BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

DLP, Insider Threats, File Auditing and Reporting

Posted February 13, 2012    Morgan Holm

The growth of the cloud, virtualization and the consumerization of IT continue to provide companies and end users with more flexibility. However, they also raise some challenges for IT departments. One such challenge that is commonly discussed is data loss prevention (DLP), or the ability to identify, monitor and protect sensitive corporate information. 

While some advanced technologies and policies have specifically been designed and deployed for this purpose, including email archiving and USB lockdown, many organizations still lack central visibility into and appropriate auditing capabilities for their distributed file servers and sensitive files. In many organizations these servers are distributed and physical locations range from centralized data centers to closets in branch offices, which often house sensitive financial, HR and corporate intellectual property (IP). While many layers of protection may be implemented, a fundamental layer of protection should include the ability to monitor, alert, and report on these files, as well as the access/change activity for both general users and the administrators of the systems.

Native Tools Are Not Enough

While Microsoft native tools provide some auditing and permission reporting for these distributed servers, they have several drawbacks including:

1. Complexity: Setting up and enforcing native file auditing and permissions across distributed file servers are complex and lacks central management and control.

2. Decentralization: Access and change audits are written to the native logs, which are decentralized and cryptic.

3. No Central View: Native tools do not provide a central view of audit events (“Who is doing what”) and permissions (“Who could do what”).

4. Limited Reporting: Native tools do not provide enterprise level reporting which includes central visibility, granular filtering, and time based comparisons.

With all of these drawbacks and manual processes, how should you manage and monitor file access within your environment today? 

For organizations serious about DLP, ensuring compliance with standards such as HIPAA, and protecting their IP from insider threats, BeyondTrust offers a robust and automated suite of Windows file server solutions.

The BeyondTrust Solutions

BeyondTrust users can set up central auditing policies to be deployed across corporate file servers. Each policy has the necessary granularly to audit specific files and folders with complete include/exclude controls. Once the policies are deployed, users can perform centralized access and change reporting (“Who is viewing and changing my data”) by scheduling reports that are delivered to data owners automatically, as well as timely reviews for all monitoring folders and files—all using a simplified web console. In addition, users can perform centralized Privilege reports (“Who has access to my data”), which includes access changes to group memberships and delta comparisons between time periods. All of these reports can be filtered by resource name, user name, server name, event type, etc, to provide maximum visibility and control. Additionally, for very sensitive folders—perhaps a finance directory—users can configure real-time alerts that can be delivered to data owners automatically. 

Important Questions—Easy Answers

Ever wonder why a particular file was changed or deleted? Ever lose a file only to find out later that someone moved it to another server or folder? Ever been asked to find out who had access to a file 3 weeks ago?

If you need the answer to any of these types of questions have a look at PowerBroker Auditor for File System and PowerBroker Privilege Explorer. The answers will be at your finger tips. 

Tags:
, , , , , , ,

Leave a Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,