Educause Security Discussion mailing list archives
Re: Netwrix & STEALTHbits
From: Harry Zahlis <harry.zahlis () FRESNOCITYCOLLEGE EDU>
Date: Tue, 25 Oct 2016 22:48:34 +0000
From one of our techs...
We have been using the Netwrix products: "Auditing of Active Directory and Auditing of Windows File Servers" for the past 19 months. We have been very happy with our decision on the purchase and the ease of deployment of the products. We have use the Active Directory solution to provide us with daily reports on all changes made and to provide us with real-time alerts on specific objects in Active Directory like domain admins and other groups that we feel that need real time alerting. We are very happy with the reporting feature, the built-in reports and subscriptions have been very robust. The advance search feature is a great tool to really go after those items that are to find. We recently needed to find items that were in Active Directory and some our objects attributes were changed and reverting back. The advance search was critical in achieving a report in a very fast and effective manner to find those objects. The Auditing of Windows Files servers have also been very critical in logging the type of access to files and folders, as we are all aware of when files and folders are deleted and we get the call that all my files are gone. Were able to pull reports and find out the who, when, and time that those files were deleted, changed or read. It has been a pleasure in working with Netwrix Doug Schreiner Systems Technical Resource Analyst Fresno City College Harry Zahlis Interim Director of Technology FRESNO CITY COLLEGE 1101 E. University Ave. Fresno, CA 93741 (559) 442-8206 Help Desk (559) 443-8670 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Boyd, Daniel Sent: Thursday, October 20, 2016 5:32 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Netwrix & STEALTHbits We're currently using Netwrix, auditing AD and server changes in an 80+ server, ~2600 user environment. I've not noticed any performance issues, but I will say that you can't just turn it on and say go. We get alerts and notices throughout the day for everything from AD changes to issues with end points as well as complete recorded RDP sessions to our servers. It took some time to tame the beast. Most all of our reports are automated and generally cover no more than 24 hours, so unfortunately I can't comment on report speed. We like the visibility and since we all (4 of us on staff) get copied on real-time change notices we can keep each other accountable for proper procedures. Dan Daniel H. Boyd (94C) Senior Network Architect Network Operations Information Security Advisory Group Chair Berry College Phone: 706-236-1750 Fax: 706-238-5824 There are two rules to follow with your account passwords: 1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!! 2. If unsure, consult rule #1 -----Original Message----- From: Penn, Blake [mailto:blake.penn () SECURITY GATECH EDU] Sent: Wednesday, October 19, 2016 4:11 PM Subject: Netwrix & STEALTHbits Anyone out there had any experiences with Netwrix or STEALTHbits products that you would be willing to share? Thanks, Blake Penn Information Security Policy and Compliance Manager Cyber Security Georgia Institute of Technology (404) 385-5480
Current thread:
- Netwrix & STEALTHbits Penn, Blake (Oct 19)
- Re: Netwrix & STEALTHbits Rob Milman (Oct 19)
- Re: Netwrix & STEALTHbits Fisher, Matthew C (Oct 26)
- Re: Netwrix & STEALTHbits Mr. Ikram Muhammad (Nov 04)
- Re: Netwrix & STEALTHbits Frank Barton (Nov 07)
- Re: Netwrix & STEALTHbits Mr. Ikram Muhammad (Nov 04)
- <Possible follow-ups>
- Re: Netwrix & STEALTHbits Boyd, Daniel (Oct 20)
- Re: Netwrix & STEALTHbits Harry Zahlis (Oct 25)