Netwrix Approach to Change Auditing
Quadrant of Auditing Solutions
There are a few different approaches to change auditing, and all of them have certain shortcomings, resulting in not sufficiently high level of auditing consistency or decreased system reliability. That's why Netwrix has invented AuditAssurance™, a new auditing technology to help you control IT infrastructure changes in the most effective way.
Netwrix AuditAssurance™ technology is a patent pending technology that is used in the Netwrix Auditor solutions. Netwrix approach to change auditing allows to significantly reduce the risk of auditing failures and give you a complete and clear picture of what's going on in your environment, meeting two important requirements simultaneously: auditing consistency and system reliability, as illustrated by the diagram on the right.
Native auditing lacks many important features that are critical to meeting security requirements and doesn't have any reporting capabilities. Careful analysis of user-unfriendly, difficult to understand audit logs containing excessive amounts of log 'noise' can take enormous resources and still never paint the complete picture. The Netwrix technology allows to capture detailed information on all changes, including "before" and "after" values for every modification, and generates clear audit records, which can be used by IT professionals and auditors for detailed forensic analysis.
Intrusive heavyweight technologies of custom auditing require the injection of proprietary data collection software agents into operating system mechanisms, which can lead to decreased stability and reliability. The AuditAssurance™ technology offers optional non-intrusive agents specifically to provide network traffic compression and filter data, saving precious bandwidth, and they do not modify or tamper core operating system functions, providing high level of system reliability.
Traditional SIEM (Security Information and Event Management) solutions rely only on a single source of audit trail data, which is generated by system itself or custom software agents and sometimes may not contain all the required data (e.g. because it has been erased, overwritten, or otherwise tampered with). In this case SIEM solution can't provide the necessary level of auditing consistency.
Alternatively, the AuditAssurance™ technology consolidates the audit data from multiple independent sources (event logs, configuration snapshots, change history records, etc.), and therefore is able to detect a change even if one or more of the sources does not contain all the required data. The Netwrix technology also allows integration with traditional SIEM systems and fills-in audit gaps left by your old-school SIEM 1.0 solution.
Next steps: to learn more about the Netwrix Auditor platform please select one of the following options: