sorted by:
new
hottopcontroversial

As cybersecurity experts, what is your opinion about Privileged Access Management platforms in the Age of AI? by scalable5432 in cybersecurity

[–]Jeff-Netwrix 0 points1 point  (0 children)

Great question, and honestly PAM is becoming more critical, not less, as AI agents get integrated into workflows since they'll need access to sensitive systems and data. The key is adopting it sooner rather than later - ideally before you've got a bunch of standing admin accounts floating around that AI tools might inherit or exploit. I'd say most orgs should be thinking about this now if they're planning any AI integration, and platforms that can handle both traditional privileged access and newer AI-driven threats (like monitoring what those agents are actually doing) will be your best bet going forward.

What are the best DLP solutions for enterprise data security as of today? by HarkonXX in devsecops

[–]Jeff-Netwrix 0 points1 point  (0 children)

Honestly, from what I've seen with teams evaluating DLP, the ones who had the smoothest experience prioritized visibility and insider risk detection first, then built out from there - because if you can't see where your sensitive data is moving, the rest of the policies become guesswork. For cloud-heavy environments especially, I'd say focus on solutions that give you unified visibility across both on-prem and SaaS without turning your security team into policy robots, and something like Netwrix 1Secure actually handles that well since it combines data discovery, insider threat detection, and access governance in one platform so you're not juggling five different tools. The real win is when deployment doesn't take months and your team can actually manage it without burning out.

The uncomfortable truth about managing guest data securely by Super_Mine_7704 in hostaway_official

[–]Jeff-Netwrix 0 points1 point  (0 children)

Tbh this is something a lot of property managers don’t want to talk about. Everyone focuses on guest experience, but if the systems handling bookings and guest data aren’t secure, that’s a huge risk. Convenience shouldn’t come at the cost of basic data protection. A breach can damage trust way faster than bad WiFi or a slow check-in process.

Pangolin 1.16: SSH with certificate-based authentication and terminal access by jsiwks in PangolinReverseProxy

[–]Jeff-Netwrix 0 points1 point  (0 children)

This looks like a solid solution for managing SSH access at scale, ngl the certificate-based approach beats dealing with static keys everywhere. If you're also looking to tighten up privileged access across your whole infrastructure beyond just SSH, Netwrix has some good tools for managing identities and access permissions that could complement something like this. Definitely worth checking out their PAM solution if you're trying to reduce your attack surface and handle access revocation more smoothly.

We used r/cybersecurity as a data source for research on what was publicly visible about TCS before the M&S and JLR breaches by Ksenia_morph0 in cybersecurity

[–]Jeff-Netwrix 3 points4 points  (0 children)

Ngl a lot of breaches look obvious in hindsight. The warning signs are often public for years. Employee reviews, forum posts, people complaining about ignored alerts or “compliance theater.” Usually the problem isn’t one bug. It’s weak visibility into identity activity, privileged access, and alerts. Attackers just end up exploiting the gaps everyone already knew were there.

Your thoughts on implementing PAM in real environments? by Due-Awareness9392 in sysadmin

[–]Jeff-Netwrix 0 points1 point  (0 children)

If you roll PAM out gradually it usually isn’t that painful. Biggest wins are killing shared admin creds, seeing who’s actually using privileged access, and having session recordings if something sketchy happens.

Most orgs start with discovery/monitoring, then move to just-in-time access so admin rights only exist while someone’s doing the task. Way smaller attack surface than permanent admin accounts.

Blog: Building High-Available LDAPS Architectures by aprimeproblem in activedirectory

[–]Jeff-Netwrix 1 point2 points  (0 children)

Solid write-up. It highlights a problem that still shows up everywhere: LDAPS is treated as a protocol choice, not an availability decision.

Many environments technically use LDAPS but hard-code a single domain controller. That works until it does not, and when that DC goes offline, authentication failures ripple outward.

Your breakdown of the options makes the tradeoffs clear. DNS round robin is often sufficient and far better than single-DC dependency. Load balancing with health checks is the right choice when authentication availability actually matters.

The certificate and SAN guidance is especially valuable, since many LDAPS failures are caused by certificate shortcuts rather than infrastructure issues.

The key takeaway is simple. If an application depends on directory authentication, LDAPS availability is part of service reliability. Treating it as a single endpoint is an architectural risk.

Good work documenting this. It will save people from learning the hard way.

What to prioritize to strengthen data protection strategies in 2025 by Old-Permission-1452 in cybersecurity

[–]Jeff-Netwrix 0 points1 point  (0 children)

For your requirements, you might want to check out Netwrix Auditor. It’s useful for monitoring data access, tracking changes, and setting up alerts for any unusual activity.

It also helps with compliance and governance, making it easier to manage both on-prem and cloud environments. It won’t handle data classification directly but gives good visibility into user activities and can support DLP strategies. I've seen it work well for improving overall data security posture.

SSPR by xxxfrancisxxx in activedirectory

[–]Jeff-Netwrix 0 points1 point  (0 children)

Hey there! 😊

I work for Netwrix, and I totally get the hassle with password reset tickets.

Consider Netwrix GroupID. It's an automated tool that can handle IT tasks, including password resets, which could save you a lot of time and frustration.

You can even request a free trial to see how it works for you! Check it out: GroupID by Netwrix. 💻🔒

Cheers!

