Netwrix makes auditing software for system administrators that collects information about user access and permissions. The company recently announced version 8.5 of Netwrix Auditor that extends its monitoring capabilities to Oracle databases and Microsoft cloud services.
The goal of Netwrix Auditor is straightforward: to track users and administrators as they log into and out of business systems, elevate permissions, and change configurations. Auditor also identifies anomalous behavior that might indicate internal malfeasance or the hijacking of an account.
Use cases for Netwrix Auditor include compliance and security monitoring, policy enforcement for application access and authorization, separation of duties (that is, enabling a security team to keep tabs on system admins and DBAs) as well as general housekeeping and administrative tasks such as pruning unused accounts.
I like to think of this kind of product as operational vegetables; maybe not everyone’s favorite dish, but essential for good IT health.
The software works by collecting and analyzing logs and other information from a variety of sources, including Active Directory, file servers, and databases. It can also monitor access to user mailboxes and individual files in file stores such as SharePoint.
Netwrix uses a combination of agents and APIs to gather data, though it tries to minimize the need for agents where it can.
As you might have guessed, Netwrix has a strong focus on Microsoft. It can audit activity on Active Directory, Exchange, SharePoint, Windows, and SQL Server. It also supports auditing for VMware and EMC.
What’s New In 8.5
The latest edition of Netwrix Auditor extends its monitoring capabilities to the cloud with Office 365 and Azure AD.
“We are hearing that customers who move from on-premises Exchange into Office 365 are often confused and not sure what controls they have in the new environment,” said Ilia Sotnikov, Director of Product Management at Netwrix, in an interview.
Netwrix provides a consolidated view into the Microsoft SaaS service to see configuration and permission changes and sharing settings.
The company also added support for Oracle databases, enabling compliance or security teams to monitor DBA access, permissions, and configuration changes.
In addition to monitoring new applications, Netwrix has also added reports. These reports include Activity Outside Business Hours, which highlights application access and account changes during unexpected periods; and Failed Activity, which tracks failed access attempts. These reports can trigger investigations into suspicious or unusual activity.
For more details on Netwrix, you can see their presentations from Tech Field Day.