FileAudit

Overview

Using FileAudit

To monitor access to your organisation’s data, standard Microsoft systems only propose manual event log analysis.  This very limited functionality leaves administrators having to decrypt hundreds or even thousands of events, attempting to retrieve those of interest; and therefore generates endless hours of non value added work as well as the risk of error or overlook.  

On the other hand, with a simple right click in Windows explorer or from the console; FileAudit instantly gives an error ridden and comprehensive list of:

  • read/write accesses
  • appropriation attempts (accepted or denied)
  • permission modification attempts (accepted or denied)

each record detailing:

  • the user
  • the domain
  • the date and time of connection and disconnection

for:

  • a file
  • a selection of files
  • a folder and subfolders
  • a selection of folders and subfolders

and gives you a very simple and efficient way of controlling the use made of your organisation’s sensitive and confidential data.

How does FileAudit work?

FileAudit is an administration console to be installed on a computer running Windows NT4, 2000, 2003 or XP.

The Audit object access needs to be enabled on the computers storing the files and folders to be analysed.

No extra installation or agent deployment is necessary as all the actions are made using the files and folders context menus.

FileAudit can be used:

  • from Windows explorer, as FileAudit is added to the file's and folder's context menu
  • with it's own console

one only needs to:

  • select a file, a group of files, a folder or a group of folders in the explorer, right-click and select FIleAudit
  • Select the file(s) or folder(s) in FileAudit's console

to instantly display all access or acess atempt information

Why buy FileAudit ?

Using FileAudit in your environment will bring you the following advantages:

  • security for your confidential and sensitive data
  • eradication of the workload related to data surveillance
  • help toward your information systems compliance as to multiple international regulations and standards (HIPAA, Sarbane-Oxley, GLBA, NIST/FIPS, ITIL, COBIT, CISP, ISO 17799…)
  • simplicity of use: context menu, agentless solution
  • efficiency: instant display, multiple selections


Features

Instant surveillance

From its own console or with a simple right click in Windows explorer; FileAudit instantly displays for:

  • a file
  • a selection of files
  • a folder and subfolders
  • a selection of folders and subfolders

the list of:

  • read/write accesses
  • file deletion attempts (accepted or denied)
  • appropriation attempts (accepted or denied)
  • permission modification attempts (accepted or denied)

each record detailing:

  • the user
  • the domain
  • the date and time of connection and disconnection

Access event archiving

FileAudit can be scheduled to automatically archive into a database, at regular intervals, the access events occurring on one or more systems for permanent storage.

Audit and reporting

FileAudit can display file/folder access history in a printable report that can be scheduled to run automatically.

FileAudit can also export the generated results in ASCII format, allowing their use in view of an audit or for subsequent analysis and control.

Ease of Use

  • Elimination of all duplicated, irrelevant and pseudo events, rendering analysis a lot easier and sparing backup disk space
  • Ability to add display filters: accepted or denied access, type of access (read, write, delete, ...), user account, time frame, etc...  
  • Quick access to the latest files/folders audited
  • Automatic configuration of the Windows audit on files/folders with default audit values

Non-intrusive technology

FileAudit is an agentless solution and only uses standard Windows APIs.



Usage Scenarios

Detect intrusion

  • Detect if outsiders are attempting to access company documents
  • Save all access attempts to a confidential file

Resolve incidents

  • Find out if a user has read a file
  • Detect if a user has written to a folder

Identify who did it

  • Know who accessed a file
  • Find out who tried to modify a file’s permissions
  • Discover who attempted to repossess a file
  • Discover who deleted a file

Date events

  • Find out when a file was deleted
  • Detect when the permissions to a folder were modified

Archive behaviors

  • Establish the list of users who unsuccessfully tried to read a file
  • Establish the list of users who successfully read a file
  • Establish the list of all users having accessed a folder


Requirements

Operating system

  • Windows XP
  • Windows 2003
  • Windows 2000
  • Windows NT 4

File system

  • NTFS


Printed from www.pnltools.com
© 2008 PNLTools Limited. All rights reserved