1.1 What is Change Guardian?

Change Guardian gives you the security intelligence you need to rapidly identify and respond to privileged-user activities that could signal a security breach or result in compliance gaps. It helps security teams detect and respond to potential threats in real-time through intelligent alerting of authorized and unauthorized access and changes to critical files, systems, and applications.

To combat an increasingly sophisticated threat landscape and complex computing environment driven by such technologies as BYOD, mobility and cloud, organizations must take a layered and integrated approach to defend their critical systems and sensitive data.

Change Guardian provides the following protection measures:

  • Privileged-user monitoring. Audits and monitors the activities of privileged users to reduce the risk of insider attacks.

  • Real-time change monitoring. Identifies and reports on changes to critical files, platforms and systems to help prevent breaches and ensure policy compliance.

  • Real-time intelligent alerting. Provides immediate visibility to unauthorized changes that could lead to a breach, enabling the fastest threat response.

  • Compliance and best practices attainment. Helps satisfy compliance mandates by demonstrating the ability to monitor access to critical files and data.

Change Guardian helps you reduce the time and complexity required to analyze disparate platform logs in the following ways:

  • Centrally recording and auditing changes

  • Creating intuitive monitoring policies through policy-based monitoring

  • Automating daily change auditing and reporting

NetIQ Change Guardian also integrates with your existing security information and event management (SIEM) solution, such as NetIQ Sentinel. Change Guardian extends your SIEM solution’s ability to detect and respond to threats by pinpointing the who, what, when, and where of an event while providing before and after values. With this comprehensive security intelligence, you will be better able to mitigate the impact of an attack before serious damage or compliance gaps can occur.