top 5 critical changes to audit for active directory
TRANSCRIPT
Simple, Efficient, Affordable
#1 for Change Auditing
Simple, Efficient, Affordable
#1 for Change Auditing
Top 5 Critical Changes to Audit in Active Directory Webinar
Bob Bobel, Director of Product ManagementE-mail: [email protected]: @rbobelLinkedIn: www.linkedin.com/in/robertbobel
Version 3
Simple, Efficient, Affordable
#1 for Change Auditing
About NetWrix Corporation
• Founded in 2006 HQ located in New Jersey • Philosophy - Simple, Efficient and Affordable• Global customer base of approximately 6000• As of 2011 approximately 6M licenses sold• Focused on Auditing with an R&D to staff ratio 3:1• Offices in North America, UK and APACJ• Microsoft Gold Certified Partner
Simple, Efficient, Affordable
#1 for Change Auditing
Agenda
• Challenges of auditing Active Directory• Why auditing matters• Consequences of audit failures • Key audit requirements• Top 5 Critical Active Directory Changes to Audit• Demonstration• Why NetWrix?• Questions
Simple, Efficient, Affordable
#1 for Change Auditing
Challenges of auditing Active Directory
• Event data can be complex and time consuming to collect and manage
• Native audit logs lack key information and is often confusing
• Native tools don’t provide point-in-time or configuration reporting
• Most 3rd-Party utilities have heavy deployments require scary OS level drivers or agents
Simple, Efficient, Affordable
#1 for Change Auditing
Why auditing matters
• Native tools are not enough• Security problems go unidentified• Material findings during audits • Compliance failures• Delays in troubleshooting and issues go
unresolved• Clarify who is making changes to “my” system
“It worked yesterday, now it stopped
working”
Simple, Efficient, Affordable
#1 for Change Auditing
Consequences of audit failures
• Expensive outages• Administrators who are unaccountable for
their actions• Changes in security settings that may have
unexpected consequences• Intellectual Property or data theft• Fines for violations of compliance
requirements - PCI, SOX, HIPAA, etc.
Simple, Efficient, Affordable
#1 for Change Auditing
Epic Audit FAIL
• Large Global Oil Company– Someone mistakenly deleted 2000 user accounts
because of a mistake in a script– Monday morning, people couldn’t logon
• Insurance firm saw a spike in expenses– People could access expense XLS files after they
were submitted
Simple, Efficient, Affordable
#1 for Change Auditing
Key audit requirements
• Clearly show WHO, WHAT, WHEN, WHERE change detail with BEFORE and AFTER values
• Coordinate details from multiple sources for a complete picture (single-source = less detail)
• Flexible Reporting and Filtering (no log noise)• Automated Reporting and Analysis• No dangerous agents or drivers
Simple, Efficient, Affordable
#1 for Change Auditing
Key audit requirements (continued)
• Predefined reports that can be customized for specific needs – Critical to sustain Compliance, Security or Access
Governance needs• Centralized securable storage for short and
long-term analysis and reporting• Enterprise Scalability
Simple, Efficient, Affordable
#1 for Change Auditing
Top 5 Critical Active Directory Changes to Audit
1. Privileged user activity
2. Privileged group Membership changes
3. Changes to Security Delegation
4. Structural changes to Active Directory
5. Changes to Group Policy Security Settings
Simple, Efficient, Affordable
#1 for Change Auditing
Events from Critical Systems
Competitor’s Architecture
CustomEvents SQL
databaseAnalyze
Reporting in Separate Product
CollectionRequiredOS Agent Alert
Deployment Console
Agent Management ConsoleInstall, Update, Repair & Un-install
Agent side issues• BSOD when OS Updates• Agent stops you loose data
Simple, Efficient, Affordable
#1 for Change Auditing
Critical Systems
NetWrix Audit Platform Architecture
Native Events
Configuration
4W Database withbefore & after AuditArchive™
Analyze AD RollbackAlertReport
AuditAssurance™
AuditIntelligence™
Permissions orAccess Rights
Scalable Storage
Simple, Efficient, Affordable
#1 for Change Auditing
Simple, Efficient, Affordable
#1 for Change Auditing
Demonstration
Simple, Efficient, Affordable
#1 for Change Auditing
• ING Direct• Forex Capital Markets• Berkshire Hathaway• Zurich Financial Services• Thomson Reuters• Fiserv
• Columbia University• Bureau of National Affairs • State of Maine• NYC Dept. of Transportation• US District Court, SDNY• Massachusetts Port Authority• Alaska State Legislature• Columbia University• Verizon Business Systems• Black & Decker• Universal NBC• US Military Academy
Federal, State & Local GovernmentFinancial
• Vertex Pharmaceuticals• Blue Cross of Idaho• Berkeley National Laboratory• National Institute of Health (NIH)• Massachusetts General Hospital• WebMD
Healthcare & Pharmaceutical
Others who chose NetWrix
Simple, Efficient, Affordable
#1 for Change Auditing
NetWrix Suites
All-in-One SuiteChange Reporter Suite
SharePointSQL ServerWindows ServerVMwareEvent Log ManagerActivity Recorder
Active DirectoryObject RestoreGroup PolicyExchangeMailbox AccessFile ServersNetApp & EMC
IDM Suite
Password ManagerPassword Expiration Notifier Logon ReporterInactive Users Tracker
FREE Trials at www.netwrix.com
Simple, Efficient, Affordable
#1 for Change Auditing
Protect your investment
• Upgrade to any suite = 100% credit applied from any prior license purchase
• New product additions to suites are provided to you at no charge so long as support and maintenance fees are current
Simple, Efficient, Affordable
#1 for Change Auditing
Next Steps…
• Download a FREE TRIAL at www.netwrix.com– Trial license is included with the download– Support is provided during trial period
• Virtual POC– Virtual TestDrive™ is available in some areas– Online server allows you to quickly understand the
incredible value of our software
Simple, Efficient, Affordable
#1 for Change Auditing
Simple, Efficient, Affordable
#1 for Change Auditing
Thank you
For more information visit www.netwrix.com
Bob Bobel, Director of Product ManagementE-mail: [email protected]: @rbobelLinkedIn: www.linkedin.com/in/robertbobel