Solved

File audit / tracking software

Posted on 2016-08-01
3
116 Views
Last Modified: 2016-08-05
We found a file audit / tracking software http://www.isdecisions.com/products/fileaudit/ that looks pretty nice, but their is 1 big problem with it for us. If a user copies a file from the server to their documents folder or thumb drive on their PC it will NOT log it. Anyone know a file audit / tracking software that is really user friendly / simple to use and will also track workstations along with the server?

1server
12workstations
50employees

Looking to keep the price under $2,000 or relatively close.
0
Comment
Question by:easyworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 41738929
I am thinking as a "Add on" to File Audit instead for the USB monitoring and logs as
Monitors and logs usage of USB drives on your system
 Monitors and logs MTP devices such as Android phones and digital cameras
 Disables USB ports and locks the usage of USB drives on your system
 Activity logs, USB port lock and program settings are protected by a password
 Activity log can be sent automatically by email at desired intervals
 Activity log can be saved to file automatically at desired intervals
 Activity log can be exported to CSV and HTML
http://www.dynamikode.com/products/usb-security-suite/Features.aspx
Otherwise the single suite to handle, I am thinking of Devicelock Endpoint DLP but it may be far more than what you required. In fact, I see that really DLP should serves your ultimate objective better as a DLP solution for oversight and policy mandate will be way to handle the data transfer and protection aspects
Auditing. DeviceLock‘s auditing capability tracks user and file activity for specified device types, ports and network resources on a local computer. It can pre-filter audit activities by user/group, by day/hour, by port/device/protocol type, by reads/writes, and by success/failure events. DeviceLock employs the standard event logging subsystem and writes audit records to a Windows Event Viewer log with GMT timestamps. Logs can be exported to many standard file formats for import into other reporting mechanisms or products. Also, audit records can be automatically collected from remote computers and centrally stored in SQL Server. Even users with local admin privileges can't edit, delete or otherwise tamper with audit logs set to transfer to DeviceLock Enterprise Server.
http://www.devicelock.com/products/features.html

There is trial version which is a full-functional free version to be used for 30 days on a limited number of endpoints. You do not need to license it. The FAQ section has more info like
I purchased a Single license. Can I use DeviceLock to control multiple endpoints?


A Single license allows you to install and use DeviceLock (its agent, DeviceLock Service) on one endpoint only. To control more endpoints with DeviceLock, you need to purchase a corresponding number of licenses.
http://www.devicelock.com/products/faqs.html

They also provided an article that contains information on how to license your copy of DeviceLock and its additional components with DeviceLock license files.  http://www.devicelock.com/support/kb_view.html?ID=17094&find_message=&find_kb_category_id=1105
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41738943
Devicelock is a good product, I did a review a while back on it.  But when I did look at it it seemed user friendly but not "really user friendly / simple to use"
0
 
LVL 63

Expert Comment

by:btan
ID: 41739222
I do see that it need to balance the usage complexity for DLP which definitely need some training and "getting used" to so that it can be operationalised as part of the data protection regime for the Enterprise. Other candidates that I am thinking are if purely focusing on file audit like the shared one by author can be limited as well, see the sharing below.

Netwrix Auditor -
Question      When a file/folder is moved how does Netwrix Auditor - Fileserver report this?
Answer      The following explains how the audit trail appears when a folder or file is moved FROM an audited location TO an audited location. If the file/folder is moved to a location that is not Audited there will be NO audit trail other than the Removal from the original location. The behavior is depend on Audit trail settings:

In Basic mode:
File/Folder Removed from original location
File/Folder Added to new location - but this depends on several conditions, like applications or methods used for moving the object.

In Enhanced mode:
File/Folder Removed from original location
File/Folder Modified in new location
http://netwrix.com/auditor.html and there is also very specific like Netwrix Auditor for Windows File Servers @ https://www.netwrix.com/file_server_auditing.html
But why need another USB tracking is more of like Netwrix sharing this
Some vendors claim they can report on file moves or when copies are made. Is this true?
This is completely false. In Windows (2000, 2003, 2008 or 2012) there is no way to determine if a file has been moved or copied. Windows will only reveal that a file was created, deleted or modified. No cross-correlation is available and thus there is no way to track these actions. In the event of a file move, a file is created and another is destroyed after the new file has been confirmed created.
When a file is copied, only an event is recorded that the file were accessed and no logging mechanism can record that a file opened were saved to an alternate location, such as a when a Word document is opened on a file server and using Save As to save it to a USB drive or other storage media. In these situations, there will not even be a file created event recorded unless the destination of the saved file is also audited.
0

Featured Post

Increase your protection from Zero Day threats!

Running two Antivirus' is never a good idea.
Taking advantage of Multiple Security layers on the other hand can often save your hide.
See which top notch security software brands have been proven to happily coexist together.
Reduce your chances of becoming a statistic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

731 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question