Solved

File audit / tracking software

Posted on 2016-08-01
3
83 Views
Last Modified: 2016-08-05
We found a file audit / tracking software http://www.isdecisions.com/products/fileaudit/ that looks pretty nice, but their is 1 big problem with it for us. If a user copies a file from the server to their documents folder or thumb drive on their PC it will NOT log it. Anyone know a file audit / tracking software that is really user friendly / simple to use and will also track workstations along with the server?

1server
12workstations
50employees

Looking to keep the price under $2,000 or relatively close.
0
Comment
Question by:easyworks
  • 2
3 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41738929
I am thinking as a "Add on" to File Audit instead for the USB monitoring and logs as
Monitors and logs usage of USB drives on your system
 Monitors and logs MTP devices such as Android phones and digital cameras
 Disables USB ports and locks the usage of USB drives on your system
 Activity logs, USB port lock and program settings are protected by a password
 Activity log can be sent automatically by email at desired intervals
 Activity log can be saved to file automatically at desired intervals
 Activity log can be exported to CSV and HTML
http://www.dynamikode.com/products/usb-security-suite/Features.aspx
Otherwise the single suite to handle, I am thinking of Devicelock Endpoint DLP but it may be far more than what you required. In fact, I see that really DLP should serves your ultimate objective better as a DLP solution for oversight and policy mandate will be way to handle the data transfer and protection aspects
Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events. DeviceLock employs the standard event logging subsystem and writes audit records to a Windows Event Viewer log with GMT timestamps. Logs can be exported to many standard file formats for import into other reporting mechanisms or products. Also, audit records can be automatically collected from remote computers and centrally stored in SQL Server. Even users with local admin privileges can't edit, delete or otherwise tamper with audit logs set to transfer to DeviceLock Enterprise Server.
http://www.devicelock.com/products/features.html

There is trial version which is a full-functional free version to be used for 30 days on a limited number of endpoints. You do not need to license it. The FAQ section has more info like
I purchased a Single license. Can I use DeviceLock to control multiple endpoints?


A Single license allows you to install and use DeviceLock (its agent, DeviceLock Service) on one endpoint only. To control more endpoints with DeviceLock, you need to purchase a corresponding number of licenses.
http://www.devicelock.com/products/faqs.html

They also provided an article that contains information on how to license your copy of DeviceLock and its additional components with DeviceLock license files.  http://www.devicelock.com/support/kb_view.html?ID=17094&find_message=&find_kb_category_id=1105
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41738943
Devicelock is a good product, I did a review a while back on it.  But when I did look at it it seemed user friendly but not "really user friendly / simple to use"
0
 
LVL 62

Expert Comment

by:btan
ID: 41739222
I do see that it need to balance the usage complexity for DLP which definitely need some training and "getting used" to so that it can be operationalised as part of the data protection regime for the Enterprise. Other candidates that I am thinking are if purely focusing on file audit like the shared one by author can be limited as well, see the sharing below.

Netwrix Auditor -
Question      When a file/folder is moved how does Netwrix Auditor - Fileserver report this?
Answer      The following explains how the audit trail appears when a folder or file is moved FROM an audited location TO an audited location. If the file/folder is moved to a location that is not Audited there will be NO audit trail other than the Removal from the original location. The behavior is depend on Audit trail settings:

In Basic mode:
File/Folder Removed from original location
File/Folder Added to new location - but this depends on several conditions, like applications or methods used for moving the object.

In Enhanced mode:
File/Folder Removed from original location
File/Folder Modified in new location
http://netwrix.com/auditor.html and there is also very specific like Netwrix Auditor for Windows File Servers @ https://www.netwrix.com/file_server_auditing.html
But why need another USB tracking is more of like Netwrix sharing this
Some vendors claim they can report on file moves or when copies are made. Is this true?
This is completely false. In Windows (2000, 2003, 2008 or 2012) there is no way to determine if a file has been moved or copied. Windows will only reveal that a file was created, deleted or modified. No cross-correlation is available and thus there is no way to track these actions. In the event of a file move, a file is created and another is destroyed after the new file has been confirmed created.
When a file is copied, only an event is recorded that the file were accessed and no logging mechanism can record that a file opened were saved to an alternate location, such as a when a Word document is opened on a file server and using Save As to save it to a USB drive or other storage media. In these situations, there will not even be a file created event recorded unless the destination of the saved file is also audited.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now