BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

DLP, Insider Threats, File Auditing and Reporting

Posted February 13, 2012    Morgan Holm

The growth of the cloud, virtualization and the consumerization of IT continue to provide companies and end users with more flexibility. However, they also raise some challenges for IT departments. One such challenge that is commonly discussed is data loss prevention (DLP), or the ability to identify, monitor and protect sensitive corporate information. 

While some advanced technologies and policies have specifically been designed and deployed for this purpose, including email archiving and USB lockdown, many organizations still lack central visibility into and appropriate auditing capabilities for their distributed file servers and sensitive files. In many organizations these servers are distributed and physical locations range from centralized data centers to closets in branch offices, which often house sensitive financial, HR and corporate intellectual property (IP). While many layers of protection may be implemented, a fundamental layer of protection should include the ability to monitor, alert, and report on these files, as well as the access/change activity for both general users and the administrators of the systems.

Native Tools Are Not Enough

While Microsoft native tools provide some auditing and permission reporting for these distributed servers, they have several drawbacks including:

1. Complexity: Setting up and enforcing native file auditing and permissions across distributed file servers are complex and lacks central management and control.

2. Decentralization: Access and change audits are written to the native logs, which are decentralized and cryptic.

3. No Central View: Native tools do not provide a central view of audit events (“Who is doing what”) and permissions (“Who could do what”).

4. Limited Reporting: Native tools do not provide enterprise level reporting which includes central visibility, granular filtering, and time based comparisons.

With all of these drawbacks and manual processes, how should you manage and monitor file access within your environment today? 

For organizations serious about DLP, ensuring compliance with standards such as HIPAA, and protecting their IP from insider threats, BeyondTrust offers a robust and automated suite of Windows file server solutions.

The BeyondTrust Solutions

BeyondTrust users can set up central auditing policies to be deployed across corporate file servers. Each policy has the necessary granularly to audit specific files and folders with complete include/exclude controls. Once the policies are deployed, users can perform centralized access and change reporting (“Who is viewing and changing my data”) by scheduling reports that are delivered to data owners automatically, as well as timely reviews for all monitoring folders and files—all using a simplified web console. In addition, users can perform centralized Privilege reports (“Who has access to my data”), which includes access changes to group memberships and delta comparisons between time periods. All of these reports can be filtered by resource name, user name, server name, event type, etc, to provide maximum visibility and control. Additionally, for very sensitive folders—perhaps a finance directory—users can configure real-time alerts that can be delivered to data owners automatically. 

Important Questions—Easy Answers

Ever wonder why a particular file was changed or deleted? Ever lose a file only to find out later that someone moved it to another server or folder? Ever been asked to find out who had access to a file 3 weeks ago?

If you need the answer to any of these types of questions have a look at PowerBroker Auditor for File System and PowerBroker Privilege Explorer. The answers will be at your finger tips. 

Tags:
, , , , , , ,

Leave a Reply

Additional articles

flash-logo

Adobe Patches Zero-Day Flaw Being Exploited in the Wild

Posted January 22, 2015    BeyondTrust Research Team

Earlier this week, French malware researcher Kafeine reported on a new Adobe Flash zero-day vulnerability that was being exploited in the wild using the latest versions of the Angler Exploit Toolkit. “Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled”…

Tags:
, , , , ,

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 2 of 2)

Posted January 22, 2015    Scott Lang

In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report…

Tags:
, , , ,
Larry-Brock-CISO

Basic Blocking and Tackling for Defending Against Advanced Targeted Attacks

Posted January 22, 2015    Larry Brock

With football season at its pinnacle at both the college and professional levels, the best teams continually focus on the fundamentals that make them successful. In security, we need to do the same.  It is okay for us to have a few key plays, especially in certain industries where we have to focus on unique…

Tags:
, , , , ,