions which increase the risk of intrusion or other security
events. |
Complete
auditing of changes in server configurations, Active Di rectory, Group
Policy to detect unauthorized or accidental changes that might open
security holes and other possibilities for attacks. |
AD Change Reporter
Group Policy Change Reporter
Server Configuration Monitor
|
AD Change Reporter / Administrative Group Membership Changes
AD Change Reporter / Security Group Modifications
Group Policy Change Reporter / Security Policy Changes
Server Configuration Monitor / All Server Changes
|
