Solved

File audit / tracking software

Posted on 2016-08-01
3
74 Views
Last Modified: 2016-08-05
We found a file audit / tracking software http://www.isdecisions.com/products/fileaudit/ that looks pretty nice, but their is 1 big problem with it for us. If a user copies a file from the server to their documents folder or thumb drive on their PC it will NOT log it. Anyone know a file audit / tracking software that is really user friendly / simple to use and will also track workstations along with the server?

1server
12workstations
50employees

Looking to keep the price under $2,000 or relatively close.
0
Comment
Question by:easyworks
  • 2
3 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 41738929
I am thinking as a "Add on" to File Audit instead for the USB monitoring and logs as
Monitors and logs usage of USB drives on your system
 Monitors and logs MTP devices such as Android phones and digital cameras
 Disables USB ports and locks the usage of USB drives on your system
 Activity logs, USB port lock and program settings are protected by a password
 Activity log can be sent automatically by email at desired intervals
 Activity log can be saved to file automatically at desired intervals
 Activity log can be exported to CSV and HTML
http://www.dynamikode.com/products/usb-security-suite/Features.aspx
Otherwise the single suite to handle, I am thinking of Devicelock Endpoint DLP but it may be far more than what you required. In fact, I see that really DLP should serves your ultimate objective better as a DLP solution for oversight and policy mandate will be way to handle the data transfer and protection aspects
Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events. DeviceLock employs the standard event logging subsystem and writes audit records to a Windows Event Viewer log with GMT timestamps. Logs can be exported to many standard file formats for import into other reporting mechanisms or products. Also, audit records can be automatically collected from remote computers and centrally stored in SQL Server. Even users with local admin privileges can't edit, delete or otherwise tamper with audit logs set to transfer to DeviceLock Enterprise Server.
http://www.devicelock.com/products/features.html

There is trial version which is a full-functional free version to be used for 30 days on a limited number of endpoints. You do not need to license it. The FAQ section has more info like
I purchased a Single license. Can I use DeviceLock to control multiple endpoints?


A Single license allows you to install and use DeviceLock (its agent, DeviceLock Service) on one endpoint only. To control more endpoints with DeviceLock, you need to purchase a corresponding number of licenses.
http://www.devicelock.com/products/faqs.html

They also provided an article that contains information on how to license your copy of DeviceLock and its additional components with DeviceLock license files.  http://www.devicelock.com/support/kb_view.html?ID=17094&find_message=&find_kb_category_id=1105
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41738943
Devicelock is a good product, I did a review a while back on it.  But when I did look at it it seemed user friendly but not "really user friendly / simple to use"
0
 
LVL 61

Expert Comment

by:btan
ID: 41739222
I do see that it need to balance the usage complexity for DLP which definitely need some training and "getting used" to so that it can be operationalised as part of the data protection regime for the Enterprise. Other candidates that I am thinking are if purely focusing on file audit like the shared one by author can be limited as well, see the sharing below.

Netwrix Auditor -
Question      When a file/folder is moved how does Netwrix Auditor - Fileserver report this?
Answer      The following explains how the audit trail appears when a folder or file is moved FROM an audited location TO an audited location. If the file/folder is moved to a location that is not Audited there will be NO audit trail other than the Removal from the original location. The behavior is depend on Audit trail settings:

In Basic mode:
File/Folder Removed from original location
File/Folder Added to new location - but this depends on several conditions, like applications or methods used for moving the object.

In Enhanced mode:
File/Folder Removed from original location
File/Folder Modified in new location
http://netwrix.com/auditor.html and there is also very specific like Netwrix Auditor for Windows File Servers @ https://www.netwrix.com/file_server_auditing.html
But why need another USB tracking is more of like Netwrix sharing this
Some vendors claim they can report on file moves or when copies are made. Is this true?
This is completely false. In Windows (2000, 2003, 2008 or 2012) there is no way to determine if a file has been moved or copied. Windows will only reveal that a file was created, deleted or modified. No cross-correlation is available and thus there is no way to track these actions. In the event of a file move, a file is created and another is destroyed after the new file has been confirmed created.
When a file is copied, only an event is recorded that the file were accessed and no logging mechanism can record that a file opened were saved to an alternate location, such as a when a Word document is opened on a file server and using Save As to save it to a USB drive or other storage media. In these situations, there will not even be a file created event recorded unless the destination of the saved file is also audited.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Suggested Solutions

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now