Solved

File monitoring and tracking

Posted on 2014-03-19
4
898 Views
Last Modified: 2014-03-24
I have been tasked with finding a solution that fits the following requirement:
Project Description:  
Ability to track files copied  to physical devices (usb drives, cds, dvds) and track upload/downloads to internet via web portals, email, drop box etc

The customer is running a small Windows Server 2012 AD environment with around 25 physical and VM systems. They do not care whether the solution is software or hardware based and I have not been given a price range for the project. I would like to create a comparative matrix with a couple of the best hardware and software options with prices attached so that I can at least get a ballpark figure of what they are looking to spend.

So far I have looked at Sonar, Spector 360 and Spy Agent 8 software applications and the Solera and IPCopper hardware solutions. I spoke with a Solera rep but they said they don't usually work with a project this small

Apologies if this has been discussed ad nauseum but I am not even sure what categories to search or if I am looking at the best options. I am wondering what the experts have used or considered. If you could point me in the right direction I can do the deep research.
0
Comment
Question by:DevilDoc325
4 Comments
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 167 total points
ID: 39940560
If they are concerned about files getting out of the organization then use Active Directory Rights Management System. You can configure it that anything with the word 'confidential' is drm'd and only machines in the company can access it.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 167 total points
ID: 39941054
With windows 8 and server 2012, MS introduced advanced auditing options that enable you to do quite a lot concerning removable devices and more. Read what's new: http://technet.microsoft.com/cs-cz/library/hh849638.aspx

Also have a look at content filtering devices or softwares like http://www.clearswift.com/products/clearswift-content-inspection-engine-sdk
0
 
LVL 62

Accepted Solution

by:
btan earned 166 total points
ID: 39945099
I was thinking more like data leak and controlling those device, and network outbound and transaction via two layers, namely the
(1) managed whitelisted controls such as this devicelock/networklock; and
(2) contained virtualised application such as Sandboxie/Invincea Virtualspace

The a/m is to make sure the trail and audit log are available and known. of course it may not be foolproof if this not a well managed machine, meaning the login account user is the super admin or privileged user to disable all mechanism. Then maybe the hardware device to plug into to "snoop" the port interface and "record" network traffic transacted - the metadata can then be extracted from the raw capture in both...can be quite in depth but does serve as another layer.

Another thought is to not have any other s/w to be installed or brought into that endpoint such that secure wipe and bypassing browser using any other means is allowed - maybe alerting in audit may help but the data is loss...can be far off from your requirement so I keep this simple on above two mentioned (if they make worth).
0
 

Author Closing Comment

by:DevilDoc325
ID: 39950760
Experts,

Thank you for your input. I have included the DeviceLock/Networklock in my matrix that I am submitting to the customer. I am also going to be implement the Windows 2012 auditing and rights management immediately.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now