logo

Avoiding False Positives When Monitoring Administrator Behavior

In NetSuite, the Administrator role gives users broad transactional powers — and with that comes the potential for fraud. In an ideal world, no one user would be able to create, edit and delete any and all transactions in a production account. 

Of course, as we all know, the real world is messy. Transactional changes by admins are sometimes necessary. However, detecting these changes is more difficult than you might expect. As a result, even if you trust your team completely, audit readiness can be a challenge.

Regularly monitoring and reviewing all transactional changes made by users with admin privileges is a key part of prepping for SOX compliance — not to mention a best practice for staying safe.

The Problem With System Notes

It’s entirely possible to monitor transactional activity using NetSuite’s system notes. The problem? False positives.

As you’ll see, system notes have limited filtering capabilities. And they don’t always accurately differentiate between changes made by Admin Scripts and changes made by users through the UI. Which means that a lot of the results they generate aren’t actually changes that need review.  In order to get accurate reporting, you need to compare a list of system notes flagged as being made in the Administrator role with a list of Administrators.

That’s where Netwrix Strongpoint comes in. Our Agent Control module automatically searches system notes for transactional behavior, and crossmatches the results against the Employee Record to find all changes made by users with admin or related privileges. This effectively filters out false positives, so you — and your auditors — can focus on what’s most important. It also ensures that your report is always up to date to include any new Administrators.

As VP of Sales and Marketing, Paul is responsible for driving growth of of the Infrastructure and Applications products in the Netwrix portfolio. His main areas of focus are security and compliance for NetSuite, Salesforce and Network Infrastructure. He is passionate about Go To Market Strategies and driving positive outcomes for customers. Previously, Paul served as the VP of Sales and Marketing at Strongpoint where he ran Go To Market functions before it was acquired by Netwrix. Paul holds a Bachelor of Arts degree and a Masters in Business Administration from McMaster University in Hamilton, Ontario, Canada.