NetWrix: Build a solid bridge between security and auditing for better incident management

NetWrix: Build a solid bridge between security and auditing for better incident management
NetWrix: Build a solid bridge between security and auditing for better incident management

A better link needs to be built between the security and auditing teams.

According to Aidan Simister, UK and Ireland country manager of change auditing and compliance vendor NetWrix, security managers need to become more involved in auditing.

He said: “Auditing is a very basic task yet if you ask a lot of security managers to tell you quickly who made a change to a specific part of their IT infrastructure, often this requires a time-consuming manual process of trawling through native audit logs.

“In many cases this is due to the IT team and auditing teams not working together and not having a joined up strategy or solution in place, and this needs to change.”

He said that using native auditing tools is common-place even in the largest of organisations yet the approach was reactive, slow and insecure.

“Security teams need to work with the audit teams to seek out more automated and proactive approaches to ensure they have instant access to critical audit data at all times,” said Simister.

Simister claims this disconnect is driven by, the perception amongst IT and security teams that auditing is a complex, time consuming and expensive task, but this doesn't need to be the case.

He admitted that while it is true that some vendors overcomplicate the task by trying to do too much, there are quick, simple and affordable approaches out there.

Simister referenced recent Quocirca research, which found that many audits are only carried out either before an investigation or after an event; and that very few IT teams really consistently know what is happening in their infrastructure.

NetWrix recently worked with Warwickshire County Council, who deployed the NetWrix Change Reporter Suite for its 250 sites, including 170 schools for over 110,000 users. Simister said that rather than having to manually sift through logs to identify changes, they now get real time alerts and automated reports to show them who, what, where and when  changes are made within any part of their infrastructure.

Sign up to our newsletters