About GLBA

What is GLBA?

The Gramm-Leach-Bliley Act (GLBA, U.S. Public Law 106–102) was enacted in 1999. The provisions of GLBA Section 501 (b) stipulate that financial services organizations operating in the United States must establish policies that ensure the security and confidentiality of customer records and information.

GLBA Compliance

The Federal Financial Institutions Examination Council (FFIEC) was charged with providing guidelines for meeting GLBA requirements, and issued the IT Examination Handbook, which provides a framework for GLBA compliance. Regulatory non-compliance in safeguarding consumer information can result in severe penalties, including fines and imprisonment, as well as damage to an organization's reputation and loss of profitability.

Capabilities of Netwrix Auditor

Strengthen your IT security program and pass your next GLBA audit with Netwrix Auditor

Netwrix Auditor helps financial institutions reduce the risk of FFIEC audit failures by eliminating visibility gaps and enabling continuous control over IT infrastructure changes, configurations and data access. Rich auditing and reporting capabilities facilitate the ongoing review process aimed at determining whether security controls are in place and whether those controls address the GLBA requirements.

Maintain privacy of consumer financial information

Review access to files and folders containing sensitive information and keep permissions under strict control to conform to GLBA privacy requirements.

Streamline GLBA audit process with out-of-the-box compliance reports

Use predefined compliance reports mapped to the specific security controls outlined in the FFIEC IT Handbook to ensure successful implementation of your GLBA audit program.

Deliver answers to GLBA auditors questions in minutes

When the predefined GLBA compliance reports do not provide all the information requested by auditors, use the Interactive Search feature to quickly find what's needed and build a custom report.

Keep historical audit data reliably preserved for years to stay ahead of the GLBA audit

Prove that your organization meets GLBA security standards even if the evidence lies in the distant past. Netwrix Auditor safely keeps your complete audit trail in a two-tiered storage for many years.

See which FFIEC security requirements Netwrix Auditor can help you address

In order to become GLBA compliant, financial organizations must establish and sustain the required IT security safeguards. The FFIEC Information Security Handbook outlines objectives and procedures for ensuring the security of information systems and the confidentiality and integrity of non-public customer data.

The following digest maps Netwrix Auditor capabilities against the set of procedures provided in the FFIEC IT Handbook:

FFIEC Handbook Safeguards

Tier I Objectives

Objective 2. Determine the complexity of the institution's information security environment

Netwrix Auditor capabilities:

  • Displays the scope and frequency of changes occurring in the IT environment in graphical dashboards that offer excellent drill-down capabilities, facilitating the evaluation of management's ability to control security risks.
  • Tracks and reports on hardware and software installations and removals so you can easily review whether those devices and programs were necessary to support business processes.
  • Detects and reports on all configuration changes, including security settings changes, so you can easily assess whether sensitive data has been exposed.

Objective 6. Determine the adequacy of security monitoring

Netwrix Auditor capabilities:

  • Keeps a complete audit trail for years while enabling easy, anytime access to historical data related to security controls; user actions; system changes; access to sensitive files, folders and content; and more. Pre-configured audit reports, alerts and dashboards and the interactive audit data search capability deliver meaningful intelligence about current and past security states.

Tier II Procedures

A. Authentication and Access Controls

Netwrix Auditor capabilities:

  • Demonstrates how access rights and privileges are assigned by listing all user accounts with current or historical permissions granted on files and folders (either directly or through group membership); current and past group membership; object permissions granted to user accounts; excessive access permissions; permissions inheritance breaks; user rights assignment changes; and more.
  • Reports on group membership changes, including changes to security and administrative groups.
  • Enables auditing of user and administrator logon and logoff activity to detect potential security violations (such as successful credentials validation from multiple machines simultaneously); tracks and reports on configuration changes and both successful and failed access to data.
  • Captures the screen activity of privileged users and enables you to search and replay the recordings to determine exactly what actions were performed and verify that systems, applications and data were used in accordance with existing policies.
  • Shows enabled, disabled, expired and locked user accounts, and reports on last logon time for user accounts.
  • Can automatically deactivate user accounts after a certain period of inactivity by disabling them, assigning them random passwords, moving them to a specific organizational unit or deleting them. This feature helps ensure that no user accounts remain active after the employee has left the company or been reassigned.
  • Audits changes to Group Policy Objects that define password policy; reports on the current or historical state of Group Policy settings.

B. Network Security

Netwrix Auditor capabilities:

  • Facilitates access control by reporting security group membership, group membership changes, account permissions and object permissions; helps you to verify that no excessive rights are assigned to employees beyond those needed for their primary job responsibilities.
  • Ensures centralized collection and consolidation of event log data through scheduled and on-demand reporting on security events; correlates information from multiple independent sources of audit data (not just logs) and transform raw data into meaningful and actionable intelligence; offers extensive filtering capabilities and report subscriptions.
  • Provides video recording of user actions in IT systems and applications that do not log events, enabling user activity auditing and accountability.
  • Provides a high-level overview of what is happening in your IT infrastructure; delivers change statistics that show how often changes are made and which systems are most affected; shows unusual spikes in the number of modifications and file and folder access attempts; helps you detect and investigate anomalies in user behavior with powerful interactive data search.
  • Enables auditing of logins, remote desktop connections and other types of remote access with full information on who logged in and when, the source IP address, and other critical details.

