BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

DLP, Insider Threats, File Auditing and Reporting

Posted February 13, 2012    Morgan Holm

The growth of the cloud, virtualization and the consumerization of IT continue to provide companies and end users with more flexibility. However, they also raise some challenges for IT departments. One such challenge that is commonly discussed is data loss prevention (DLP), or the ability to identify, monitor and protect sensitive corporate information. 

While some advanced technologies and policies have specifically been designed and deployed for this purpose, including email archiving and USB lockdown, many organizations still lack central visibility into and appropriate auditing capabilities for their distributed file servers and sensitive files. In many organizations these servers are distributed and physical locations range from centralized data centers to closets in branch offices, which often house sensitive financial, HR and corporate intellectual property (IP). While many layers of protection may be implemented, a fundamental layer of protection should include the ability to monitor, alert, and report on these files, as well as the access/change activity for both general users and the administrators of the systems.

Native Tools Are Not Enough

While Microsoft native tools provide some auditing and permission reporting for these distributed servers, they have several drawbacks including:

1. Complexity: Setting up and enforcing native file auditing and permissions across distributed file servers are complex and lacks central management and control.

2. Decentralization: Access and change audits are written to the native logs, which are decentralized and cryptic.

3. No Central View: Native tools do not provide a central view of audit events (“Who is doing what”) and permissions (“Who could do what”).

4. Limited Reporting: Native tools do not provide enterprise level reporting which includes central visibility, granular filtering, and time based comparisons.

With all of these drawbacks and manual processes, how should you manage and monitor file access within your environment today? 

For organizations serious about DLP, ensuring compliance with standards such as HIPAA, and protecting their IP from insider threats, BeyondTrust offers a robust and automated suite of Windows file server solutions.

The BeyondTrust Solutions

BeyondTrust users can set up central auditing policies to be deployed across corporate file servers. Each policy has the necessary granularly to audit specific files and folders with complete include/exclude controls. Once the policies are deployed, users can perform centralized access and change reporting (“Who is viewing and changing my data”) by scheduling reports that are delivered to data owners automatically, as well as timely reviews for all monitoring folders and files—all using a simplified web console. In addition, users can perform centralized Privilege reports (“Who has access to my data”), which includes access changes to group memberships and delta comparisons between time periods. All of these reports can be filtered by resource name, user name, server name, event type, etc, to provide maximum visibility and control. Additionally, for very sensitive folders—perhaps a finance directory—users can configure real-time alerts that can be delivered to data owners automatically. 

Important Questions—Easy Answers

Ever wonder why a particular file was changed or deleted? Ever lose a file only to find out later that someone moved it to another server or folder? Ever been asked to find out who had access to a file 3 weeks ago?

If you need the answer to any of these types of questions have a look at PowerBroker Auditor for File System and PowerBroker Privilege Explorer. The answers will be at your finger tips. 

Tags:
, , , , , , ,

Leave a Reply

Additional articles

red-thumbprint

Why big data breaches won’t always be so easy

Posted September 19, 2014    Byron Acohido

This blog post is republished with the permission of ThirdCertainty. See the original post here. – By: Byron Acohido, Editor-In-Chief, ThirdCertainty Some day, perhaps fairly soon, it will be much more difficult for data thieves to pull off capers like the headline-grabbing hacks of Home Depot and Target. That’s not a pipe dream. It’s the projected outcome…

Tags:
, , , , ,
pbps-blog2

8 Reasons Your Privileged Password Management Solution Will Fail

Posted September 18, 2014    Chris Burd

Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organization. But if passwords are such a no-brainer, why do two out of three data breaches tie back to poor password management? The fact is that not all privileged password management strategies are created equal, so it’s critical…

Tags:
, , , , , ,
pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,