IS Decisions logo

Windows file access monitoring identifies insider threat

  • Anonymous
  • Industrial lubricants manufacturer
  • France
Windows file server access reports tie access events to users, results in courtroom win

Securing user access to sensitive data across a large enterprise is a top priority for our client, a leading French manufacturer of oil and industrial lubricants.

"There's no doubt that our FileAudit access reports served as key evidence in our legal action. I happily recommend it to anyone I know who's looking to trace which users are doing what across their networks."

Head of Information Systems Security

The Challenge

Tracing file access events back to individual users

For our client’s head of information systems security, his journey to FileAudit started with the simple question, “What happened with this file?”

Realizing none of their existing tools offered a quick response to that question, his team began looking for a way to pinpoint exactly which user moved or deleted data. In other words, they needed to track who did what with files across their network.

A quick Google search for Windows file auditing and monitoring solutions led him straight to FileAudit.

The Solution

Implementing easy to use file server monitoring and auditing

The head of information systems security appreciated that he was able to get his hands on the product right away with the 20-day free trial.

"I tested it, and liked the ergonomics, the layout, and how easy it was to install and use. The fact that FileAudit is also 100% on-premise was perfect for us."

Head of Information Systems Security

During testing, he saw how FileAudit gave easy, quick visibility across file access events. It was easy to track which user was doing what and to generate reports.

The Result

Identifying an insider threat thanks to FileAudit's Windows file access reports

The team set up daily reports that are automatically saved to a folder, allowing IT to have a backup if ever they has a problem with their database.

The investment in FileAudit's data protection and the ability to tie specific users to file access events has paid off big for the company.

Just a few years after implementing FileAudit, a user downloaded a lot of data because he wanted to set up his own, competing company. He then deleted en masse over 70 GB of data of the lab's analysis and client results, hoping this “big mistake” would help him poach unhappy clients.

When the head of information systems security and his team quickly realized a lot of files were missing, they looked at their FileAudit reports. They could immediately see which user had deleted the files.

Thanks to FileAudit and their backup system, IT helped the company identify the insider threat and restore all files without losing any sensitive information.

In a lawsuit against the user who deleted the files, the client’s legal team submitted their FileAudit reports as evidence in French court. After reviewing FileAudit’s technical capabilities and how the tool generates these reports, the reports were admitted as evidence to prove that the user was indeed guilty.

"There’s no doubt that our FileAudit access reports served as key evidence in our legal action. I happily recommend it to anyone I know who’s looking to track which users are doing what across their network."

Head of Information Systems Security