SlideShare ist ein Scribd-Unternehmen logo

Tracking File Access for Auditing and Compliance

Netwrix Corporation
Netwrix Corporation

File access auditing is a critical requirement for organizations that rely on files to maintain their business critical data, such as accounting records, intellectual property, or patient data. Unauthorized and accidental access and/or changes in files, folder structure, or permissions, can facilitate data theft, render the organization non-compliant, and introduce security threats. This white paper describes the importance of file auditing and different approaches to implementation.

Technologie
1 von 9
Downloaden Sie, um offline zu lesen
Tracking File Access for Auditing and Compliance White Paper
Tracking File Access for Auditing and Compliance—White Paper Contents Introduction ...................................................................................................................................................... 3 Change Auditing for Compliance ...................................................................................................................... 4 Why Change Auditing Is Vital ........................................................................................................................... 5 Auditing Toolset for File Server Changes .......................................................................................................... 7 Native Tools ................................................................................................................................................. 7 Building versus Buying ................................................................................................................................. 7 Third-Party Software ................................................................................................................................... 8 Success Recipe ............................................................................................................................................. 8 The Smart Choice: NetWrix File Server Change Reporter ................................................................................ 9 2
Introduction File servers can be among the most critical objects in the IT infrastructure of an enterprise. The importance of a particular server depends on the importance of the files kept there, and an organization generally has one or more file servers storing business-critical and confidential data. If that data is lost or compromised, this can disrupt operations or even jeopardize jobs at the company. For valuable file servers, precautions against unauthorized access and hardware failure are taken accordingly. However, preventive and protective measures do not help to determine the cause of a contingency, if one does occur. For that purpose, file server operations and security configuration should be constantly audited, enabling you to investigate problems and minimize the effects of adverse changes. In addition, IT staff has to deal with regulations compliance. SOX, HIPAA, GLBA, and FISMA compliance measures are not dictated by internal needs, but still have to be considered for the enterprise to function smoothly.
Change Auditing for Compliance Audit data must be kept for a very long time--up to 7 years by some regulations. The scope of the stored data should be sufficient to satisfy any requests from the auditors and be as detailed as possible. Whether an auditor needs to know who opened a sensitive document at a specific point or view a complete history of changes to the permissions on the Projects folder for the past 3 years, the data should be readily available for analysis. Importantly, the data should clearly indicate who initiated the recorded change. Otherwise, the responsibility for any harm caused by the changes rests with the CIO. The more complete the audit data, the more certainty there is that the actual guilty party will be held responsible for damaging actions.
Why Change Auditing Is Vital Consider a well-administered file server or storage appliance, such as a NetApp filer or an EMC Celerra system, where file access activity is not audited. This is a common situation, but that does not make it acceptable. Lack of auditing means that any problems related to file access or hardware maintenance cannot be dealt with efficiently. In fact, most of them are not even discovered. Major problems come to light indirectly and belatedly only when the company starts to feel their consequences—for example, leaked trade secrets, sabotaged accounting records or misplaced project data. Auditing on its own cannot prevent problems, but it can help do the following:  Detect problems early  Find the causes and solve the problems  Plan for prevention of such problems in the future These aspects of file server auditing are described in detail below. Detection If a problem occurs, it should be discovered as soon as possible, before it can cause an outage or impede operations. The more important the data, the more closely it should be monitored. If a number of business-critical files are deleted accidentally or intentionally, this should be reported the same day. The lost files can then be promptly restored from backup, and the risk of disruptions days later can be eliminated. Early detection is just as important for some actions that are not nearly as intrusive. Sneaky activity, such as copying large amounts of sensitive or confidential data to removable media, should not fall under the radar. The act of copying is indicated by the presence of a large number of reads, and it is easy to anticipate and track. Solution To solve problems that occur on a file server, it is important to have a comprehensive body of specialized audit data. Although the share of useful information found in audit trails is never big, there is no way of knowing in advance which parts will prove meaningful. Solutions often begin with investigations into the causes of problems so that the people responsible can be confronted with the evidence and correct the situation. For example, an important file, such as a balance sheet or healthcare patient data, may be found to contain invalid or misleading information. To find out who invalidated the file and when it happened, you will need audit trails. Sometimes, non-restrictive permissions can be set on confidential files so that everybody has access to them. Without an investigation, it may not be clear whether this was done on purpose or what the original
