Configuration Auditing Holds Big Opportunity For Channel
Channel-focused Netwrix sees big business in security and compliance auditing
The channel could benefit from an increasing need for organisations to audit the configuration of their systems, according toIT security vendor Netwrix.
The firm said the growth in data-breaches and the need for compliance, driven by the likes of PCI-DSS (PCI documentation and support services), are increasing the need for simple, effective and affordable configuration auditing.
Who, what, when, where
The channel-focused security vendor said a recent Forrester Research report placed configuration auditing on top of the list of five security technologies predicted to grow over the next three to five years. Forrester believes that configuration auditing tools “have the potential to become ubiquitous in enterprise security organisations.
“Too many companies do not know what’s going on in their IT infrastructures and can’t answer simple questions such as who changed, what, where and when they did it,” said Aidan Simister, UK and Ireland country manager for Netwrix. “Configuration auditing of information systems is essential to maintain security, governance and compliance. Organisations must track changes to their IT environments to detect security violations, troubleshoot issues, prevent downtime and maintain compliance with security standards and industry regulations.”
He added that organisations needed to be able to see who has access to what at any single point in time and to monitor who breaches data and resource.
“Just because a user has a right or permission does not mean they should be exercising it,” said Simister. “But changes are your worst enemy when it comes to meeting security and compliance and you need configuration auditing to uncover details of each change, including who changed what permission, and when, on files, Active Directory, SharePoint sites, SQL databases, and so on.”
Simister said that this would be a great opportunity for the channel as “many organisations still rely on time-consuming manual processes for change monitoring and configuration auditing, while others take a costly sledgehammer approach to the problem and opt for a SIEM (Security Information and Event Management) solution.”
Simister said the Netwrix Auditor product would give companies a view of what was happening in their systems “at around a third of the cost of SIEM”.
“It provides an accurate picture of network activity by capturing a ‘snapshot’ before and after a change is made and there are even video tools that effectively provide ‘CCTV’ for IT systems,” he said.