Skip to main content

Netwrix Threat Prevention v7.4 Documentation

Netwrix Threat Prevention safeguards an organization from internal and external threats by acting like a firewall around the critical systems and applications: Active Directory, Exchange, and file systems. It empowers organizations to overcome limitations in native Windows logging and security controls with features such as:

  • Active Monitoring – Threat Prevention intercepts all critical activity at the source, actively monitors user behavior and alerts on suspicious activities, thus generating security intelligence that provides visibility and security over your business assets.
  • Proactive Remediation – When a suspicious pattern of activity is identified, Threat Prevention issues an alert along with immediate remediation, such as blocking the compromised user account from further authentications. In this way, it protects business critical systems and sensitive data from threats such as malware and ransomware.
  • Real-time alerts – Provides inspection, alerting, and policy enforcement, serving as a security enhancement that protects sensitive assets and eliminates downtime from careless error.
  • Audit Trail – Provides administrators and auditors detailed records of every change, access, and authentication activity.
  • Third-party Integration – Threat Prevention seamlessly integrates with SIEM dashboards that an organization is currently leveraging. It sends SIEM reliable, insightful and context laden data in real-time to SIEM dashboards, removing the need for native logs.
  • Modern Architecture – With a FIPS 104-2 compliant architecture, Threat Prevention has been built specifically for the modern security landscape.

Organizations can benefit from Threat Prevention in many ways, such as:

  • Catch suspicious authentication events
  • Proactively prevent unauthorized changes
  • Block the riskiest actions
  • Accelerate investigation and harden security
  • Tighten security and compliance practices