Windows File Server Auditing

With the limited usefulness of native Windows Tools, FileAudit is a software solution that greatly enhances Windows file server auditing.

Windows File Server Auditing Software

When native Windows tools don’t cut it, admins turn to third party software to enhance security and ease regulatory compliance. Although Windows Active Directory includes native policies to audit file and folder access, it creates tedious and time consuming tasks. Decrypting hundreds or even thousands of events, and attempting to retrieve those of interest generates endless hours of non value added work and creates a significant risk of error. Other limitations with native auditing include no reporting, alerting or long term storage of data.

FileAudit overcomes these security limitations.

Designed to make auditing faster, smarter and more efficient, FileAudit leverages existing Windows Platform technologies to create a real-time monitoring and alerting solution on all access or access attempts. This gives IT professionals the optimal visibility into what is happening with their files, folders and file shares and the opportunity to react quickly to potential abuse.

Real-Time Windows File Auditing

Using the Microsoft NTFS audit integrated in all Windows systems, the FileAudit service constantly scans the security logs of all audited machines in real-time to capture all relevant access events – and access attempts – across one or several Windows systems. Intelligent alerts are specified for specific access events.

An agentless, remote and non-intrusive deployment, FileAudit can be installed in less than 3 minutes. Any machine (meeting the system requirements) can be used as a remote host for FileAudit. No further installation is required.

Performance and Scalability

FileAudit optimizes the NTFS audit to keep only relevant access events (approx. 30%) for monitoring. No useful information is lost, only meaningless events are discarded. You can also choose to exclude additional file events such as temporary documents and events generated with executables such as antiviruses or backups.

Automated Audit Configuration

Files and folders selected for auditing can then be automatically configured for access auditing with the FileAudit wizard – easy even for the most novice tech user.

Centralized auditing and long term archiving

To store all collected events, FileAudit requires the use of a database (SQLite, Microsoft Access File, Microsoft SQL Server or Microsoft SQL Express). It will archive all file access events occurring on one or several Windows systems to generate an always-available, searchable and secure audit trail. Customized reporting consolidates access events from multiple file servers.

Powerful Filtering

Better control and management of your auditing can be offered by filtering access events by type, user account or time range.

Download an overview of FileAudit vs Native Windows Server Auditing

Windows File Servers Access Auditing

FileAudit also implements sophisticated contextual functions to help detect and combat malicious access and alteration of sensitive information on Windows Servers.

• Alerts can be sent when mass access, copying, deletion or moving of bulk files is detected – a strong indication of a potential breach.

• By tracking and identifying the source IP address and machine name, FileAudit will indicate where the user has accessed the file from, including if the user accessed the file from a different workstation, or remote data access.

• Granular time and date alterting parameters help minimise the risk from access at unusual or unexpected times.

• You can then trigger a specific action when something unusual is detected by one of your FileAudit alert rules. Create a script and allow it to run whenever the alert is triggered.

These features go further than ever in providing IT security professionals a complete picture of the access events on their organizations sensitive data.

 

File Servers Security

Today’s move to a digital workforce means there are more and more reasons for employees (and business partners) to require access to information assets to perform their job. This poses a serious challenge for IT administrators everywhere. It can be a daunting task trying to identify suspicious access behavior and stop the theft, alteration or deletion of an organization’s most sensitive information.

Whilst all industries suffer from the risk from intellectual property, it’s not only corporate data at risk.

• • • In healthcare the need to safeguard sensitive patient data – electronic health records – is driving better security practice.
    • In law the challenge is around the falsification of sensitive documents – the risk of tampered files being unsuitable for use in court.
    • Banks are obvious high profile targets but not just for fraud. The personal data they gather on customers is valuable in itself.

And now since May 2018, all businesses that process and control personal data within the EU need to monitor any access to comply with the General Data Protection Regulation (GDPR).

Enhancing the monitoring and auditing of all file access and actions is a critical need – for organizations across all sectors.