Tech Field Day 11 Preview: Netwrix
Tech Field Day 11 is happening in Boston, from 22-24 June and I’m super happy to be invited as a delegate.
I’ve been previewing the companies attending, have a look at my introductory post: I’m heading to Tech Field Day 11 and DockerCon!
Netwrix is a new company to Tech Field Day but has been running for a few weeks short of 10 years, headquarted in Irvine California.
I must admit I hadn’t heard of Netwrix before but it is a company focused on auditing IT infrastructure and has an impressive 6000 customers, shame on me for not knowing about them.
IT auditing can be seen as one of those necessary yet dull components that annoy IT staff yet done correctly I believe can add massive value. The problem with IT auditing is it is often reactive, the IT auditors come and sit with you for a week and come up with all sorts of requests for reports that take forever to compile, taking screen shots to prove file server permissions and writing PowerShell scripts to audit AD group memberships (I know, I’ve done plenty!). How hard is it to actually report on your compliance with the VMware hardening guide for example without actually doing a pentest. The problem is also as soon as the auditor leaves there’s often very little ongoing compliance and the auditing just becomes a once or twice a year chore. I personally don’t like the way auditing is often done in my experience but I absolutely believe in proactive auditing as a security tool.
DevOps & auditing?
In fact part of DevOps is auditing. If you think about it, a continuous deployment system built on a continuous integration pipeline is ensuring your deployments are 100% consistent and never deviate from what you intend. If a service fails, you don’t fix, you kill and redeploy. This is in effect enforcing compliance. Combine this with auditing and if your audit tool spots something has changed it can kill the service which respawns a new one and you are back in compliance. What is integration testing? Testing your code/infrastructure to ensure it does what you intend, again, testing compliance.
Other than DevOps, what companies really need is to be able to set up their compliance requirements and have something take care of everything. I want file server permissions or local server administrators to never change without someone knowing and secondly be able to simply and automatically report on this. Sure you can use GPOs or Puppet/Chef to enforce many things but actually reporting on everything is still hard, emailing off Puppet manifests to auditors or GPO exports is only part of the job, can you confirm the Puppet manifests or GPO settings are actually being applied?
Proactive auditing is about being able to maintain security and legal compliance while simplifying the operational overhead of detecting and reporting on everything yet catching the baddies immediately. Hackers are getting sneaky so your auditing tool needs to have some smarts, I’m thinking monitoring firewall and proxy logs to spot an app that’s trying to talk out which normally doesn’t even though it is permissioned through the firewall or proxy. Disabling access isn’t always practical, your app may need proxy access to upload pricing information somewhere yet when it starts uploaded a Gb of data unexpectedly then you want to know about it. Is this an auditing tool’s job or am I getting ahead of myself?
Netwrix is a company that boasts it is the only one dedicated to auditing and has a single platform with more reach than anyone.
Netrix Auditor is the platform that “provides actionable audit data about who changed what, when and where and who has access to what.” There are modules for Active Directory, Windows File Servers, EMC, NetApp, VMware, Office 365, Window Server, Exchange, SQL Server and Sharepoint. Basically, make a change to any of these and someone will know.
There is a compliance portion that can do the reporting on PCI DSS, HIPAA, SOX & FISMA.
What is new with Netwrix and I hope we’re going to hear about is auditing of AWS which joins its existing solutions for Azure and CenturyLink. Cloud can be scary for enterprises as so much less is under your control. Being able to combine your private and public cloud auditing is powerful. Netwrix Auditor is now available on AWS Marketplace and you can bring your own licenses or use an hourly subscription.
What I’d like to see
Netwrix looks like it does a lot, I hope we avoid the boring image of auditing and manage to see the exciting bits and demos. Auditing can all be done manually, scripts, screen shots, reports etc. I want to see how Netwrix drastically fixes the operational burden of all of this and how someone in IT can set up the auditing and catch and fix the issues. I’d like to see the security part and how Netwrix can catch a hacking attempt “as it happens”. Show me how I can avoid trawling through logs and correlate incidents across multiple areas of my business to find the thing that’s going to get my business in the news.
Gestalt IT is paying for travel, accommodation and things to eat to attend Tech Field Day but isn’t paying a penny for me to write anything good or bad about anyone.