Netwrix on journey from IT auditing solution to visibility platform with Auditor 9.5

Netwrix has a hybrid go-to-market model, but has never really been proactive about its channel. That’s about to change, however.

Today, Irvine CA-based Netwrix is launching Netwrix Auditor 9.5, the second of its two releases this year. It’s a significant announcement for the channel, for a couple of reasons. First, it represents a continuing broadening of the software’s functionality to more of a visibility platform. Secondly, the release coincides with an impending strategic initiative designed to be more proactive about leveraging partners and their value in North America.

Netwrix is an established IT auditing solutions provider, which has been in business since 2006, with regulated industries being their core market.

“IT auditing is a base function that companies with Microsoft Active Directory who are subject to regulatory compliance need to do,” said Jim Smith, Netwrix’s VP of Sales. “From the highest level like  Sarbanes-Oxley to individual-focused regulations like PIPEDA, the organization has to demonstrate they have control from a technology standpoint, particularly over configuration changes, and can tell who has access to what data and what they are doing with it. We are an agentless solution, which is popular today.”

With their Auditor 9.0 release earlier this year, Netwrix began its transition into a visibility platform for data security and risk mitigation, a transition that continues here.

“We are pretty excited about this release, and our expansion from an IT auditing solution to more of a visibility platform,” Smith said. “Our 9.0 release announced thresholding. With 9.5, we are going down the path of risk assessment, with a scoring system to see things like who has access, who is active and who is dormant. Dormant users, like contractors, are especially vulnerable.”

Smith emphasized that while the capabilities to do this had been in Auditor before, this is the first time they have been actualized.

“It is a brand new component,” he said. “We had a lot of the pieces that make it up before, but never strung them all together. Now it lets you see how vulnerable you are.”

Smith that that while SIEMs do something similar, they collect logs and issue alerts on a very broad range, and have limitations that Auditor does not.

“They don’t snapshot, so they can’t determine who had permissions today and who did 90 days ago,” he stated. “You also have to be a cybsersecurity expert to decipher what is real and not real with them. We have seen data that 47 per cent of companies with a SIEM don’t respond to at least 25 per cent of alerts – because they don’t have the capacity. We simplify things and make it easy. We now grade anything dealing with Active Directory in an automated fashion.”

Netwrix Auditor 9.5 also enhances behavioral anomaly information.

“Today we do behaviour anomaly discovery, like people logging in after hours, and are moving to full behaviour analytics over time,” Smith said. “The distinction is that behaviour anomaly discovery is based on a lightweight algorithm, as opposed to heuristics and machine based learning.”

Auditor 9.5 also provides more granular Permissions Analysis than previously.

“This lets you scrutinize more effectively who has access to what, such as being able to look at members of local admin groups within Active Directory,” Smith said.

The ability to generate Custom Report Subscriptions has been added.

“We are constantly adding new reports, but customers have really asked us for the ability to subscribe to whoever you want, so we have provided the ability to create custom reports, Smith said.

“We have also added State and Time support – before and after values – so you see where you are today and where you were a month ago,” Smith indicated.

“One other thing we have added that I think will get lots of attention is that we have created an integration with ServiceNow, so you can create a ticket in their format through an alert,” he added. “This is the first of these kind of relationships for us. We chose them because they are the market leader, but we will look at adding others.”

Smith also added what they call ‘in-store add-ons’ in this release – capabilities that customers can expand upon themselves. High-level Linux monitoring is one.

He also emphasized that Auditor’s market isn’t limited to just larger customers.

“I have clients as small as 150 users,” he said. “This works any time you have more than a couple admins who can make changes. It’s also important for anyone who is regulatory compliance-driven. A lot of time is spent creating or recreating reports to show that you have control. We automate that, so when an auditor arrives, you can just point them to a folder. We can save a company up to 65 per cent in the costs to prepare for regulatory compliance.”

Netwrix sells through a hybrid model.

“In our 11 years, we have averaged 35 per cent year-over-year growth,” Smith said. “In North America, about 25 to 30 per cent of our revenue comes from channel partners. It’s 70-80 per cent in the rest of the world.

“We are really looking to expand our channel presence,” he stressed. “We have never been really proactive with our channel in North America, which has limited its growth. Next year, we will be making a major push to change that.”

They currently have several hundred partners, of whom Smith said between 50 to 100 could be classified as strategic.

“In Canada, our largest reseller is Softchoice, and it is SHI in the US, but we have many boutique partners as well,” he said. “Able-One Systems in the Toronto area [Kitchener] is an important partner.”

Netwrix Auditor 9.5 is available now.