IS Decisions logo

IS Decisions Blog

An easier way to monitor file changes on your Windows servers

Monitor and track file changes on your Windows servers in real time with FileAudit. Get alerted on changes to your most sensitive files.

Published February 8, 2019
Path accesses Folder

Monitoring file changes on your Windows servers is one of the simplest tasks in keeping sensitive data safe but also one of the most neglected areas in many environments.

Who accessed a particular file share, and what changes happened? If you’re not able to answer this question quickly, you’re not alone. FileAudit addresses this weakness with an easy-to-use reporting and alerting tool.

Track accidental, inappropriate, and unauthorized changes by monitoring all file activities, including file creation, modification, and deletion, as well as permissions.

Pinpoint access and monitor changes to Windows files

There are several best practice techniques on the security of Windows file sharing but when it comes to monitoring and auditing for access and changes, Windows operating system’s native tools are inefficient and don’t scale well.

It isn’t much fun having to review audit entries in the Windows Server Security Log on each file server. To find out something as simple as “Who accessed your protected files today and what changes happened?” requires much more work than just skimming through the event log data. It requires meticulous research into specific field values within multiple log entries, all to “puzzle piece” your way to a potential answer.

FileAudit allows administrators to pinpoint access and monitor changes to selected files.

Track file changes in real-time

FileAudit offers real traceability of changes made. It monitors your file system resources continuously to instantly provide accurate and comprehensive information about access events and access attempts.

By tracking the user, IP address and machine name, you know exactly who changed what and where the change took place, including events made remotely.

Track file changes in real time

Quick answers on Windows file changes

Find out the answers you need on certain activity with far less effort. Numerous filters mean you can zoom in and focus only on the information you need.

File access filtering

Tip: If you’re looking at just recent activity – from the last 4 weeks click on any user, file or folder and you get a detailed insight into the access and usage of that particular data set.

Alert Windows file changes
  • View the frequency and amount of activity

  • See the total number of file deletions and refused access events

  • Scroll through a listing of all changes performed for a specific user (or file or folder)

Alert on unusual file activity

Administrators can set customized alerts in real-time, on any type of access event (or access attempts).

Centralized file monitoring across all file shares

Some of the unusual activity you should be looking for include:

  • Access from a particular IP address or an endpoint outside the company network or one that doesn’t normally access a given set of files can be a clear sign of improper use.

  • Alerts on bulk file copying and mass file deletion or movement from the Windows File Server is excellent for highlighting suspicious user activity and data ex-filtration during a breach.

  • Alerts on changes made at suspicious times is another common sign of potentially malicious activity.

  • An attempt to access files without permissions.

Get full visibility across your Windows file servers

FileAudit consolidates access events from multiple servers. Complete visibility in what’s going on across your organization helps you gain precise answers to question such as “What files did John Smith change last week?

Permission simples

Audit NTFS permissions and properties

Get a centralized view of the NTFS permissions (simple and advanced) of all files and folders and on properties such as size, attributes, creation date, last modified date and last access date.

Delegate monitoring FileAudit console

Delegate file change monitoring to improve security

FileAudit embraces a role-based access control (RBAC) model in which you can delegate sub-administrative access to the FileAudit management console.

The reality is, those closest to the files have a much better sense of whether someone’s access or use of permissions is proper. By utilizing users closest to a set of files and providing them a way to quickly review and identify inappropriate activity, IT improves both their own productivity and the organizations’ security.

Improve the security of your Windows files

It’s critical to monitor all changes to sensitive data. Not only unauthorized access but authorized as well.

  1. Firstly, whatever your industry, your servers remain the primary asset of choice for attacks. Files can contain valuable data such as PII (personally identifiable information), PHI (protected health information), or of course financial card data.

  2. The second, and somewhat forgotten, is the manipulation of Operating System files and file systems to provide access to a given endpoint. Malware used to gain initial access to an endpoint often places (and, in some cases, replaces) files that are called upon bootup to maintain persistence. Additionally, certain techniques that involve the copying, replacing, and renaming of files are used to provide access to additional endpoints to facilitate lateral movement within your network.

  3. You should have a way to detect massive file encryption on your file servers. The sooner you detect a ransomware attack the sooner you will be able to stop it, which means less data loss and less work to clear up the mess!

  4. Mitigate the risk of shared files being tampered with or altered in any unwanted way. Examples include overcoming the risk of tampered files being unsuitable for use in court and stopping incidents of intellectual property being falsified or even deleted.

  5. If a file is deleted or changed, users tend to blame "the server" or the "IT Team" for losing their work. A full audited history of all changes helps resolve the matter, quickly!

  6. Monitoring the access to and usage of protected data demonstrates only approved access has occurred critical to meeting relevant compliance objectives.

Try FileAudit for free

3000+ organizations like yours use FileAudit to protect data, prevent ransomware and meet compliance requirements.

Download a free trial