logo

Intrusive agents will cause audit failures

Over the past several months I have had the pleasure of speaking with many customers who are looking to switch out their existing auditing platform for Netwrix Change Reporter Suite. They are most concerned about continuity of auditing over their critical systems to look for changes that may affect IT system availability. A common theme these customers express is that their existing solution requires agents that are intrusive to the operating system putting their servers at risk.

There is another thing to consider about these intrusive agents – they are typically required for the vendor’s product to collect audit data. Note: I did not say audit logs that is because they do not use native auditing. Instead these agents invent their own audit stream – nice if the agents are running. In addition the risks that intrusive agents pose to your servers, they also may cause you to fail an audit. If the audit agent hangs working for some period of time audit data is not created and there is no way to recreate it. Native auditing is critical to the continuity of auditing data and any system that tries to go around it should be avoided.

Netwrix unified auditing platform is built with Netwrix AuditAssurance™ Technology which avoids the problem of lost data by constructing audit data from multiple sources including native event data and intrusive agents are never required.

Robert is a former Director of Product Management at Netwrix. He combines 20 years of IT management and enterprise software experience to provide strategic vision to his high-performance teams through times of growth and change.