Netwrix Auditor is designed to enable auditing of the broadest variety of IT systems, including Active Directory, Exchange, file servers, SharePoint, SQL Server, VMware and Windows Server. It also supports monitoring of privileged user activity in all other systems.
According to the vendor, Netwrix Auditor eliminates these blind spots by delivering complete visibility into all changes to system configurations, content and permissions across the IT infrastructure. Moreover, Netwrix…
N/A
Symantec Advanced Threat Protection
Score 7.5 out of 10
N/A
Symantec Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and
remediates advanced attacks. The product fuses intelligence from endpoint, network, and email
control points, as well as Symantec’s massive global sensor network, to stop threats that evade
individual security products. It leverages existing Symantec Endpoint Protection and
Symantec Email Security.cloud investments, so it does not require the deployment of any new
agents. It includes functionality…
Netwrix [Auditor] is a great tool for any SysAdmin no matter the company size. Licensing is determined by users, not employee count, and that makes it a great product from a small business to an enterprise application. The time savings coupled with the increased productivity is a key factor is determining this tool over other products.
It is valuable software for when it comes to a large or medium organization, since it helps to protect the endpoints, but as the number of servers increases its value increases. However, it is important to keep in mind that when it comes to low end devices, its protection can affect their performance. This is because it is not a software with a very light agent.
Netwrix Auditor performs the audit collection process in a method that does not burden the systems it is auditing. It usually just pulls the log and event logs data from the machine it is auditing and then performs the extraction of the information in these files on the Netwrix Auditor server. This reducing the audit processes to only pulling log data from the server but does not keep the server busy processing the data.
Once the log data has been pulled from a server being audited, Netwrix will store the log data in a compressed form in its Long Term Archive. This allows the database to be kept smaller than the all the data being kept in the Log Term Archive and therefore makes creating reports much faster since the database is not as big as it could be.
Since Netwrix Auditor uses standard Microsoft SQL Server and SQL Server Reporting Services (SSRS) to perform reporting, working with the results of the audit is much easier. Anyone who knows SQL Server and SSRS can work with the data and create their own reports.
The predefined reports that come with Netwrix Auditor cover most of the items required to properly report on the status of a system. They have many predefined reports for FedRamp, PCI, HIPPA, and other compliance regulations.
The incident management piece is the heart and soul of the product. A single area where all data in relation to network and email protection is available.
Works well in conjunction with the standard Symantec Endpoint product.
URL Protection is advanced and very helpful
Technical support is great and definitely the best I have ever seen for a "anti-virus" type product.
I don't like that I have to maintain the client and keep it up to date. Updating the client is not a very easy process.
Deploying the client could be easier. They have a deployment tool, but it doesn't really get to all PCs, which means I still have to manually deploy it.
Because the product has so much customization, it can also be very difficult to set up and understand.
We have renewed already the licensing of the product minus SQL Server and Oracle Database because the organisation believes the modules are very expensive and have identified a different product for auditing Databases Other modules are very important like the User Activity monitor, AD queries that we can not get from the native AD itself or you have to run complicated powershell scripts! Easy to use interface Pre-defined Reports Easy way to subscribe to important alerts e.g Privilege account group membership changes
Symantec Advanced Threat Protection has done a sufficient job at identifying true positives. However, the UI could be improved and the amount of false positives is a little too frequent for my liking
The product has user friend pre-defined queries which takes off the stress and horrors of having to query Active Directory with complex Powershell scripts! You can subscribe to certain functions when they are done and you get an alert e.g privileged accounts actions and you don't need to have programming skills The product has a desktop version of the software and donot have to login to the server all the time you need to use it. You can see very fast the posture of your environment of the overview screen and deduce what exactly is wrong and what has to be done
Customer support has always been fast and helpful when we run into any issues. The smaller issues are usually resolved within a day or two. It is great support and I feel like I am in good hands anytime an issue comes up. However, we don't run into many issues
Make sure you trial the software and understand the fundamentals of each module that you are interested in Make sure you get the buy in from both Management and most importantly your team members (the product users) for a successful implementation Watch the webinars of the product from the product website
I can only compare it to SolarWinds. Their similar products have larger foot prints and seem a little clumsy in comparison. The Netwrix product turns on a lot of the auditing options that were required for the product to work properly where it seemed I had to do a lot of manual tweeking with the SolarWinds product.
Frankly, the other products were too expensive to make the change from Symantec so we continued with the tried and true protection. We don't have the funding to move to a more expensive product and the manpower that it would take to implement a new solution.
