top 5 critical changes to audit for active directory

Simple, Efficient, Affordable

#1 for Change Auditing



Top 5 Critical Changes to Audit in Active Directory Webinar

Bob Bobel, Director of Product ManagementE-mail: [email protected]: @rbobelLinkedIn: www.linkedin.com/in/robertbobel

Version 3



About NetWrix Corporation

• Founded in 2006 HQ located in New Jersey • Philosophy - Simple, Efficient and Affordable• Global customer base of approximately 6000• As of 2011 approximately 6M licenses sold• Focused on Auditing with an R&D to staff ratio 3:1• Offices in North America, UK and APACJ• Microsoft Gold Certified Partner



Agenda

• Challenges of auditing Active Directory• Why auditing matters• Consequences of audit failures • Key audit requirements• Top 5 Critical Active Directory Changes to Audit• Demonstration• Why NetWrix?• Questions



Challenges of auditing Active Directory

• Event data can be complex and time consuming to collect and manage

• Native audit logs lack key information and is often confusing

• Native tools don’t provide point-in-time or configuration reporting

• Most 3rd-Party utilities have heavy deployments require scary OS level drivers or agents



Why auditing matters

• Native tools are not enough• Security problems go unidentified• Material findings during audits • Compliance failures• Delays in troubleshooting and issues go

unresolved• Clarify who is making changes to “my” system

“It worked yesterday, now it stopped

working”



Consequences of audit failures

• Expensive outages• Administrators who are unaccountable for

their actions• Changes in security settings that may have

unexpected consequences• Intellectual Property or data theft• Fines for violations of compliance

requirements - PCI, SOX, HIPAA, etc.



Epic Audit FAIL

• Large Global Oil Company– Someone mistakenly deleted 2000 user accounts

because of a mistake in a script– Monday morning, people couldn’t logon

• Insurance firm saw a spike in expenses– People could access expense XLS files after they

were submitted



Key audit requirements

• Clearly show WHO, WHAT, WHEN, WHERE change detail with BEFORE and AFTER values

• Coordinate details from multiple sources for a complete picture (single-source = less detail)

• Flexible Reporting and Filtering (no log noise)• Automated Reporting and Analysis• No dangerous agents or drivers



Key audit requirements (continued)

• Predefined reports that can be customized for specific needs – Critical to sustain Compliance, Security or Access

Governance needs• Centralized securable storage for short and

long-term analysis and reporting• Enterprise Scalability



Top 5 Critical Active Directory Changes to Audit

1. Privileged user activity

2. Privileged group Membership changes

3. Changes to Security Delegation

4. Structural changes to Active Directory

5. Changes to Group Policy Security Settings



Events from Critical Systems

Competitor’s Architecture

CustomEvents SQL

databaseAnalyze

Reporting in Separate Product

CollectionRequiredOS Agent Alert

Deployment Console

Agent Management ConsoleInstall, Update, Repair & Un-install

Agent side issues• BSOD when OS Updates• Agent stops you loose data



Critical Systems

NetWrix Audit Platform Architecture

Native Events

Configuration

4W Database withbefore & after AuditArchive™

Analyze AD RollbackAlertReport

AuditAssurance™

AuditIntelligence™

Permissions orAccess Rights

Scalable Storage





Demonstration



• ING Direct• Forex Capital Markets• Berkshire Hathaway• Zurich Financial Services• Thomson Reuters• Fiserv

• Columbia University• Bureau of National Affairs • State of Maine• NYC Dept. of Transportation• US District Court, SDNY• Massachusetts Port Authority• Alaska State Legislature• Columbia University• Verizon Business Systems• Black & Decker• Universal NBC• US Military Academy

Federal, State & Local GovernmentFinancial

• Vertex Pharmaceuticals• Blue Cross of Idaho• Berkeley National Laboratory• National Institute of Health (NIH)• Massachusetts General Hospital• WebMD

Healthcare & Pharmaceutical

Others who chose NetWrix



NetWrix Suites

All-in-One SuiteChange Reporter Suite

SharePointSQL ServerWindows ServerVMwareEvent Log ManagerActivity Recorder

Active DirectoryObject RestoreGroup PolicyExchangeMailbox AccessFile ServersNetApp & EMC

IDM Suite

Password ManagerPassword Expiration Notifier Logon ReporterInactive Users Tracker

FREE Trials at www.netwrix.com



Protect your investment

• Upgrade to any suite = 100% credit applied from any prior license purchase

• New product additions to suites are provided to you at no charge so long as support and maintenance fees are current



Next Steps…

• Download a FREE TRIAL at www.netwrix.com– Trial license is included with the download– Support is provided during trial period

• Virtual POC– Virtual TestDrive™ is available in some areas– Online server allows you to quickly understand the

incredible value of our software

http://www.netwrix.com/





Thank you

For more information visit www.netwrix.com

Bob Bobel, Director of Product ManagementE-mail: [email protected]: @rbobelLinkedIn: www.linkedin.com/in/robertbobel

top 5 critical changes to audit for active directory

Technology

change auditing simple

change auditingsimple

critical changes

change auditingversion

audit demonstration

epic audit

structural changes

security problems