BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

DLP, Insider Threats, File Auditing and Reporting

Posted February 13, 2012    Morgan Holm

The growth of the cloud, virtualization and the consumerization of IT continue to provide companies and end users with more flexibility. However, they also raise some challenges for IT departments. One such challenge that is commonly discussed is data loss prevention (DLP), or the ability to identify, monitor and protect sensitive corporate information. 

While some advanced technologies and policies have specifically been designed and deployed for this purpose, including email archiving and USB lockdown, many organizations still lack central visibility into and appropriate auditing capabilities for their distributed file servers and sensitive files. In many organizations these servers are distributed and physical locations range from centralized data centers to closets in branch offices, which often house sensitive financial, HR and corporate intellectual property (IP). While many layers of protection may be implemented, a fundamental layer of protection should include the ability to monitor, alert, and report on these files, as well as the access/change activity for both general users and the administrators of the systems.

Native Tools Are Not Enough

While Microsoft native tools provide some auditing and permission reporting for these distributed servers, they have several drawbacks including:

1. Complexity: Setting up and enforcing native file auditing and permissions across distributed file servers are complex and lacks central management and control.

2. Decentralization: Access and change audits are written to the native logs, which are decentralized and cryptic.

3. No Central View: Native tools do not provide a central view of audit events (“Who is doing what”) and permissions (“Who could do what”).

4. Limited Reporting: Native tools do not provide enterprise level reporting which includes central visibility, granular filtering, and time based comparisons.

With all of these drawbacks and manual processes, how should you manage and monitor file access within your environment today? 

For organizations serious about DLP, ensuring compliance with standards such as HIPAA, and protecting their IP from insider threats, BeyondTrust offers a robust and automated suite of Windows file server solutions.

The BeyondTrust Solutions

BeyondTrust users can set up central auditing policies to be deployed across corporate file servers. Each policy has the necessary granularly to audit specific files and folders with complete include/exclude controls. Once the policies are deployed, users can perform centralized access and change reporting (“Who is viewing and changing my data”) by scheduling reports that are delivered to data owners automatically, as well as timely reviews for all monitoring folders and files—all using a simplified web console. In addition, users can perform centralized Privilege reports (“Who has access to my data”), which includes access changes to group memberships and delta comparisons between time periods. All of these reports can be filtered by resource name, user name, server name, event type, etc, to provide maximum visibility and control. Additionally, for very sensitive folders—perhaps a finance directory—users can configure real-time alerts that can be delivered to data owners automatically. 

Important Questions—Easy Answers

Ever wonder why a particular file was changed or deleted? Ever lose a file only to find out later that someone moved it to another server or folder? Ever been asked to find out who had access to a file 3 weeks ago?

If you need the answer to any of these types of questions have a look at PowerBroker Auditor for File System and PowerBroker Privilege Explorer. The answers will be at your finger tips. 

Tags:
, , , , , , ,

Leave a Reply

Additional articles

ovum-research

New Analyst SWOT Assessment Identifies Key Strengths of PowerBroker

Posted November 24, 2014    Scott Lang

Following on the heels of the Gartner PAM market guide and Frost & Sullivan review of Password Safe comes a new analyst review of our BeyondInsight and PowerBroker platforms, a SWOT assessment of BeyondTrust written by Ovum. Ovum’s honest and thorough review of BeyondTrust indicates that we are delivering, “…an integrated, one-stop approach to PAM….

Tags:
, , ,

Patented Windows privilege management brings you unmatched benefits

Posted November 24, 2014    Scott Lang

We are pleased to announce that BeyondTrust has been granted a new U.S. Patent (No. 8,850,549) for privilege management, validating our approach to helping our customers achieve least privilege in Windows environments. The methods and systems that we employ for controlling access to resources and privileges per process are unique to BeyondTrust PowerBroker for Windows….

Tags:
6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,