Agentless and Agent-based Data Collection
Organizations that span multiple locations having limited data connectivity often struggle with security and stability issues. The challenge is to provide a robust level of service and take appropriate security measures across all locations using a minimal amount of bandwidth without risking data integrity or systems stability.
Native Windows auditing lacks a few important features that are critical to meeting compliance and other security requirements. Many well-known commercial change auditing solutions frequently used in these situations gather data from Active Directory through either an agent-less system or by locally-installed agents on domain controllers.
Traditional agent-based approaches often prohibit the use of native auditing completely and requires the installation of proprietary data collection software agents on every domain controller. These agents collect data which is then funneled to a centralized server for reporting, storage and other functions. Intrusive approaches that inject agents into core domain controller and operating system mechanisms are often un-documented and can lead to:
Agents built this way frequently ignore the value of native event logs, disregarding valuable information and forcing the exclusive use of the information provided by the auditing solution.
NetWrix Active Directory Change Reporter features a non-intrusive agent-based approach for larger, distributed environments and function specifically to provide network traffic compression and filter data, saving precious bandwidth and they do not modify or tamper core domain controller or operating system functions. The agents collect the audit data locally on the domain controllers, filter for the relevant information, leaving only change records, compress the change records and then send it to the Active Directory Change Reporter server.
The amount of information transferred over the network is reduced to 1/100th of the original source data through filtering and compression. Agents are recommended for distributed deployments of more than one Active Directory site due to the agent‘s ability to compress network traffic. If domain controllers are located in different sites and connections between those sites are restrictive or have reliability issues, then network traffic should be compressed to optimize bandwidth utilization.
Alternatively, the agent-free approach used by Active Directory Change Reporter maintains native logging information locally and enhances it. The product connects to servers, retrieves event log entries as they are created, and stores copies of them in a centralized location. It can also remotely capture information in addition to what Windows natively logs providing extended auditing capabilities for security, troubleshooting, and change control advantages.
In non-distributed IT environments, where all domain controllers are in the same location or data center, network traffic compression is not as important and therefore agents are not necessary. In these situations, audit data processing can be performed without installing any agents on domain controllers while retaining all the functionality for change auditing with Active Directory Change Reporter.
The Active Directory Change Reporter offers both an agentless and non-intrusive agent-based modes. The product uses a combination of techniques to collect data, including native event logs as well as native APIs, as opposed to other vendors, relying solely on native APIs or requiring agent-based deployments.
Please select one of the following options to proceed.
I´ve used NetWrix AD Change Reporter for a company that had gone public and was now under SOX. Proved to be a cornerstone of my compliance reporting, and made my job (and the auditors jobs) easier to do. It would have been very difficult to have gotten it all together without it. I was so impressed with the software, that I mention it rather loudly in the classes I teach. /Richard Muniz, Network/Systems Administrator/