permissions were. To look into the matter and restore the permissions, you need a detailed record of what happened. It may also become necessary to find out where a particular file or folder has gone. To grant such a request, you need the audit data ordinarily considered unimportant. Anticipation Experience with problems can be converted to preventive measures. As you resolve file server issues, your security and hardware configuration can evolve. For example, on a new file server, permissions may not be configured optimally, but after you gather and study file access statistics, you can confidently decide whom to grant access to which resources. On a different note, if the server periodically runs out of disk space because a lot of files are stored there, it may be a good time to increase the server's storage capacity.
Auditing Toolset for File Server Changes The tools you use for change tracking must be able to cope with the enormous amount of audit data that needs to be sifted through. This section lists the main approaches used in production IT environments. Native Tools The Windows native file auditing system and tools such as Event Viewer are an entry-level solution. They have the advantage of requiring no customization or third-party software, but even in a mid-size IT infrastructure, they are not suitable for performing any meaningful change management. The native object auditing system, which supports auditing of files, provides very low-level events. It creates numerous log records for even a single action, such as copying a file. This makes the manual examination and correlation process inefficient and painful. Even with a well-designed change management strategy, native tools cannot significantly reduce the effects of adverse changes, due to the high latency between the change and its discovery, and lack of reporting capabilities. A change is not examined until after it has caused some negative results such as service failure or slowdown of operations. The time between an unwarranted change and its undesirable effects can be very short, and change detection automation is very important to ensure a timely response. However, but if the administrator is armed with only native tools, a change-induced problem might take a week or longer to solve. Building versus Buying The search for automation and analysis methods can lead a company to invest in in-house software. The range of technologies that can be employed is wide. PowerShell, the .NET framework, and many other programming and scripting languages have bindings for Active Directory and Windows APIs, which are extensively documented. The following tasks are well-suited for automation:  Subscribing to events—watching for the events you anticipate is very efficient as long as you know what kind of event you are looking for.  Handling event logs—backing up, archiving, and clearing logs for compliance and auditing continuity.  Querying for events—centralizing the search for events and making it more efficient. This list continues, depending on the specific needs of an organization. In fact, it can grow quite long, due to the comprehensive scope of available functionality. The effectiveness of in-house development is determined not so much by what is possible to do as by what
can be done in the given time with the available resources. If the company does not specialize in change auditing software—and most companies do not—then the time and resources are bound to be too scarce for comfort. Even if the in-house solution is good, its development is certain to face problems:  Support—the software produced in house may have many authors, which increases support difficulty; in addition, such a solution may evolve organically and is not likely to be centralized.  Testing—new software does not normally go into production use until it has undergone extensive tests, which require a lot of time and expertise. In-house scripts and programs may be the optimal solution for some companies, but this is a rare case in large distributed environments that have to accommodate internal and remote clients, heterogeneous systems, and so on. Often, a more cost-effective and better-quality alternative is to purchase third-party software specifically designed for file server change management. Third-Party Software When it comes to choosing a third-party solution for Active Directory change auditing, a great variety of available software seems to fit the bill. The final decision can be influenced by many factors, such as the following:  Transparency of information about the product's capabilities  Quality-price ratio  Cost of ownership When the choice is made, it is important to remember that the tools alone cannot solve complex file server change auditing, tracking, and management problems. Success Recipe To be effective at tracking file server changes, it is important to have a sensible strategy and software tools that are flexible enough to meet all your needs but do not get in the way of your strategy. Good change auditing tools, together with a sound audit policy, have the additional benefit of helping you improve the management of your file servers.
The Smart Choice: NetWrix File Server Change Reporter NetWrix File Server Change Reporter incorporates knowledge and understanding of the needs of file server change auditing personnel. It is a cost-effective solution offering competitive functionality for a low price. The File Server Change Reporter places change information directly at the administrator's fingertips, without the need to extract it by roundabout methods. The advanced reports provided with the product are based on the SQL Server Reporting Services technology and are suitable for ensuring SOX, HIPAA, GLBA, and FISMA compliance. Another feature essential for compliance is a long-term archival of audit data. NetWrix File Server Change Reporter comes in two versions: freeware and commercial. The freeware version can be used indefinitely, and it is suitable for small businesses with lenient auditing requirements. The commercial version is available as a free download. This version is as easy to use as the freeware version but much more powerful. It is fully enabled for a 20-day evaluation period. To continue using the product after the expiration of the evaluation period, you must purchase it from NetWrix. For details, see http://netwrix.com/file_server_auditing_change_reporting_freeware.html. ©2009 NetWrix Corporation. All rights reserved. NetWrix and File Server Change Reporter are trademarks of NetWrix Corporation and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.

