Netwrix Use Case Suite on Data Auditing and Classification

by Eloise Gruber

Use case #1 – Manufacturing sector

This particular company is a leading manufacturer of production machines for wood. It had to ensure that all data relating to the machines it produces remained secure. The company wanted to quickly detect security breaches and prevent intellectual property theft.

In addition, the company needed to audit the Windows file servers, Exchange Online, and SharePoint systems used to store and process sensitive data.

How did the company meet its IT needs and requirements before the implementation of the solution?

The company had hired external developers to support its ERP system. The IT team wanted to closely monitor activities in the underlying SQL databases to ensure that there were any abuse of privileges or incorrect changes that could disrupt operations.

Consisting of 2 members, the IT team relied on manual log monitoring to identify security issues and perform audits.

However, the process was inefficient, time-consuming, and yielded inaccurate results, preventing the IT team from quickly detecting incidents.

Why did you choose the Netwrix Auditor audit solution?

Netwrix Auditor was chosen by the company’s developer because it offers a clear and comprehensive view of what is happening in the most critical systems and provides easy-to-read audit reports in just a few minutes.

How is the solution used?

Thanks to Netwrix Auditor, the IT team was able to meet its various needs by:

Quick detection of suspicious changes

To stay on the cutting edge of privilege escalation, IT experts regularly review Netwrix Auditor’s reports on changes in permissions and group membership, especially any changes that could affect access to intellectual property or sensitive messaging. They also examine user activity, including sharing information containing IP and other sensitive data, for any abnormal behavior so that they can react immediately. For example, the software helps detect when a user moves an entire folder to SharePoint, even if this action was just an error, the team appreciates that Netwrix discovers the problem so quickly.

Continuous connection audit

The IT team pays special attention to suspicious connections. These are sometimes a sign of a brute force attack or hackers trying to connect to company resources. Netwrix Auditor alerts for excessively fast connections, failed connections to SQL, attempts to log in a disabled account, and failed connections to the VMware environment, so that it can take action before damage is caused. This feature has proven particularly useful when switching to remote work during the pandemic. Netwrix helps identify security issues and resolve them quickly.

SQL Server Visibility

The activity of external developers can now be monitored. Netwrix Auditor shows what exactly is being done on SQL Server, including changes to content and configurations. The results can easily be filtered by user, object type, particular server… This allows the team to quickly detect and undo any unwanted changes to ensure resource availability and avoid business interruptions.

What is the level of satisfaction?

Netwrix significantly reduced the team’s manual analysis and investigation time from 2 hours to 5 minutes. The company was very surprised by the power of the tool. Netwrix can evaluate very large data sets and respond to queries in just a few seconds.

Today, the company uses Netwrix for Active Directory, Windows File Servers, SQL Server, Exchange, SharePoint, VMware, and Windows Server.

Use case #2 – Financial and Insurance sector

Previously, the insurance company was not able to guarantee that every permission and configuration was correct on all the systems on which we need to report: Active Directory, Exchange, file servers, SQL Server, VMware, etc.

For a security or compliance check, it took at least 2 days to produce the necessary reports. Today, it only takes 2 minutes to prove that there has been no violation of the security policy.

What were the needs that drove the customer to look for a solution?

The first need was to enable the analysis of user behaviour on the most critical systems, including Active Directory, Exchange, Windows file servers, SQL Server, and VMware.

Next, the company needed to report on access events and changes to security configurations to reduce security risks to customer data and ensure compliance.

What are the determining factors in the choice of Netwrix solutions?

The IT team opted for Netwrix Auditor for its in-depth analysis of user behavior. In addition, the Netwrix solution made it possible to control changes, configurations and access in all critical IT systems.

The solution is used by the IT team to:

Detection of data security threats

In just 2 minutes, IT can now run reports that provide deep visibility into changes and data access, such as non-owner access to mailboxes or changes to databases and folders containing sensitive content. The team also uses the software to examine user behavior patterns and detect abnormal actions. For critical changes, appropriate staff members receive email alerts that allow them to react quickly and resolve issues related to security breaches.


Netwrix Auditor simplifies the process of proof of compliance with data protection regulations, to which the financial services company is subject. Each action is carefully documented which is much easier to prove that the company has all the required security controls in place.

What is the level of satisfaction?

Today, the company uses Netwrix for its out-of-the-box compliance reports. If the IT team wants to provide a report for a specific request, they simply use interactive search to quickly get what listeners want. The reports are easy to understand and the auditors are completely satisfied.

If you would like to learn more about how BlueFinch can help your organisation protect its sensitive data and about our Data Security Suite? Please contact and take a look at our solutions.