?
Solved

File monitoring and tracking

Posted on 2014-03-19
4
Medium Priority
?
987 Views
Last Modified: 2014-03-24
I have been tasked with finding a solution that fits the following requirement:
Project Description:  
Ability to track files copied  to physical devices (usb drives, cds, dvds) and track upload/downloads to internet via web portals, email, drop box etc

The customer is running a small Windows Server 2012 AD environment with around 25 physical and VM systems. They do not care whether the solution is software or hardware based and I have not been given a price range for the project. I would like to create a comparative matrix with a couple of the best hardware and software options with prices attached so that I can at least get a ballpark figure of what they are looking to spend.

So far I have looked at Sonar, Spector 360 and Spy Agent 8 software applications and the Solera and IPCopper hardware solutions. I spoke with a Solera rep but they said they don't usually work with a project this small

Apologies if this has been discussed ad nauseum but I am not even sure what categories to search or if I am looking at the best options. I am wondering what the experts have used or considered. If you could point me in the right direction I can do the deep research.
0
Comment
Question by:DevilDoc325
4 Comments
 
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 668 total points
ID: 39940560
If they are concerned about files getting out of the organization then use Active Directory Rights Management System. You can configure it that anything with the word 'confidential' is drm'd and only machines in the company can access it.
0
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 668 total points
ID: 39941054
With windows 8 and server 2012, MS introduced advanced auditing options that enable you to do quite a lot concerning removable devices and more. Read what's new: http://technet.microsoft.com/cs-cz/library/hh849638.aspx

Also have a look at content filtering devices or softwares like http://www.clearswift.com/products/clearswift-content-inspection-engine-sdk
0
 
LVL 65

Accepted Solution

by:
btan earned 664 total points
ID: 39945099
I was thinking more like data leak and controlling those device, and network outbound and transaction via two layers, namely the
(1) managed whitelisted controls such as this devicelock/networklock; and
(2) contained virtualised application such as Sandboxie/Invincea Virtualspace

The a/m is to make sure the trail and audit log are available and known. of course it may not be foolproof if this not a well managed machine, meaning the login account user is the super admin or privileged user to disable all mechanism. Then maybe the hardware device to plug into to "snoop" the port interface and "record" network traffic transacted - the metadata can then be extracted from the raw capture in both...can be quite in depth but does serve as another layer.

Another thought is to not have any other s/w to be installed or brought into that endpoint such that secure wipe and bypassing browser using any other means is allowed - maybe alerting in audit may help but the data is loss...can be far off from your requirement so I keep this simple on above two mentioned (if they make worth).
0
 

Author Closing Comment

by:DevilDoc325
ID: 39950760
Experts,

Thank you for your input. I have included the DeviceLock/Networklock in my matrix that I am submitting to the customer. I am also going to be implement the Windows 2012 auditing and rights management immediately.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question