Empfohlen

AEP's Systemwide Economic Development Program
AEP's Systemwide Economic Development ProgramAEP's Systemwide Economic Development Program
AEP's Systemwide Economic Development ProgramAEP Economic & Business Development
 
Ihoteak eta gure apainketa
Ihoteak eta gure apainketaIhoteak eta gure apainketa
Ihoteak eta gure apainketaELIZALDE
 
Social Impact Games - 7 Lesson Learned
Social Impact Games - 7 Lesson LearnedSocial Impact Games - 7 Lesson Learned
Social Impact Games - 7 Lesson Learnedmayurhpatel
 
одо
одоодо
одоltuya
 
Digitaldesign trends1
Digitaldesign trends1Digitaldesign trends1
Digitaldesign trends1Nurkan Baykara
 
Good file practice
Good file practiceGood file practice
Good file practiceamcsquared
 
Psychological learning techniques
Psychological learning techniquesPsychological learning techniques
Psychological learning techniquescharindu sanjeeva
 
500 loi win
500 loi win500 loi win
500 loi winHà Buzz
 

Empfohlen

AEP's Systemwide Economic Development Program
AEP's Systemwide Economic Development ProgramAEP's Systemwide Economic Development Program
AEP's Systemwide Economic Development ProgramAEP Economic & Business Development
 
Ihoteak eta gure apainketa
Ihoteak eta gure apainketaIhoteak eta gure apainketa
Ihoteak eta gure apainketaELIZALDE
 
Social Impact Games - 7 Lesson Learned
Social Impact Games - 7 Lesson LearnedSocial Impact Games - 7 Lesson Learned
Social Impact Games - 7 Lesson Learnedmayurhpatel
 
одо
одоодо
одоltuya
 
Digitaldesign trends1
Digitaldesign trends1Digitaldesign trends1
Digitaldesign trends1Nurkan Baykara
 
Good file practice
Good file practiceGood file practice
Good file practiceamcsquared
 
Psychological learning techniques
Psychological learning techniquesPsychological learning techniques
Psychological learning techniquescharindu sanjeeva
 
500 loi win
500 loi win500 loi win
500 loi winHà Buzz
 
Test
TestTest
TestAnna Persson Ellman
 
Consumer & seller behaviour of hambantota fair by charindu sanjeeva
Consumer & seller behaviour of hambantota fair by charindu sanjeevaConsumer & seller behaviour of hambantota fair by charindu sanjeeva
Consumer & seller behaviour of hambantota fair by charindu sanjeevacharindu sanjeeva
 
Ashwini
AshwiniAshwini
Ashwiniashu Kusha
 
Sf v projekt_wroclaw
Sf v projekt_wroclawSf v projekt_wroclaw
Sf v projekt_wroclawsalonyVi
 
GARRAIOEN MURALA
GARRAIOEN MURALAGARRAIOEN MURALA
GARRAIOEN MURALAELIZALDE
 
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...Vijay Khurana
 
TEST_rev
TEST_revTEST_rev
TEST_rev새별 김
 
Ibf 8-risk-return
Ibf 8-risk-returnIbf 8-risk-return
Ibf 8-risk-returnPalak Acharya
 
Random 120308230924-phpapp02
Random 120308230924-phpapp02Random 120308230924-phpapp02
Random 120308230924-phpapp02ltuya
 
IKASLEEN FOROA
IKASLEEN FOROAIKASLEEN FOROA
IKASLEEN FOROAELIZALDE
 
Syaela wati achmad 94
Syaela wati achmad 94Syaela wati achmad 94
Syaela wati achmad 94Syaela Wati Achmad
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsNetwrix Corporation
 
At the dawn of the new laptops
At the dawn of the new laptopsAt the dawn of the new laptops
At the dawn of the new laptopsAdam Caplan
 
IT tools for the management of community projects
IT tools for the management of community projectsIT tools for the management of community projects
IT tools for the management of community projectsMohamed Khalloufi
 
Dt3141 deady final
Dt3141 deady finalDt3141 deady final
Dt3141 deady finalMichael Deady
 
Plan and create assessments in sa
Plan and create assessments in saPlan and create assessments in sa
Plan and create assessments in saAdam Caplan
 
