How to make Windows server file and folder access auditing easy
Windows file server auditing can be tedious (at best). Here's how FileAudit makes it easier with real-time access monitoring, alerts and responses.
)
)
)
)
)
Native Windows tools have limitations. FileAudit is a software solution that enhances Windows file server auditing. So IT can meet compliance requirements and boost security, without spending hours pouring over logs.
Windows file server auditing software
When native Windows tools don’t cut it, admins turn to third party software to enhance security and ease regulatory compliance. Although Windows Active Directory includes native policies to audit file and folder access, it creates tedious and time consuming tasks.
Decrypting hundreds or even thousands of events, and attempting to retrieve those of interest generates endless hours of non value added work and creates a significant risk of error. Other limitations with native auditing include no reporting, alerting or long term storage of data.
FileAudit overcomes these security limitations.
Designed to make auditing faster, smarter and more efficient, FileAudit leverages existing Windows Platform technologies to create a real-time monitoring and alerting solution on all access or access attempts. This gives IT professionals the optimal visibility into what is happening with their files, folders and file shares and the opportunity to react quickly to potential abuse.
Real-time Windows file auditing
Using the Microsoft NTFS audit integrated in all Windows systems, the FileAudit service constantly scans the security logs of all audited machines in real-time to capture all relevant access events — and access attempts — across one or several Windows systems. Intelligent alerts are specified for specific access events.
An agentless, remote and non-intrusive deployment, FileAudit can be installed in less than 3 minutes. Any machine (meeting the system requirements) can be used as a remote host for FileAudit. No further installation is required.
Performance and scalability
FileAudit optimizes the NTFS audit to keep only relevant access events (approx. 30%) for monitoring. No useful information is lost, only meaningless events are discarded. You can also choose to exclude additional file events such as temporary documents and events generated with executables such as antiviruses or backups.
Automated audit configuration
Files and folders selected for auditing can then be automatically configured for access auditing with the FileAudit wizard — easy even for the most novice tech user.
Centralized auditing and long term archiving
To store all collected events, FileAudit requires the use of a database (SQLite, Microsoft Access File, Microsoft SQL Server or Microsoft SQL Express). It will archive all file access events occurring on one or several Windows systems to generate an always-available, searchable and secure audit trail. Customized reporting consolidates access events from multiple file servers.
)
)
)
)
)
Powerful filtering
Better control and management of your auditing can be offered by filtering access events by type, user account or time range.
)
)
)
)
)
FileAudit® vs. Native Windows® Server
Feature | FileAudit | Windows Server |
|---|---|---|
Intuitive, User-Friendly Interface | Yes. FileAudit comes with a fluid, touch-ready, “Windows 8” UI. | No. Limited to an Event Log that typically lists thousands of entries per day. |
File and Folder Activity Real-Time Monitoring | Yes. FileAudit monitors and shows in real-time, access (or access attempts) to sensitive files, folders and sensitive shares. | Practically no. Native Windows file auditing generates multiple entries for a single access event. |
File and Folder Activity Alerts | Yes. Email alerts can be automatically and immediately triggered when specific access events are detected. | No. There is no email alert system to notify specific access events. |
File and Folder Activity Recording | Yes. FileAudit automatically records all access events into a centralized, queryable SQL Server database. | No. Windows Security Event Logs can be exported, but only in EVT/EVTX format and on a per file server basis. |
Schedulable, Automated Multi-criteria Reporting | Yes. FileAudit consolidates access events from multiple file servers into a single SQL Server database. | No. Access events can only be viewed one file server at a time. |
File and Folder Activity Long-term Archiving | Yes. FileAudit saves access events into an SQL Server database. Several years of data can be held with no performance issues. | Practically no. Access events can only be stored in several EVT or EVTX files, making it hard to use and exploit the data within. |
Statistics | Yes. FileAudit offers detailed and customizable graphical statistics on file and folder activity. | No. Windows native features provide no statistical reporting on file and folder activity. |
Delegation to non-IT auditors | Yes. Specific accounts can be created for people without administrative rights. | No. Local administrative rights are required to perform file access auditing. |
Download an overview of FileAudit vs Native Windows Server Auditing
Windows file servers access auditing
FileAudit also implements sophisticated contextual functions to help detect and combat malicious access and alteration of sensitive information on Windows Servers.
Alerts can be sent when mass access, copying, deletion or moving of bulk files is detected — a strong indication of a potential breach.
)
)
)
)
)
By tracking and identifying the source IP address and machine name, FileAudit will indicate where the user has accessed the file from, including if the user accessed the file from a different workstation, or remote data access.
)
)
)
)
)
Granular time and date alterting parameters help minimise the risk from access at unusual or unexpected times.
You can then trigger a specific action when something unusual is detected by one of your FileAudit alert rules. Create a script and allow it to run whenever the alert is triggered.
These features go further than ever in providing IT security professionals a complete picture of the access events on their organizations sensitive data.
Effective, easy file server security
Today’s move to a digital workforce means there are more and more reasons for employees (and business partners) to require access to information assets to perform their job. This poses a serious challenge for IT administrators everywhere. It can be a daunting task trying to identify suspicious access behavior and stop the theft, alteration or deletion of an organization’s most sensitive information.
Whilst all industries suffer from the risk from intellectual property, it’s not only corporate data at risk.
In healthcare the need to safeguard sensitive patient data, electronic health records, is driving better security practice.
In law the challenge is around the falsification of sensitive documents: The risk of tampered files being unsuitable for use in court.
Banks are obvious high profile targets but not just for fraud. The personal data they gather on customers is valuable in itself.
Add to that, all businesses that process and control personal data within the EU need to monitor any access to comply with the General Data Protection Regulation (GDPR).
Enhancing the monitoring and auditing of all file access and actions is a critical need — for organizations across all sectors.