Law Firm Gains Control over Critical File Shares and Detects Ransomware Faster

David Orschel, IT Director at Carmody, had been using free tools from Netwrix to troubleshoot account lockouts and automate password expiration notifications, and found them efficient and easy to use. Going with Netwrix Auditor was an easy decision for him, and he especially liked the set of predefined alerts on file activity that could indicate a ransomware attack. 

• Visibility into user activity around sensitive data. Netwrix Auditor’s daily reports clearly show what users are doing with sensitive data and provide the essential who-what-when-where details. If David notices unusual actions, such as a change to data access permissions or suspicious file modifications, he can review the complete history of the user’s actions right in the product, ensuring a speedy, in-depth investigation. He pays particular attention to data deletions: Whether it is a user mistake or a departing employee cleaning out data that shouldn’t be removed, Netwrix Auditor alerts him to any unusual activity so he can take action promptly.
• Early detection of ransomware. David especially values that Netwrix Auditor alerts him to anomalous user activity that could indicate ransomware in operation, such as suspiciously high numbers of file reads, failed read attempts, file changes or file deletions. As a result, he can quickly identify the “patient zero” account that has been taken over and respond in a timely manner.
• Increased accountability of privileged users. David uses Netwrix Auditor to validate the IT team’s administrative access and check what they are doing across Active Directory and Group Policy — especially things like adding users to critical security groups and modifying configurations. For example, the software enabled him to detect a GPO applied at the wrong level of the Active Directory tree so he could reconfigure it to prevent disruption to the firm’s operations, and then provide additional training to the IT team member involved.
• Efficient account lockout management. Attorney’s accounts were regularly getting locked out, hurting their productivity and taking a lot of the IT team’s time. With Netwrix Auditor, David and his team can see who has been locked out and start the helpdesk process immediately. They can unlock the account remotely, which saves attorneys 3–5 hours of lost productivity on an average day. They can use the software’s Interactive Search to determine the root cause of the issue, assess whether it was a security incident, and take steps to prevent future lockouts.