Mo elasticity-density
Mo elasticity-densityMo elasticity-density
Mo elasticity-densitymoriotf
 
SOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, ExpandSOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, ExpandDigitalByDesign
 
File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and whereNetwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 

Weitere ähnliche Inhalte

Andere mochten auch

Consumer & seller behaviour of hambantota fair by charindu sanjeeva
Consumer & seller behaviour of hambantota fair by charindu sanjeevaConsumer & seller behaviour of hambantota fair by charindu sanjeeva
Consumer & seller behaviour of hambantota fair by charindu sanjeevacharindu sanjeeva
 
Sf v projekt_wroclaw
Sf v projekt_wroclawSf v projekt_wroclaw
Sf v projekt_wroclawsalonyVi
 
GARRAIOEN MURALA
GARRAIOEN MURALAGARRAIOEN MURALA
GARRAIOEN MURALAELIZALDE
 
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...Vijay Khurana
 
Random 120308230924-phpapp02
Random 120308230924-phpapp02Random 120308230924-phpapp02
Random 120308230924-phpapp02ltuya
 
IKASLEEN FOROA
IKASLEEN FOROAIKASLEEN FOROA
IKASLEEN FOROAELIZALDE
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsNetwrix Corporation
 
At the dawn of the new laptops
At the dawn of the new laptopsAt the dawn of the new laptops
At the dawn of the new laptopsAdam Caplan
 
IT tools for the management of community projects
IT tools for the management of community projectsIT tools for the management of community projects
IT tools for the management of community projectsMohamed Khalloufi
 
Plan and create assessments in sa
Plan and create assessments in saPlan and create assessments in sa
Plan and create assessments in saAdam Caplan
 
Mo elasticity-density
Mo elasticity-densityMo elasticity-density
Mo elasticity-densitymoriotf
 
SOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, ExpandSOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, ExpandDigitalByDesign
 

Andere mochten auch (18)

Test
TestTest
Test
 
Consumer & seller behaviour of hambantota fair by charindu sanjeeva
Consumer & seller behaviour of hambantota fair by charindu sanjeevaConsumer & seller behaviour of hambantota fair by charindu sanjeeva
Consumer & seller behaviour of hambantota fair by charindu sanjeeva
 
Ashwini
AshwiniAshwini
Ashwini
 
Sf v projekt_wroclaw
Sf v projekt_wroclawSf v projekt_wroclaw
Sf v projekt_wroclaw
 
GARRAIOEN MURALA
GARRAIOEN MURALAGARRAIOEN MURALA
GARRAIOEN MURALA
 
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...
Silverglades New Project, Sector-35, Sohna Expressway, Sohna, Gurgaon @ 99905...
 
TEST_rev
TEST_revTEST_rev
TEST_rev
 
Ibf 8-risk-return
Ibf 8-risk-returnIbf 8-risk-return
Ibf 8-risk-return
 
Random 120308230924-phpapp02
Random 120308230924-phpapp02Random 120308230924-phpapp02
Random 120308230924-phpapp02
 
IKASLEEN FOROA
IKASLEEN FOROAIKASLEEN FOROA
IKASLEEN FOROA
 
Syaela wati achmad 94
Syaela wati achmad 94Syaela wati achmad 94
Syaela wati achmad 94
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users Accounts
 
At the dawn of the new laptops
At the dawn of the new laptopsAt the dawn of the new laptops
At the dawn of the new laptops
 
IT tools for the management of community projects
IT tools for the management of community projectsIT tools for the management of community projects
IT tools for the management of community projects
 
Dt3141 deady final
Dt3141 deady finalDt3141 deady final
Dt3141 deady final
 
Plan and create assessments in sa
Plan and create assessments in saPlan and create assessments in sa
Plan and create assessments in sa
 
Mo elasticity-density
Mo elasticity-densityMo elasticity-density
Mo elasticity-density
 
SOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, ExpandSOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, Expand
 

Mehr von Netwrix Corporation

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and whereNetwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsNetwrix Corporation
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsNetwrix Corporation
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceNetwrix Corporation
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingNetwrix Corporation
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaNetwrix Corporation
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Netwrix Corporation
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseNetwrix Corporation
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerNetwrix Corporation
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesNetwrix Corporation
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementNetwrix Corporation
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseNetwrix Corporation
 

Mehr von Netwrix Corporation (19)

