Analyst Coverage

Netwrix Auditor was mentioned as a representative vendor product in “IDC's Worldwide Data Services for Hybrid Cloud Taxonomy, 2017” by Phil Goodwin, Ritu Jyoti, Laura DuBois, Dan Vesset, Sean Pike in June 2017.

Netwrix was mentioned as a sample vendor in “Hype Cycle for Governance, Risk and Compliance Technologies” by John A. Wheeler in July 2015.

Netwrix Auditor was mentioned as a sample vendor in "Vendor Landscape: Active Directory Security And Governance Solutions" by Merritt Maxim in January 2016

Netwrix Auditor was mentioned in "On the Radar: Netwrix Auditor provides visibility and governance" by Rik Turner in November 2016.

Netwrix, with version 7 of its VEGA auditor tool released this year, has added interactive search functionality and compliance reports for those that want better visibility and more insight into their business.

Netwrix was mentioned in “When to Use Database Audit and Protection to Enhance Database Security and Compliance” by Joerg Fritsch and Ramon Krikken in October 2014.

Netwrix Auditor was mentioned in “Technology Overview for Active Directory IAM Tools” by Felix Gaehtgens in September 2014.

Netwrix was mentioned in “Market Guide for Password Management Tools” by Brian Iverson and Neil Wynne in June 2014.

SMB’s can investigate further tools to monitor the use of privileged access. For example, companies like Netwrix have a tool to monitor how administrative rights are actually utilized around the network. Auditing privilege use helps SMB IT to answer the question, who has administrative privileges, and who has merely standard rights.

Netwrix Auditor VEGA was mentioned in the Impact Report "Netwrix keeps the spotlight on data with expansions in VEGA" in August 2015 by Dan Raywood.

Auditing systems will be in much wider use because of the increasing number of data breaches and current regulatory environment and have the potential to become ubiquitous in enterprise security organizations.

With roughly 90% of outages being caused by failed changes, visibility into IT infrastructure changes is critical to maintaining a stable environment. Change auditing is also foundational to security and compliance requirements.

...detection of configuration changes is one of the key tactics that all enterprises should consider incorporating into their standard security practices...

Configuration auditing tools can help you analyze your configurations according to best practices, enforce configuration standards and adhere to regulatory requirements.

If you’re using SharePoint intensively, you’ll need partners to supplement it. We consistently see that satisfied customers incorporate third parties into their plans to maximize their capabilities.

Netwrix Auditor provides change auditing across a wide range of audited systems – the widest, in fact, among competing products in this category.

The use of analytics and threat intelligence to ferret out complex and stealthy threats from advanced attackers and insiders is improving security for some; automation is improving; and intelligence providers are also helping with the tricky problems of correlating event and threat intelligence data for their customers. Overall, these tools and services are providing value to consumers, and they should continue to improve response and visibility over time.

Breach detection is top of mind for security buyers and the field of security technologies claiming to find breaches or detect advanced attacks is at an all-time noise level. Security analytics platforms endeavor to bring situational awareness to security events by gathering and analyzing a broader set of data, such that the events that pose the greatest harm to an organization are found and prioritized with greater accuracy.

Auditing changes in enterprise class environments requires the ability to get a high level strategic view without sacrificing the tactical system level detail and insight extended throughout the whole system stack. Netwrix Auditor excels at acquiring information from a broad coverage of Windows and ESX based systems, including systems that don’t generate native audit trails. The product collects alerts in a non-intrusive way providing insights to those changes with a consolidated reporting engine.

The level of change detection is often determined by the value it provides in securing the business or preventing business disruption. Tracking all possible changes, especially from a third-party service provider, without just cause is neither reasonable nor operationally possible. While it may be useful to have the capability to investigate a specific change when there is an outage or wrongdoing is suspected, it is not useful to track the hundreds of thousands of (database) changes. Robust change and configuration processes (as described earlier) should be in place and complemented by tools to automate ticketing and configuration tracking.

Having been a practitioner who used Netwrix in production payment environments I can say that Netwrix was an invaluable auditing toolset that saved me and my organization many hours of time in our PCI audits. The new auditing and support features released in 7.1 provide even greater visibility and speed to get the job done and create an even greater value proposition, especially for budget conscious organizations.

On the technical side, recognition that perimeter defense is inadequate and applications need to take a more active role in security gives rise to a new multifaceted approach. Security-aware application design, dynamic and static application security testing, and runtime application self-protection combined with active context-aware and adaptive access controls are all needed in today's dangerous digital world. This will lead to new models of building security directly into applications. Perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting.

Both our study participants and our own analysis position Netwrix Auditor is a significant contender in the marketplace. The product’s breadth, as well as its ability to support both agent-based and agentless collection models, will make it suitable for a very wide range of organizations. Netwrix offers a competitive pricing model, and has thought through several of this product category’s bigger challenges, such as long-term archives, reporting, and security. We recommend that any customer looking for a change-auditing solution include Netwrix in their shortlist of products to evaluate.

Configuration auditing performs a baseline of configuration settings, software or files against a defined desired state. Audit and compliance needs are driving new functionality in the areas of broader change detection and reconciliation to approved change requests. Configuration auditing can detect when configuration settings drift from standard settings or policies, but change detection must be broader than what is explicitly defined as the desired state. This broad change detection capability is needed to assure system integrity by ensuring that all unauthorized changes are discovered. Discovered changes need to be matched to the approved changes that are documented in the change management system. Exception reports can be generated, and some tools can automatically return the settings to their desired values or block changes based on approvals or specific change windows.

Although we’re still seeing breaches even with good system hardening [Requirement 2], none of the companies that had suffered a breach complied with the requirements for maintaining systems and software security [Requirement 6] or logging and monitoring [Requirement 10]. Patching, maintaining, and monitoring key systems is critical for achieving sustainable security. And companies that exhibit poor logging and monitoring are likely to take longer to spot breaches, giving criminals more time to do more damage. As reported in the DBIR each year, many breaches go undetected for months or even years.

As with years past, errors made by internal staff, especially system administrators, who were the prime actors in over 60% of incidents, represent a significant volume of breaches and records," stated the. "Understand where goofs, gaffes, fat fingers, etc., can affect sensitive data. Track how often incidents related to human error occur. Measure effectiveness of current and future controls, and establish an acceptable level of risk you are willing to live with, because human fallacy is with us to stay.

Regulations do not provide a clear definition of what constitutes compliance for IT operations and production support, so businesses must select reasonable and appropriate controls, based on reasonably anticipated risks, and build a case that their controls are correct for their situation. A good control environment is the necessary base set of controls in a governance framework. Reducing unauthorized change is part of a good control environment.

While there’s no doubt that these actors [employees] are a force to be reckoned with, insiders—current and former personnel, in particular—have become the most-cited culprits of cybercrime. In the 2014 US State of Cybercrime Survey, we found that almost one third of respondents said insider crimes are more costly or damaging than incidents perpetrated by outsiders. Yet many companies do not have an insider-threat program in place, and are therefore not prepared to prevent, detect, and respond to internal threats.

We need pervasive and true visibility into our enterprise environments. You simply can’t do security today without the visibility of both continuous full-packet capture and end-point compromise assessment visibility. Within our digital environments we need to know exactly which systems are communicating with which, why, how, any related communications, their length, frequency, volume and ultimately the content itself to determine what exactly is happening.

Small companies are investing less in information security, which may leave them both incapable of detecting incidents and a more tempting target to cyber adversaries. As noted, smaller businesses often believe they are too insignificant to draw the attention of serious hackers and organized crime. It also may be that rising risks, combined with an overabundance of security solutions, has resulted in “analysis paralysis,” leaving smaller firms unable to make decisions and take action.

What we are saying is that we know the threat actors are already using a variety of other methods to break into our systems, and we should prioritize our resources to focus on the methods that they’re using now. Visibility enables awareness, which will come in handy when the current landscape starts to shift. Control should put you into a position to react quickly.