Go Up
You are here: IntelligenceIT Risk Assessment Overview

IT Risk Assessment Overview

To help you identify configuration gaps in your environment and understand their impact on overall security, Netwrix Auditor offers a dashboard with a number of metrics and drill-down reports on IT risk assessment. They pinpoint the weak points in your IT infrastructure such as overly broad assignment of access rights, loose password policies, and stale accounts. This information will help you to take corrective measures in the required area, ensuring the IT risks stay in the safe zone.

Risk assessment dashboard can be accessed by clicking the Risk assessment tile in the main window of Netwrix Auditor. For details about using the dashboard, see IT Risk Assessment Dashboard.

For details about metrics calculation, see How Risk Levels Are Estimated .

Looking for real-life use cases and walk through examples? Check out Netwrix training materials. Go theIT Risk Assessment videos.

Providing Data for Risk Assessment

To provide data for metrics and reports that belong to different categories, you will need to configure monitoring plans that will process related data sources. These monitoring plans should have at least one item added. See the following table for the certain reports:

Category Report name Collect data from

Users and Computers

User accounts with "Password never expires"

AD domain

User accounts with "Password not required"

AD domain

Disabled computer accounts

AD domain

Inactive user accounts

AD domain

Inactive computer accounts

AD domain

Servers with Guest account enabled

Windows Server

Servers that have local user accounts with "Password never expires"

Windows Server

Permissions User accounts with administrative permissions

AD domain

Administrative groups

AD domain

Administrative group membership sprawl

Windows Server

Empty security group

AD domain

Site collections with the "Get a link" feature enabled

SharePoint farm

Sites with the "Anonymous access" feature enabled

SharePoint farm

Site collections with broken inheritance

SharePoint farm

Data

Files and folders accessible by Everyone

Windows File Server

File and folder names containing sensitive data

Windows File Server

Potentially harmful files on file shares

Windows File Server

Direct permissions on files and folders

Windows File Server

Documents and list items accessible by Everyone and Authenticated Users

SharePoint farm

Infrastructure

Servers with inappropriate operating systems

Windows Server

Servers with under-governed Windows Update configurations

Windows Server

Servers with unauthorized antivirus software

Windows Server

The monitoring plans also must be configured to store data to the audit database.

Also, all risk metrics and related reports require state-in-time data to be collected. You can select the relevant option when creating a new monitoring plan, as described in the Settings for Data Collection section.

To verify the necessary settings of the existing plan

  1. Select the monitoring plan you need and click the Edit button.
  2. In the right pane of the dialog displayed, select Edit settings from the Monitoring plan section.
  3. Go to the Audit Database section and make sure that Disable security intelligence ... checkbox is cleared. This will instruct Netwrix to store data to both Long-Term Archive and audit database:
  4. Save the settings and return to the window with the monitoring plan details. Make sure you have at least one monitored item in the plan. If necessary, add an item.
  5. Select the data source you need (for example, Active Directory) and click Edit data source from the Data source section on the right.
  6. Make sure that:
    1. Monitor this data source and collect activity data is switched ON.
    2. Collect data for state-in-time reports is switched ON.
  7. Save the settings and close the dialog.

Go Up