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutions
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases Auditors
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable Media
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the Enterprise
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange Server
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy Changes
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the Enterprise
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
File auditing on NetApp Filer
File auditing on NetApp Filer File auditing on NetApp Filer
File auditing on NetApp Filer
 

Kürzlich hochgeladen

Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Kürzlich hochgeladen (20)

Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

Tracking File Access for Auditing and Compliance

  • 1. Tracking File Access for Auditing and Compliance White Paper
  • 2. Tracking File Access for Auditing and Compliance—White Paper Contents Introduction ...................................................................................................................................................... 3 Change Auditing for Compliance ...................................................................................................................... 4 Why Change Auditing Is Vital ........................................................................................................................... 5 Auditing Toolset for File Server Changes .......................................................................................................... 7 Native Tools ................................................................................................................................................. 7 Building versus Buying ................................................................................................................................. 7 Third-Party Software ................................................................................................................................... 8 Success Recipe ............................................................................................................................................. 8 The Smart Choice: NetWrix File Server Change Reporter ................................................................................ 9 2
  • 3. Introduction File servers can be among the most critical objects in the IT infrastructure of an enterprise. The importance of a particular server depends on the importance of the files kept there, and an organization generally has one or more file servers storing business-critical and confidential data. If that data is lost or compromised, this can disrupt operations or even jeopardize jobs at the company. For valuable file servers, precautions against unauthorized access and hardware failure are taken accordingly. However, preventive and protective measures do not help to determine the cause of a contingency, if one does occur. For that purpose, file server operations and security configuration should be constantly audited, enabling you to investigate problems and minimize the effects of adverse changes. In addition, IT staff has to deal with regulations compliance. SOX, HIPAA, GLBA, and FISMA compliance measures are not dictated by internal needs, but still have to be considered for the enterprise to function smoothly.
  • 4. Change Auditing for Compliance Audit data must be kept for a very long time--up to 7 years by some regulations. The scope of the stored data should be sufficient to satisfy any requests from the auditors and be as detailed as possible. Whether an auditor needs to know who opened a sensitive document at a specific point or view a complete history of changes to the permissions on the Projects folder for the past 3 years, the data should be readily available for analysis. Importantly, the data should clearly indicate who initiated the recorded change. Otherwise, the responsibility for any harm caused by the changes rests with the CIO. The more complete the audit data, the more certainty there is that the actual guilty party will be held responsible for damaging actions.
  • 5. Why Change Auditing Is Vital Consider a well-administered file server or storage appliance, such as a NetApp filer or an EMC Celerra system, where file access activity is not audited. This is a common situation, but that does not make it acceptable. Lack of auditing means that any problems related to file access or hardware maintenance cannot be dealt with efficiently. In fact, most of them are not even discovered. Major problems come to light indirectly and belatedly only when the company starts to feel their consequences—for example, leaked trade secrets, sabotaged accounting records or misplaced project data. Auditing on its own cannot prevent problems, but it can help do the following:  Detect problems early  Find the causes and solve the problems  Plan for prevention of such problems in the future These aspects of file server auditing are described in detail below. Detection If a problem occurs, it should be discovered as soon as possible, before it can cause an outage or impede operations. The more important the data, the more closely it should be monitored. If a number of business-critical files are deleted accidentally or intentionally, this should be reported the same day. The lost files can then be promptly restored from backup, and the risk of disruptions days later can be eliminated. Early detection is just as important for some actions that are not nearly as intrusive. Sneaky activity, such as copying large amounts of sensitive or confidential data to removable media, should not fall under the radar. The act of copying is indicated by the presence of a large number of reads, and it is easy to anticipate and track. Solution To solve problems that occur on a file server, it is important to have a comprehensive body of specialized audit data. Although the share of useful information found in audit trails is never big, there is no way of knowing in advance which parts will prove meaningful. Solutions often begin with investigations into the causes of problems so that the people responsible can be confronted with the evidence and correct the situation. For example, an important file, such as a balance sheet or healthcare patient data, may be found to contain invalid or misleading information. To find out who invalidated the file and when it happened, you will need audit trails. Sometimes, non-restrictive permissions can be set on confidential files so that everybody has access to them. Without an investigation, it may not be clear whether this was done on purpose or what the original