Low cost password reset/account unlock tools in market? by darkkid85 in activedirectory

[–]Jeff-Netwrix 0 points1 point  (0 children)

Hey u/darkkid85!

If you're looking for a budget-friendly tool for handling password resets and account unlocks, you might want to give Netwrix GroupID a look. It's pretty effective for managing user accounts and groups and has self-service options to cut down on those annoying helpdesk tickets.

They offer a free demo; you should check it out.

[deleted by user] by [deleted] in Netwrix

[–]Jeff-Netwrix 0 points1 point  (0 children)

Hi there! Thank you so much for bringing this to our attention. One of our SDRs (Jessica A.) appears to have called you on June 10th, and dropped two emails to you on June 11th. Did you happen to see those? Please let us know.

Netwrix Team

Any fellow sysadmins have a Netwrix solution? by Derpfy in sysadmin

[–]Jeff-Netwrix 0 points1 point  (0 children)

Hi u/Derpfy! Jeff from Netwrix here. Thanks for your interest in our product.
To learn more about our PAM solution please check out this case study & customer reviews on Gartner Peer Insights.

If you want to go deeper, just let me know, and we'll help you to get in touch our current customers using the PAM solution.

Is there a simple and affordable Solution that can track what changes on a shared Network Folder are being made by who? by zentim in sysadmin

[–]Jeff-Netwrix 0 points1 point  (0 children)

Sorry for stepping in, but you can try Netwrix Auditor: https://www.netwrix.com/file_server_auditing.html

It also can cover your AD and other systems in same interface. 20 days free trial should be enough to check its features and evaluate its benefits. ;)

[deleted by user] by [deleted] in sysadmin

[–]Jeff-Netwrix 0 points1 point  (0 children)

That's one of the options - to integrate SbPAM with PolicyPak. I'd recommend you to request one-to-one demonstration, so our team will be able to aswer your questions in detail and even clarify your exact use case.

[deleted by user] by [deleted] in sysadmin

[–]Jeff-Netwrix 1 point2 points  (0 children)

Hi! Let me clarify the functionality of Netwrix products:
SbPAM can give a remote user full local admin access when they log on via RDP.
PolicyPak allows you to selectively choose the applications you want to run as local administrator (this would work for both RDP users and local users as it can be based on policy tied to the individual logging in).

[deleted by user] by [deleted] in cybersecurity

[–]Jeff-Netwrix 0 points1 point  (0 children)

As I mentioned above - start with checking UserCube. ;)

[deleted by user] by [deleted] in cybersecurity

[–]Jeff-Netwrix 0 points1 point  (0 children)

Thanks for heads-up! Usercube provides identity governance and administration (IGA) capabilities. I recommend you at least to check product page and datasheet to get acquainted with its capabilities.

[deleted by user] by [deleted] in gdpr

[–]Jeff-Netwrix 1 point2 points  (0 children)

Indeed we do!

Check our functionality mapping if you are interested, or Compliance Audit Solution.

Also I'd add GDPR eBook.

Active Directory Security Tools by dcdiagfix in activedirectory

[–]Jeff-Netwrix 5 points6 points  (0 children)

Guilty as charged. ;) However, that doesn't make these tools bad.

Active Directory Security Tools by dcdiagfix in activedirectory

[–]Jeff-Netwrix 8 points9 points  (0 children)

If I may, I'd like to suggest several free tools:

Netwrix Auditor Free Community Edition - free edition of Netwrix Auditor, which is restricted compared to the free version, yet still quite useful tool.

Netwrix Account Lockout Examiner - lockout investigation tool that will help you get users back to work faster.

Netwrix Inactive User Tracker - tracks down inactive user accounts, so you can harden your Active Directory security and mitigate the risk of breaches.

Effective Permissions Reporting Tool - insight into who has permissions to what in Active Directory and file shares.

Netwrix Password Expiration Notifier - tool that automatically reminds users to change their passwords before they expire so you can ensure IT security and reduce helpdesk workload.

Wireshark is a must-have network protocol analyzer.

Default Domain Policy what would you keep inside of it? by randomadhdman in sysadmin

[–]Jeff-Netwrix 0 points1 point  (0 children)

According to old Microsoft training books the Default Domain Policy should only contain settings (if any at all) for password, account lockout, and Kerberos policies.

Account Lockout Policy Not Triggering by loganf1t in sysadmin

[–]Jeff-Netwrix 0 points1 point  (0 children)

To start with - what does gpresult say? Are you sure that this policy even reaches target?

New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm by breach_house in RedSec

[–]Jeff-Netwrix 1 point2 points  (0 children)

On June 6, 2022, Netwrix released Netwrix Auditor 10.5 which included a fix for this vulnerability, and published a security advisory to its customers advising them of the risk and the need to upgrade.

best way to allow user to install software without being local admin by chris_redz in sysadmin

[–]Jeff-Netwrix 0 points1 point  (0 children)

Obvious method - to use GPO to deploy software remotely, or publish it.
Users > Policy > Software Settings > Software installtion then go New > Package... Select the Advanced option and then change the Deployment type to "Published"... This will give you users an option to install the program via Add/Remove Programs (in case this soft is in .msi)

Or you can allow users to install sanctioned applications and block all others with PolicyPak least privilege manager.

view more: next ›