Overview

The Sarbanes-Oxley Act of 2002, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 is a United States federal law enacted on July 30, 2002 in response to a number of major corporate and accounting scandals. The Sarbanes-Oxley Act (SOX) Section 404 requires publicly traded companies to establish and maintain effective internal controls over financial reporting. 

Netsurion Managed XDR for SOX 404 Compliance 

Netsurion recognizes the importance of compliance with SOX 404 and provides robust solutions to support organizations in meeting their requirements. Here’s how Netsurion supports SOX 404 compliance: 

  1. Ease of SOX Reporting and Alerting: Netsurion Managed XDR provides specific reports, rules, and dashboards that can be easily customized to meet the requirements of SOX 404. These reports and dashboards streamline the process of preparing for SOX audits, allowing for “single-click” issue flagging and on-the-fly report annotation. By being “audit-ready all the time” and demonstrating a commitment to compliance, organizations are more likely to receive corrective guidance instead of punitive action during the audit process. 
  2. Real-time Monitoring: Netsurion Managed XDR facilitates real-time monitoring and review of logs and access reports to ensure timely detection of any issues related to covered information and information exchange. By documenting policies, training responsible personnel, and demonstrating ongoing incident and log review procedures, organizations can meet the requirement of monitoring and reviewing logs in a timely manner. 
  3. Data and Information Protection: Netsurion safeguards sensitive data by enforcing stringent rules for authentication and authorization. It enables monitoring of access to file and database servers, tracks configuration changes on critical systems, and alerts responsible entities for necessary actions. Netsurion Open XDR’s optimized event warehouse ensures efficient storage and retrieval of event logs, protecting against tampering. 
  4. Full View of the Entire IT Infrastructure: Netsurion Managed XDR provides organizations with a comprehensive view of their entire IT infrastructure. By enhancing security, facilitating compliance, and increasing operational efficiencies, Netsurion enables organizations to be more aware of potential security risks and threats. It offers the ability to respond to security incidents promptly with comprehensive data and forensic tools, reducing the time required for investigation and mitigation. 

By leveraging Netsurion Managed XDR, organizations can enhance their internal control environment, strengthen their risk management processes, and demonstrate compliance with SOX 404 requirements. 

Using Netsurion Managed XDR to meet SOX 404 Requirements 

SOX Sections 302 and 404

Section 302 & 404 outline that a company’s CEO and CFO are directly responsible for the accuracy, documentation and submission of all financial reports as well as the internal control structure to the SEC. In order for an organization to confidently attest to this it must have a clear understanding of where data is stored, who owns it, who is responsible for it and who is authorized to use it.

Netsurion Open XDR monitors and stores in a searchable format, all aspects of data use for information stored on file servers and Network Attached Storage (NAS) devices. Netsurion Open XDR provides a detailed record of files server contents and how they are used including: filenames, folders, access privileges to files and folders (i.e. a user’s or groups NTFS permissions), data use by username of group name (i.e. create, open, delete, rename), a list of the likely business owners of data. This latter is based on Netsurion Open XDR analysis of legitimate user activity on a given data set.


SOX requires an Internal Control Report stating that management is responsible for an ‘‘adequate’’ internal control structure, and an assessment by management of the effectiveness of the control structure. Any shortcomings in these controls must also be reported. To accomplish this COBIT recommends security officers report directly to high level management and that the following duties be segregated: data entry, computer operation, network management, system administration, systems development and maintenance, change management, security administration, security.

Netsurion Open XDR helps meet the objectives of these requirements in a number of ways.

  • Netsurion Open XDR recommends the revocation of permissions to data for those users who do not have a business need to the data this ensures that user access to data is always warranted and driven by least privilege.
  • Netsurion Open XDR generates reports showing the history of permission revocations and the percentages by which overly permissive access was reduced.

Via these capabilities, entities can demonstrate a historical and sustained enforcement of least privilege access and its effects.


SOX require that organizations be able to provide evidence that they are compliant. This requires an ongoing effort to document and measure compliance continuously.

Netsurion Open XDR provides highly detailed reports including: data use (i.e. every user’s every filetouch), user activity on sensitive data, changes including security and permissions changes which affect the access privileges to a given file or folder, a detailed record of permissions revocations including the names of users and the data sets for which permissions were revoked. In fact, because Netsurion Open XDR allows any query or complex query of data use within the application to be saved and generated as a report, the amount and types of information that can be furnished for SOX compliance documentation are nearly infinite


Accounting for access (particularly administrative access) to critical systems is an important aspect of SOX compliance. Systems must be configured to capture both administrative and user access, to store the logs for later review and to protect the logs from unauthorized access.

Netsurion Open XDR maintains a detailed history of all objects managed by the Netsurion Open XDR including users, user groups and by extension administrative accounts within user directories. At any given time users of Netsurion Open XDR can generate reports that show which administrators changed security settings and access permissions to file servers and their contents. The same level of detail is provided for users of data, showing their access history as well as any changes made to security and access control setting of files and folders. Further, alerts and reports are automatically generated for anomalous or overly rigorously activity on important data sets. All of this ensures that access to data in continuously monitored for appropriate use and that organizations have all of the information they need to conduct forensic analysis and process improvement.