  • 6. permissions were. To look into the matter and restore the permissions, you need a detailed record of what happened. It may also become necessary to find out where a particular file or folder has gone. To grant such a request, you need the audit data ordinarily considered unimportant. Anticipation Experience with problems can be converted to preventive measures. As you resolve file server issues, your security and hardware configuration can evolve. For example, on a new file server, permissions may not be configured optimally, but after you gather and study file access statistics, you can confidently decide whom to grant access to which resources. On a different note, if the server periodically runs out of disk space because a lot of files are stored there, it may be a good time to increase the server's storage capacity.
  • 7. Auditing Toolset for File Server Changes The tools you use for change tracking must be able to cope with the enormous amount of audit data that needs to be sifted through. This section lists the main approaches used in production IT environments. Native Tools The Windows native file auditing system and tools such as Event Viewer are an entry-level solution. They have the advantage of requiring no customization or third-party software, but even in a mid-size IT infrastructure, they are not suitable for performing any meaningful change management. The native object auditing system, which supports auditing of files, provides very low-level events. It creates numerous log records for even a single action, such as copying a file. This makes the manual examination and correlation process inefficient and painful. Even with a well-designed change management strategy, native tools cannot significantly reduce the effects of adverse changes, due to the high latency between the change and its discovery, and lack of reporting capabilities. A change is not examined until after it has caused some negative results such as service failure or slowdown of operations. The time between an unwarranted change and its undesirable effects can be very short, and change detection automation is very important to ensure a timely response. However, but if the administrator is armed with only native tools, a change-induced problem might take a week or longer to solve. Building versus Buying The search for automation and analysis methods can lead a company to invest in in-house software. The range of technologies that can be employed is wide. PowerShell, the .NET framework, and many other programming and scripting languages have bindings for Active Directory and Windows APIs, which are extensively documented. The following tasks are well-suited for automation:  Subscribing to events—watching for the events you anticipate is very efficient as long as you know what kind of event you are looking for.  Handling event logs—backing up, archiving, and clearing logs for compliance and auditing continuity.  Querying for events—centralizing the search for events and making it more efficient. This list continues, depending on the specific needs of an organization. In fact, it can grow quite long, due to the comprehensive scope of available functionality. The effectiveness of in-house development is determined not so much by what is possible to do as by what
  • 8. can be done in the given time with the available resources. If the company does not specialize in change auditing software—and most companies do not—then the time and resources are bound to be too scarce for comfort. Even if the in-house solution is good, its development is certain to face problems:  Support—the software produced in house may have many authors, which increases support difficulty; in addition, such a solution may evolve organically and is not likely to be centralized.  Testing—new software does not normally go into production use until it has undergone extensive tests, which require a lot of time and expertise. In-house scripts and programs may be the optimal solution for some companies, but this is a rare case in large distributed environments that have to accommodate internal and remote clients, heterogeneous systems, and so on. Often, a more cost-effective and better-quality alternative is to purchase third-party software specifically designed for file server change management. Third-Party Software When it comes to choosing a third-party solution for Active Directory change auditing, a great variety of available software seems to fit the bill. The final decision can be influenced by many factors, such as the following:  Transparency of information about the product's capabilities  Quality-price ratio  Cost of ownership When the choice is made, it is important to remember that the tools alone cannot solve complex file server change auditing, tracking, and management problems. Success Recipe To be effective at tracking file server changes, it is important to have a sensible strategy and software tools that are flexible enough to meet all your needs but do not get in the way of your strategy. Good change auditing tools, together with a sound audit policy, have the additional benefit of helping you improve the management of your file servers.
  • 9. The Smart Choice: NetWrix File Server Change Reporter NetWrix File Server Change Reporter incorporates knowledge and understanding of the needs of file server change auditing personnel. It is a cost-effective solution offering competitive functionality for a low price. The File Server Change Reporter places change information directly at the administrator's fingertips, without the need to extract it by roundabout methods. The advanced reports provided with the product are based on the SQL Server Reporting Services technology and are suitable for ensuring SOX, HIPAA, GLBA, and FISMA compliance. Another feature essential for compliance is a long-term archival of audit data. NetWrix File Server Change Reporter comes in two versions: freeware and commercial. The freeware version can be used indefinitely, and it is suitable for small businesses with lenient auditing requirements. The commercial version is available as a free download. This version is as easy to use as the freeware version but much more powerful. It is fully enabled for a 20-day evaluation period. To continue using the product after the expiration of the evaluation period, you must purchase it from NetWrix. For details, see http://netwrix.com/file_server_auditing_change_reporting_freeware.html. ©2009 NetWrix Corporation. All rights reserved. NetWrix and File Server Change Reporter are trademarks of NetWrix Corporation and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.