C. Host Security

Netwrix Auditor capabilities:

  • Enables auditing of user activity by making video recordings of user screen activity and offering search and replay features for easy review of the recordings.
  • Notifies users that their activity can be monitored and recorded, which fosters appropriate use of systems and data.
  • Provides preconfigured, customizable alerts on patterns that violate corporate security policies and indicate possible cyber security incidents.
  • Enables you to quickly roll back unauthorized or accidental changes to Active Directory objects and restore deleted objects with no domain controller reboot required.

D. User Equipment Security (e.g., workstation, laptop, handheld)

Netwrix Auditor capabilities:

  • Reports on installations and removals of software applications and hardware devices with details about who made the change; tracks and reports on all changes to Windows–based server configurations, including changes to drivers, services, networking settings, registry settings, DNS, scheduled tasks and more.
  • Reports on the current and previous states of Group Policy settings, as well as changes to settings that regulate deactivation of user equipment after certain period of inactivity.

G. Application Security

Netwrix Auditor capabilities:

  • Audits user access to sensitive content and data in SharePoint, Exchange, Exchange Online, Windows-based file servers, network-attached storage devices and other IT systems; tracks and reports on all data manipulations that occurred on a specified SQL Server, including changes to keys, indexes, server roles, logins and database content.
  • Audits user logons, user account locks and unlocks, and remote desktop sessions.
  • Centrally collects, consolidates, archives and reports all events in event log and Syslog; offers easy reporting and alerting about critical events.

L. Data Security

Netwrix Auditor capabilities:

  • Offers preconfigured audit reports, alerts and dashboards, as well as the ability to search for specific data and create custom reports, providing valuable context for reported user actions and details that enable you to evaluate the effectiveness of your controls.
  • Helps you detect insider threats and prevent data exfiltration by tracking and reporting on how access rights were assigned, current and historical group membership, changes to group membership and permissions, and data access attempts.
  • Helps you spot excessive permissions granted to users on unstructured data objects so you can lock down exposed data and mitigate the risk of privilege abuse and data loss.
  • Detects and reports on all file activity and user attempts (both successful and failed) to access sensitive data, including cardholder data, medical records, financial statements, and other data on your Windows-based file servers and NAS appliances; reports on when and where each access attempt occurred and who tried to access data.
  • Provides an interactive Google-like search capability that makes it easy to investigate data access events that violate security policy and understand why and how those events happened, so you can prevent similar incidents from occurring in the future.
  • Provides change review history reporting that facilitates consistent coordination of activities and appropriate change management.

M. Security Monitoring

Netwrix Auditor capabilities:

  • Keeps you informed about the frequency of changes and data access in your critical IT systems; provides a high-level overview of employee activity across multiple IT systems with Enterprise Overview dashboards; delivers the who, what, when and where details for each change or data access event, along with the before and after values.
  • Provides a powerful investigation mechanism that enables flexible cross-system search; offers customizable reporting with filtering, sorting, exporting, change review and drill-down capabilities.
  • Delivers security analytics that help you detect anomalies in user behavior and investigate threat patterns at early stages of a potential breach; offers file analysis capabilities, including reports on potential data owners, stale data and duplicate files.
  • Ensures that your audit trail is continuously collected, consolidated and archived in a reliable two-tiered storage; securely keeps meaningful audit information about past events for as long as required, while enabling easy, anytime access to it; consolidates non-change events in Windows logs and Syslog, such as events from Cisco devices or Linux servers.
  • Enables auditing of privileged user activity in any system or application (including those that do not produce any event logs) by capturing and reporting on user screen activity; provides an option to notify users that their actions are being monitored.
  • Reports on all user interactive and non-interactive logon attempts, including failed logon attempts.
  • Enables control over access to critical organizational resources by delivering a complete picture of effective permissions and file activity on your Windows-based file servers and NAS; shows who is attempting to access sensitive files and folders; provides powerful investigation capabilities that help you identify who granted access rights to a particular user.
  • Reports on all administrative and security group membership changes; shows both current and historic effective group membership.
  • Enables you to quickly revert unwanted Active Directory changes to a previous state without any Domain Controller downtime or having to restore from backup.
Please note that Netwrix Auditor can facilitate the ongoing evaluation of security controls in addition to those listed above, helping you achieve continuous compliance with the security provisions of other regulations.
Find out more about which GLBA compliance requirements can be addressed using Netwrix Auditor.
Download Netwrix Auditor Report Mapping (.pdf)

Financial institutions of all sizes rely on Netwrix Auditor to streamline GLBA compliance

"Netwrix Auditor helped us gain visibility into all systems that fall under the scope of compliance and prove that none of the data has ever been compromised. Now we are able to prepare for the audits in a few days, not weeks, and prove that we have control over our IT environment."

Andrew Ledford,

Chief Information Officer, BankCard Central