Netwrix Auditor, a Great Product at a Great Price
January 18, 2019
Netwrix Auditor, a Great Product at a Great Price
Score 8 out of 10
Overall Satisfaction with Netwrix Auditor
Netwrix Auditor is used by my company to audit all of the systems we use. These include file servers (both Windows and NetApp), SQL servers, web servers. SharePoint servers, Active Directory and many other types of servers. We use it to make certain that staff do not access files that they are not permitted to access, and that they are not attempting to log in into a server that they should not be logging into. This information has come in very useful in the past and will do so in the future. It is also often used by projects to find out what files users who are allowed to access certain files are actually accessing.
- Netwrix Auditor performs the audit collection process in a method that does not burden the systems it is auditing. It usually just pulls the log and event logs data from the machine it is auditing and then performs the extraction of the information in these files on the Netwrix Auditor server. This reducing the audit processes to only pulling log data from the server but does not keep the server busy processing the data.
- Once the log data has been pulled from a server being audited, Netwrix will store the log data in a compressed form in its Long Term Archive. This allows the database to be kept smaller than the all the data being kept in the Log Term Archive and therefore makes creating reports much faster since the database is not as big as it could be.
- Since Netwrix Auditor uses standard Microsoft SQL Server and SQL Server Reporting Services (SSRS) to perform reporting, working with the results of the audit is much easier. Anyone who knows SQL Server and SSRS can work with the data and create their own reports.
- The predefined reports that come with Netwrix Auditor cover most of the items required to properly report on the status of a system. They have many predefined reports for FedRamp, PCI, HIPPA, and other compliance regulations.
- Netwrix Auditor needs to improve its loading of Long Term Archive (LTA) data back into the database. I have been trying to load one month of LTA data back into the database for a few months now, but it can take a few days to successfully load just a few weeks of data. I have now started to attempt to load only two weeks of data at a time in the hopes that it will not destroy the data already loaded. I'm still working on this attempt. Netwrix Support told me that the only designed the reloading of LTA to work on a few days worth of data, but I need to be able to possibly seven years of data in the future. They are currently working on a solution to allow me to perform this task.
- Netwrix needs to simply their database structure so it is easier to create your own reports. If they can't make the database structure any easier, they need to document it much more. The database documentation is very sparse and doesn't really state how you can use the database. There are many items I can find in the database but some items I have just given up on since it can be quite a task to find the data in the database.
- Netwrix needs to release some form of internal documentation so clients can see what is happening during the audit data collection. I have specialists in certain areas of our systems, such as NetApp file server, ask me how it performs some of the auditing, and all I can say is "I'm not sure, I can ask but they probably won't be able to tell me."
- Netwrix Auditor is a good system to audit data and access to systems on your network. Compared to other auditing systems it is much less expensive. We moved from Varonis Auditing to Netwrix and were able to audit all of our servers in our infrastructure at much less cost than just auditing the NetApp file servers with Varonis. Although Varonis could audit the other types of server, it would be a new license (cost) to perform this.
- We use Netwrix to audit our SQL Servers, and the database administrator really likes the auditing that it performs. He uses it to help application developers find problems in their code. Although he could do this previously, it is much easier with Netwrix Auditor.
- We currently perform a lot of US government contracts and when we tell them about the items that Netwrix can audit, they are quite happy that we are using this product for this work.
As I mentioned previously, we used to use Varonis to audit our NetApp file servers. Varonis did perform the data collection on the NetApp file servers, but the cost was almost twice that of Netwrix Auditor and it was only auditing the NetApp File server. For one price, we have Netwrix Auditor auditing our Windows servers, SQL Server server, NetApp file servers, Windows file servers, Active Directory servers and many more. We haven't done it yet, but it can also audit Windows Exchange servers.
Netwrix Auditor is well suited to perform audit data collection on many types of servers that require audit data to be collected. It runs fairly quickly and usually informs you if something went wrong in the data collection. They do need to have better documentation and some form of internal documentation to help the users who understand what is happening in their system to help them through the process of figuring out when something went wrong.