Solved

File audit / tracking software

Posted on 2016-08-01
3
103 Views
Last Modified: 2016-08-05
We found a file audit / tracking software http://www.isdecisions.com/products/fileaudit/ that looks pretty nice, but their is 1 big problem with it for us. If a user copies a file from the server to their documents folder or thumb drive on their PC it will NOT log it. Anyone know a file audit / tracking software that is really user friendly / simple to use and will also track workstations along with the server?

1server
12workstations
50employees

Looking to keep the price under $2,000 or relatively close.
0
Comment
Question by:easyworks
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 41738929
I am thinking as a "Add on" to File Audit instead for the USB monitoring and logs as
Monitors and logs usage of USB drives on your system
 Monitors and logs MTP devices such as Android phones and digital cameras
 Disables USB ports and locks the usage of USB drives on your system
 Activity logs, USB port lock and program settings are protected by a password
 Activity log can be sent automatically by email at desired intervals
 Activity log can be saved to file automatically at desired intervals
 Activity log can be exported to CSV and HTML
http://www.dynamikode.com/products/usb-security-suite/Features.aspx
Otherwise the single suite to handle, I am thinking of Devicelock Endpoint DLP but it may be far more than what you required. In fact, I see that really DLP should serves your ultimate objective better as a DLP solution for oversight and policy mandate will be way to handle the data transfer and protection aspects
Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events. DeviceLock employs the standard event logging subsystem and writes audit records to a Windows Event Viewer log with GMT timestamps. Logs can be exported to many standard file formats for import into other reporting mechanisms or products. Also, audit records can be automatically collected from remote computers and centrally stored in SQL Server. Even users with local admin privileges can't edit, delete or otherwise tamper with audit logs set to transfer to DeviceLock Enterprise Server.
http://www.devicelock.com/products/features.html

There is trial version which is a full-functional free version to be used for 30 days on a limited number of endpoints. You do not need to license it. The FAQ section has more info like
I purchased a Single license. Can I use DeviceLock to control multiple endpoints?


A Single license allows you to install and use DeviceLock (its agent, DeviceLock Service) on one endpoint only. To control more endpoints with DeviceLock, you need to purchase a corresponding number of licenses.
http://www.devicelock.com/products/faqs.html

They also provided an article that contains information on how to license your copy of DeviceLock and its additional components with DeviceLock license files.  http://www.devicelock.com/support/kb_view.html?ID=17094&find_message=&find_kb_category_id=1105
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 41738943
Devicelock is a good product, I did a review a while back on it.  But when I did look at it it seemed user friendly but not "really user friendly / simple to use"
0
 
LVL 63

Expert Comment

by:btan
ID: 41739222
I do see that it need to balance the usage complexity for DLP which definitely need some training and "getting used" to so that it can be operationalised as part of the data protection regime for the Enterprise. Other candidates that I am thinking are if purely focusing on file audit like the shared one by author can be limited as well, see the sharing below.

Netwrix Auditor -
Question      When a file/folder is moved how does Netwrix Auditor - Fileserver report this?
Answer      The following explains how the audit trail appears when a folder or file is moved FROM an audited location TO an audited location. If the file/folder is moved to a location that is not Audited there will be NO audit trail other than the Removal from the original location. The behavior is depend on Audit trail settings:

In Basic mode:
File/Folder Removed from original location
File/Folder Added to new location - but this depends on several conditions, like applications or methods used for moving the object.

In Enhanced mode:
File/Folder Removed from original location
File/Folder Modified in new location
http://netwrix.com/auditor.html and there is also very specific like Netwrix Auditor for Windows File Servers @ https://www.netwrix.com/file_server_auditing.html
But why need another USB tracking is more of like Netwrix sharing this
Some vendors claim they can report on file moves or when copies are made. Is this true?
This is completely false. In Windows (2000, 2003, 2008 or 2012) there is no way to determine if a file has been moved or copied. Windows will only reveal that a file was created, deleted or modified. No cross-correlation is available and thus there is no way to track these actions. In the event of a file move, a file is created and another is destroyed after the new file has been confirmed created.
When a file is copied, only an event is recorded that the file were accessed and no logging mechanism can record that a file opened were saved to an alternate location, such as a when a Word document is opened on a file server and using Save As to save it to a USB drive or other storage media. In these situations, there will not even be a file created event recorded unless the destination of the saved file is also audited.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question