NetVision

NetVision Company Blog

A Discussion on Effective Audit of User Access

Comparative Review: Active Directory Auditing Tools

Tags: , , , , , ,

NetVision was recently featured in a Windows IT Pro product comparative review on Active Directory audit solutions. The full article is available in the September issue and on the Windows IT Pro web site under the title Comparative Review: Active Directory Auditing Tools. But, we just wanted to call out a few of our favorite quotes:

Trying to find the culprit using Event Viewer is like looking for a needle in a haystack. You need a tool that can lay out the data in a clear and concise manner—you need a good Active Directory (AD) auditing tool.

NetVision should be your first choice if you’re looking for a turnkey solution. No matter whether you want to use the physical appliance, virtual appliance, or managed service, it’s the best for hands-free AD auditing.

Overall, I was impressed with [NetVision's] product. It’s extremely robust

Each one has its own strengths and weaknesses, but the one that impressed me the most was [NetVision] NVAssess, which is why it earns the Editor’s Choice award.

Well said Windows IT Pro!

Of course, to get the details, please read the full article. And let us know if you have any questions.

Answers, Not Data: The Key to Access Security

Tags: , , , ,

NetVision has heard from its customers loud and clear that the holy grail of compliance reporting is enabling actual answers rather than just piles of data.  In this SC Magazine article, titled Answers, Not Data: The Key to Access Security, NetVision CEO David Rowe explains how next generation compliance solutions will be focused on answers and continuous audit rather than periodic audits that generate confusing or obfuscated data sets.

The Business Value of Effective Audit

Tags: ,

There’s a new white paper on the NetVision Knowledge page titled:

The Business Value of Effective Audit

Effective access auditcan be a powerful business enabler providing significant value beyond protecting against malicious insiders. This paper identifies the business challenge, how the industry is approaching the challenge, and NetVision’s unique approach to access rights reporting and monitoring.

Updated: Access Rights Inspector SSE

Tags: , , , ,

NetVision today released an updated version of Access Rights Inspector Single Server Edition.  The new version applies a fix to issues related to large volume size and the initial file/folder rights scan.  The SSE version is a free 30-day trial providing access rights reports on a single server. 

Access Rights Inspector SSE enables users to select user accounts/groups and files/folders to generate custom reports on access rights based on those selections.

Available Reports include:

  • Effective Rights: calculates permissions based on group memberships, inherited rights, ownership, and more.
  • Explicit Rights: provides explicit permission settings for selected accounts and resources.
  • Deny ACEs: provides a list of all locations where permissions are explicitly denied.

Click here to download a copy to get immediate reports on your server!

HIPAA: Windows Security and Active Directory

Tags: , , ,

In a new paper for NetVision customers titled Active HIPAA Response, we break down the security and privacy requirements found within the HIPAA regulation text and map NetVision policies and reports to those requirements. While organizations need to perform discovery of Protected Health Information (PHI), NetVision’s HIPAA compliance pack provides quick setup of compliance reporting related to Windows file system and Active Directory for complete coverage of Microsoft networking platforms.  The HIPAA package is also available for Novell networking environments.  NetVision isn’t claiming to make anyone compliant with a set of canned reports.  But, if you’re concerned about HIPAA requirements, the HIPAA compliance pack automates the creation of a set of reports that map to the areas within HIPAA for which NetVision can help.  Let us know if you’d like more information!

TryIt! Free Access Rights Answers

Tags: , , , ,

Today, NetVision released the free TryIt! edition of Access Rights Inspector. You can now download a small scanner to run on your own server and get four useful reports:

  • User or Group Report – report on all resources to which a given user or group has access.
  • File or Folder Report – report on all accounts that have access to a given file or folder.
  • Direct User Assignments – report on all instances of permissions being assigned directly to user accounts (instead of via groups).
  • Explicit Deny Entries – report on all instances of explicitly denied permissions.

Like the full version of Access Rights Inspector, this one accounts for groups, nested groups, inherited permissions, deny entries, object ownership, share permissions, and more.  So, if you have questions like ‘Who has access to this file?‘ or ‘What does that person have access to?‘, this is a quick and free way to get the complete answer on a single server.

If you’re looking for something more powerful, we of course would like you to take a look at this 3-minute demo of the full version of Access Rights Inspector.

Demo – Getting Who Has Access (with Details)

Tags: , , ,

Today, I launched a 3 minute demo of Access Rights Inspector‘s ability to generate a quick report on everyone that has access to a given file — and how they got the access (inheritance, group memberships, etc.).  Obviously, it’s only a quick glance at what the product can do, but if it piques your interest, please let us know.

Continuous Audit

Tags: , ,

In this article from CFO magazine, the author discusses the value of Continuous Audit.  He tells the story of Harrah’s Entertainment and their 24×7 approach to audit.  One interesting quote:

Increasingly, though, individual practitioners see the cutting edge as auditing 100% of data relating to transactions, processes, policies, or whatever else is to be audited, rather than reviewing small samplings at longer intervals, as many organizations still do

You might be thinking easier said than done.  But getting back to the original point, with Continuous Audit, 100% sample is actually easily accomplished because every relevant event can be parsed through a policy filter and flagged when appropriate.

NetVision has recognized the value of Continuous Audit for more than a decade.  We believe there are two sides to an effective audit program – (1) current state assessment and (2) real-time monitoring.  And we hear from our customers that (like Harrah’s) they see real value in including real-time monitoring.  Putting Continuous Audit in place makes compliance audits move quicker and cost less.  …not to mention the obvious benefits to security.

PCI Compliance for Active Directory

Tags: , , ,

Are you focused on Active Directory? And being asked to provide your end of a PCI audit? Figuring out how AD relates to PCI-DSS (Payment Card Industry Data Security Standards) can be quite complicated. If you’re interested in getting help or learning more, go to:

PCI Compliance for Active Directory Administrators

Audit Monthly

Tags: ,

Audit Monthly is NetVision’s monthly newsletter featuring tips and information on effective security audit.  In addition to the main content area, monthly recurring side-bar sections include:

  • Auditor Tips – features tips and insight from security audit industry veterans.
  • Product Corner – includes highlights and updates from NetVision’s product management group.
  • From the Field – provides real-world stories from NetVision’s field sales and service teams.

Subscribe to Audit Monthly.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.