+1-800-492-3951 or +318.104.22.168.20 (GMT+1)
Bolster your defense against the insider threat
The seriousness of insider threats, intentional or not
Identify & mitigate the risk from authenticated users
Securing network access for all authenticated users
Moving from access logging to continuous monitoring and immediate response
Disseminate good user behaviour to protect against insider threats
Reduce the risk of security breaches from the insider threat
Control system access, identify employees on the network, respond to suspicious activity & protect patient data with IS Decisions solutions. Read more
Strong access control measures, enforced unique user ID and enhanced access monitoring to the network and cardholder data with our solutions. Read more
Userlock and FileAudit can both help you address the requirements of SOX by allowing you to control and monitor system access and identity. Read more
UserLock and FileAudit protect the network, and sensitive information within, against unwanted access to help your business become ISO 27001 compliant. Read more
UserLock directly addresses two access control baselines of NIST 800-53, AC-9 Previous Logon (Access) Notification and AC-10 Concurrent Session Control. Read more
This guide looks at some of the key areas for HIPAA compliance and the NHS Security policies with relation to internal safeguards.
Check if you're compliant
Research and guidance on access security for PCI, SOX, GLBA and FCA regulations that safeguard sensitive financial and customer data.
Research and guidance on user security and information access compliance for FISMA, ISO 27001, DPA and Lexcel regulations.
Rather than blaming users for being human, start better protecting users’ authenticated access.
If you are implementing an insider threat program, here’s a 12 step guide to help ensure that it’s set for the future of internal security.
An alternative to complex, costly and disruptive multi-factor authentication
A report on the frustrations that IT managers face with multi-factor authentication and how to improve access security without impeding end users or disrupting existing infrastructure.
User Security in 2015: The future of addressing insider threat
2015 is set to see a huge rise in the number of IT professionals taking action to address insider threat in their organization according to our new research.
Insider Threat Security Manifesto: Beating the threat from within
What can you do to mitigate the risk of insider threats from both a technological and cultural standpoint?
From Brutus to Snowden: A study of Insider Threat Personas
Who are the most potentially dangerous users in your organization and what you can do to alter behavior and mitigate risk?
Insider Threat Peer Report
A rare insight into the views of security experts from a variety of industries on internal security
Do your actions risk your employer's security? Prove it!
Play The Weakest Link - A User Security Game.
Free to play for any employee in any position, from any department.Help engage your users and reinforce their user security awareness.
UserLock limits concurrent logins, restricts access, monitors, alerts and reports on session activity throughout the corporate Windows network.
FileAudit monitors, archives and reports on access (or access attempts) to sensitive files and folders stored on Microsoft Windows systems.
RemoteExec remotely installs applications, executes programs, scripts and updates files and folders on Windows systems throughout the network.
WinReporter retrieves detailed information about hardware, software and security settings from Windows systems and automatically generates reports.
With FileAudit, your file access auditing performance and scalability can be improved further through the exclusion of irrelevant access events or files with specific extensions. With advanced settings you can also enable remote connection and delegate an audit to non-IT users.
Hi everyone, welcome to the FileAudit Tutorial. We will see on this tutorial the different advanced settings available in FileAudit. Click on the “Settings” section from the FileAudit hub.
The first section named “Scan options” allows certain events to be excluded from the audited access events. The goal is to exclude user accounts, application or file type and obtain only the pertinent access audit that you need. Click on the “Add” button of the exclusion type to type the item you want to exclude. Note that there is a specific switch to ignore the “read access attempt” of any executable file. Most executable files load an associated icon image when the file name is listed in Windows Explorer. This option permits to exclude these read access events. The second section allows you to define the database settings. A wizard allows you to select your database provider and complete the different required fields. You can test the settings connection to validate the communication between FileAudit and the new database.
“Email settings”. Here you can automatically send reports and real-time alerts for specific access events. To do this FileAudit requires the configuration of an SMTP server. Type the server, the port and from which e-mail you want to send these notifications. You can switch on “Use SSL encryption” if you wish to use SSL.
The “Accounts” section allows the definition of impersonation accounts for the scan of access events. When the list is empty, FileAudit uses the account of the FileAudit service, which is the default local system. Click “Add an account” and provide an account which has at least local administrator privileges on the target audited machine. You can provide as many accounts as target machines that you want to audit.
The “License” section allows you to register a FileAudit license. Copy and paste the FileAudit serial number found in the e-mail sent from our sales department into the License key field. Click “Apply”. The maintenance expiration date and the number of machines permitted to be audited will be displayed in the “Details” section. If wanted, you can revoke a licensed computer by clicking the “Revoke” button. But do take note that revoking an audited machine will clean all events of this machine on the database.
Permissions offer you the possibility to grant the access of the different FileAudit features to audit administrators. Click the “Add an account” button either user or group and enter the desired name through the Microsoft account selector. Check the entered name. Once the account name is detected and validated, click “OK”. You’ll next be able to choose what permissions you need to give to this specific user or group. You will get more details about this section on a specific tutorial about FileAudit delegation for non IT administrators.
The last section is the one which allows you to enable remote connection to the FileAudit service. This option if enabled also permits you to delegate the audit to non-IT users. By default the TCP port is set to 2000 but you can specify which port the FileAudit console must use to connect to the FileAudit service. Note that any port modification requires a FileAudit restart before it is fully activated.
On the next video we’ll see how to clean the events history saved in your database.
(Free number for US & Canada)
Copyright © - IS Decisions | All Rights Reserved.