Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems.
According to the vendor, Netwrix Auditor eliminates these blind spots by delivering complete visibility into all changes to system configurations, content and permissions across the IT infrastructure. Moreover, Netwrix…
N/A
Rapid7 InsightVM
Score 8.4 out of 10
N/A
InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.
Netwrix [Auditor] is a great tool for any SysAdmin no matter the company size. Licensing is determined by users, not employee count, and that makes it a great product from a small business to an enterprise application. The time savings coupled with the increased productivity is a key factor is determining this tool over other products.
InsightVM is great for finding all devices on your network and where the misconfigurations exist. We all have to patch our systems and applications, but it can be difficult to keep track of which systems are up to date. This tool is very helpful in filling in this gap and helping you organize that information. It is easy to get a big picture view of how your organization is doing from a vulnerability perspective, and it is equally as easy to drill down and get specific details that you need. Prioritization is crucial when it comes to this space, because you can never address every vulnerability, so you need to make sure the highest priority items are being remediated. R7's tool excels in this area and highlights items you weren't even aware of.
Netwrix Auditor performs the audit collection process in a method that does not burden the systems it is auditing. It usually just pulls the log and event logs data from the machine it is auditing and then performs the extraction of the information in these files on the Netwrix Auditor server. This reducing the audit processes to only pulling log data from the server but does not keep the server busy processing the data.
Once the log data has been pulled from a server being audited, Netwrix will store the log data in a compressed form in its Long Term Archive. This allows the database to be kept smaller than the all the data being kept in the Log Term Archive and therefore makes creating reports much faster since the database is not as big as it could be.
Since Netwrix Auditor uses standard Microsoft SQL Server and SQL Server Reporting Services (SSRS) to perform reporting, working with the results of the audit is much easier. Anyone who knows SQL Server and SSRS can work with the data and create their own reports.
The predefined reports that come with Netwrix Auditor cover most of the items required to properly report on the status of a system. They have many predefined reports for FedRamp, PCI, HIPPA, and other compliance regulations.
From my experience of using this tool, sometimes it gives more false positives. A few times I had performed the scan on the same IP address using QualysGuard and Nexpose, but after comparing the scan results I had found that QualysGuard had provided more accurate vulnerability information.
We have renewed already the licensing of the product minus SQL Server and Oracle Database because the organisation believes the modules are very expensive and have identified a different product for auditing Databases Other modules are very important like the User Activity monitor, AD queries that we can not get from the native AD itself or you have to run complicated powershell scripts! Easy to use interface Pre-defined Reports Easy way to subscribe to important alerts e.g Privilege account group membership changes
Netwrix is easy to use; it has a simple reporting system and modules for each area, e.g., exchange, active directory, and Azure. The user interface is quite basic but easy to navigate and is only seen by administrators anyway. Reports can be generated that are meaningful and in a clear format.
While I think it is a great tool and platform, I believe it (like all tools and solutions) is always evolving and the needs for clients are changing as the industry evolves and threats are upgraded. Cost is good, and support is helpful. Some things could be more granular and others could be easier to understand
Customer support has always been fast and helpful when we run into any issues. The smaller issues are usually resolved within a day or two. It is great support and I feel like I am in good hands anytime an issue comes up. However, we don't run into many issues
I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.
Make sure you trial the software and understand the fundamentals of each module that you are interested in Make sure you get the buy in from both Management and most importantly your team members (the product users) for a successful implementation Watch the webinars of the product from the product website
I can only compare it to SolarWinds. Their similar products have larger foot prints and seem a little clumsy in comparison. The Netwrix product turns on a lot of the auditing options that were required for the product to work properly where it seemed I had to do a lot of manual tweeking with the SolarWinds product.
Rapid7 InsightVM is a more professional tool than Nessus because historically, it was based on metasploit which is a powerful pentesting and exploiting tool. InsightVM covers more attacking scenarios and vulnerabilities than competitors and still a leader in this domain.cloud capability is also not available forNesuus and some other products. Rapid7 InsightVM is a way better as a pentesting tool in my opinion
After spending 2 years configuring, tuning, troubleshooting, and ultimately having nothing but regrets, we migrated away from the tool and accepted the loss.
Support had a variety of opinions, none of them consistent. No best practices. Lots of secret tricks known by support, none documented or shared until after problems are found.
Consulting services are available to come out and do a health check of your deployment, for a fee.
