Windows file access monitoring identifies insider threat

Windows file access monitoring
identifies insider threat

  • Customer

    Anonymous

  • Industry

    Manufacturing, oil and industrial lubricants

  • Geography

    France

There’s no doubt that our FileAudit access reports served as key evidence in our legal action. I happily recommend it to anyone I know who’s looking to trace which users are doing what across their network.

Head of Information Systems Security

  • Challenge: To answer the question “what’s happened with this file,” our client had to demonstrate that they could accurately tie users to specific file access events, and report on them.

  • Solution: They wanted a solution to integrate easily into their 100% on-premise Windows environment, and a quick internet search led they to FileAudit.

  • Result: After a short test, they quickly implemented FileAudit and now have regular reporting on file access events – reports upheld in a court of law as proof that an insider threat deleted sensitive data.

Securing user access to sensitive data across a large enterprise is a top priority for our client, a leading French manufacturer of oil and industrial lubricants.

The Challenge File access events couldn’t be traced back to individual users

For our client’s head of information systems security, his journey to FileAudit started with the simple question, “What happened with this file?”

Realizing none of their existing tools offered a quick response to that question, his team began looking for a way to pinpoint exactly which user moved or deleted data. In other words, they needed to track who did what with files across their network.

A quick Google search for Windows file auditing and monitoring solutions led him straight to FileAudit.

The Solution Easy to use file server monitoring and auditing

The head of information systems security appreciated that he was able to get his hands on the product right away with the 20-day free trial.

I tested it, and liked the ergonomics, the layout, and how easy it was to install and use. The fact that FileAudit is also 100% on-premise was perfect for us.

Head of Information Systems Security

During testing, he verified that FileAudit gave easy, quick visibility across file access events, making it easy to track which user was doing what, and simplifying reporting.

The Result Windows file access reports serve as key evidence to identify insider threat

The team set up daily reports that are automatically saved to a folder, allowing him to have a backup if ever he has a problem with his database.

His investment in data loss prevention (DLP) and FileAudit’s ability to tie specific users to file access events has paid off big for the company. Just a few years after adopting FileAudit, a user downloaded a lot of data because he wanted to set up his own, competing company. He then deleted en masse over 70 GB of data of the lab's analysis and client results, hoping this “big mistake” would help him poach unhappy clients.

When the head of information systems security and his team realized lots of files were missing, they looked to their FileAudit reports and saw the user had deleted the files. Thanks to FileAudit and their backup system, they were able to identify the insider threat and restore all files without losing any sensitive information.

Our client’s legal team submitted their FileAudit reports as evidence in French court. After reviewing FileAudit’s technical capabilities and how the tool generates these reports, the reports were admitted as evidence to prove that the user was indeed guilty.

There’s no doubt that our FileAudit access reports served as key evidence in our legal action. I happily recommend it to anyone I know who’s looking to track which users are doing what across their network

Head of Information Systems Security

20-DAY FREE TRIAL

Get your 20-day free trial now and secure your Windows network with FileAudit

Free Trial Discover FileAudit

More Case studies?

Read more reviews from our FileAudit customers.

Discover