?
Solved

File audit / tracking software

Posted on 2016-08-01
3
Medium Priority
?
134 Views
Last Modified: 2016-08-05
We found a file audit / tracking software http://www.isdecisions.com/products/fileaudit/ that looks pretty nice, but their is 1 big problem with it for us. If a user copies a file from the server to their documents folder or thumb drive on their PC it will NOT log it. Anyone know a file audit / tracking software that is really user friendly / simple to use and will also track workstations along with the server?

1server
12workstations
50employees

Looking to keep the price under $2,000 or relatively close.
0
Comment
Question by:easyworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 41738929
I am thinking as a "Add on" to File Audit instead for the USB monitoring and logs as
Monitors and logs usage of USB drives on your system
 Monitors and logs MTP devices such as Android phones and digital cameras
 Disables USB ports and locks the usage of USB drives on your system
 Activity logs, USB port lock and program settings are protected by a password
 Activity log can be sent automatically by email at desired intervals
 Activity log can be saved to file automatically at desired intervals
 Activity log can be exported to CSV and HTML
http://www.dynamikode.com/products/usb-security-suite/Features.aspx
Otherwise the single suite to handle, I am thinking of Devicelock Endpoint DLP but it may be far more than what you required. In fact, I see that really DLP should serves your ultimate objective better as a DLP solution for oversight and policy mandate will be way to handle the data transfer and protection aspects
Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events. DeviceLock employs the standard event logging subsystem and writes audit records to a Windows Event Viewer log with GMT timestamps. Logs can be exported to many standard file formats for import into other reporting mechanisms or products. Also, audit records can be automatically collected from remote computers and centrally stored in SQL Server. Even users with local admin privileges can't edit, delete or otherwise tamper with audit logs set to transfer to DeviceLock Enterprise Server.
http://www.devicelock.com/products/features.html

There is trial version which is a full-functional free version to be used for 30 days on a limited number of endpoints. You do not need to license it. The FAQ section has more info like
I purchased a Single license. Can I use DeviceLock to control multiple endpoints?


A Single license allows you to install and use DeviceLock (its agent, DeviceLock Service) on one endpoint only. To control more endpoints with DeviceLock, you need to purchase a corresponding number of licenses.
http://www.devicelock.com/products/faqs.html

They also provided an article that contains information on how to license your copy of DeviceLock and its additional components with DeviceLock license files.  http://www.devicelock.com/support/kb_view.html?ID=17094&find_message=&find_kb_category_id=1105
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 41738943
Devicelock is a good product, I did a review a while back on it.  But when I did look at it it seemed user friendly but not "really user friendly / simple to use"
0
 
LVL 64

Expert Comment

by:btan
ID: 41739222
I do see that it need to balance the usage complexity for DLP which definitely need some training and "getting used" to so that it can be operationalised as part of the data protection regime for the Enterprise. Other candidates that I am thinking are if purely focusing on file audit like the shared one by author can be limited as well, see the sharing below.

Netwrix Auditor -
Question      When a file/folder is moved how does Netwrix Auditor - Fileserver report this?
Answer      The following explains how the audit trail appears when a folder or file is moved FROM an audited location TO an audited location. If the file/folder is moved to a location that is not Audited there will be NO audit trail other than the Removal from the original location. The behavior is depend on Audit trail settings:

In Basic mode:
File/Folder Removed from original location
File/Folder Added to new location - but this depends on several conditions, like applications or methods used for moving the object.

In Enhanced mode:
File/Folder Removed from original location
File/Folder Modified in new location
http://netwrix.com/auditor.html and there is also very specific like Netwrix Auditor for Windows File Servers @ https://www.netwrix.com/file_server_auditing.html
But why need another USB tracking is more of like Netwrix sharing this
Some vendors claim they can report on file moves or when copies are made. Is this true?
This is completely false. In Windows (2000, 2003, 2008 or 2012) there is no way to determine if a file has been moved or copied. Windows will only reveal that a file was created, deleted or modified. No cross-correlation is available and thus there is no way to track these actions. In the event of a file move, a file is created and another is destroyed after the new file has been confirmed created.
When a file is copied, only an event is recorded that the file were accessed and no logging mechanism can record that a file opened were saved to an alternate location, such as a when a Word document is opened on a file server and using Save As to save it to a USB drive or other storage media. In these situations, there will not even be a file created event recorded unless the destination of the saved file is also audited.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question