Strengths: Solid auditing for who has access to what and if access was used to make a change.
Weaknesses: Pricing model can become bloated depending on environment.
Verdict: Pricing can be a problem, especially over the lifecycle, due to both anticipated and unanticipated changes in AD. As well, the need for a server and a backend database – not supplied – adds to lifecycle costs.
The Netwrix Auditor takes an interesting yet vital approach to managing privileged accounts: Information is key. This tool is not designed to rotate passwords or configure remote access to systems. Rather, its purpose is to watch accounts carefully for possible unauthorised behaviour and report on it in real-time to stop possible breaches or malware before these become a problem. Auditor can watch Active Directory and privileged account activity and gather intelligence on who has access to what. As well, it determines whether that is in line with what access those users are supposed to have.
This product is software-based and can be installed on any Windows Server in the environment. Auditor does require a separate SQL database as a backend, but can be locally installed or synched up as part of an enterprise cluster. Aside from that, installation prerequisites are minimal and installation takes just a few minutes. After install is complete, all management is done via a well-organised console with an intuitive layout that is easy to navigate. This product also features solid reporting through intuitive dashboards that offer excellent drill-down capabilities.
Netrix Auditor can report on almost anything that is changed by privileged accounts, including Active Directory itself, file servers and file shares, and other direct server changes, such as changes to Exchange, SQL or VMware vSphere. Then, users who make changes can be reported on as to their specific permissions, group membership, and even screen recordings of changes made if the agent is installed on the system that was changed. Recordings are all catalogued and searchable to determine exactly when and where a change occurred. For added correlation, Auditor can also be easily integrated with security information and event mangers to incorporate any already existing processes or policies.
Documentation was comprehensive and included an administrator guide, which focused on overall configuration of the product; an installation guide, which provided great detail on installation process; and a user guide, which provided in-depth information on reporting and analysis features. All guides were well-organised and included many screen shots, configuration examples and step-by-step instructions.
Netwrix offers the first year of basic eight-hours-a-day/five-days-a-week phone- and email-based technical support as part of the purchase price of the product. Support also includes access to an online portal that includes product downloads, support documentation, support case management and product knowledge base. After the first year, customers can purchase assistance in basic and premium 24/7 levels as part an annual maintenance agreement.
With a price of £8 per enabled AD user, this product can become very expensive for some environments. Pricing models based on enabled users are usually hard to justify because user accounts in Active Directory can include active users, service accounts, contractors or generic accounts. While we understand the idea that this product is for reporting on user activity, we find that in this instance it takes away from the focus on privileged accounts and pollutes the pool by being licenced on accounts that have no privilege.