Netwrix Auditor

The Auditor has been a one stop solution for our cybersecurity. I like the out-of-the-box alerts that we can use or customize. We can export reports into easy to read PDF's or Excel docs. We configured alerts for them user accounts had their access raised and by who. We also receive alerts from constant login attempts into disabled accounts. We can also keep track of user accounts that may have gone stale. We send those lists to management and/or HR. They tell us if a user can be removed or is scheduled to return. We also use Auditor to keep track of files. Sometimes users delete things on a massive scale. In several instances, we've had users delete something on accident. Netwrix Auditor file deletion alerts saved us hours of research in locating missing files and recovering them.

Once configured it will be very powerful. I see a lot of information, i can setup alerts and reporting and manage my user access. It also allows me to better see what my users are doing in the system. There are some logging capabilities within Microsoft to see who has done what and when, but this system is much easier to find that information across multiple applications. Whoever deleted that folder, who deleted those emails, is all much easier to report on in this tool. Finally, this system was put in place for board reporting to ensure proper system governance and access so it fulfills that requirement very well. The information could be found in other ways but not as unified and easy to report on to others.

Accuracy, presentation and timeliness. We are notified of changes as soon as they occur via email. We receive clear and concise reports daily which are presented in a clear and undertandible format.

It could go deeper into a, 'risk score' system. Our management is big on, 'risk scores'. Netwrix has a risk score system. However, it is based on the number of incidents or alerts that occur. For example, if you set an alert that a user account was disabled, you can set the alert level to 50. If you get two alerts, your new score is 100. We would like another type of risk score to be based on the, 'Risk Assessment' found on the main page. Then give us the option for placing this risk score on the main page. For example, under Users and Computers, lets say I have 50 inactive user accounts, out of 100. The percentage is at 50%. I have 2 accounts out of 100 that are set to a password that never expires. The percentage is at 3%. Take those two percentages and average them out. That could be our over all risk score.

It's more costly than expected. Because there is no way to specify users or even groups of users you pay for every user in the AD/M365 tennant. I don't need to view or report on many of my resource, admin or support accounts but I have to pay for them anyway. It is quite difficult to fully configure. It is not intuitive and connecting to the on premise AD is not easy. It's not for small businesses and barely for medium, I'm sure an enterprise team would have no issues at all but for a small IT team it's a lot of work.

I would struggle to suggest dislikes, but there are improvements which I would like to see. Updates could be handled a little better. These seem overly frequent and I'd prefer an autoupdate option to be availble. Documentation around hardware/software specs could be improved, some template build sizes would be useful. Finally an option around cloud hosting in future versions would be desirable.