If you read part 1 in this series, you caught a glimpse of how STEALTHbits file activity monitoring solutions help solve critical change and access issues without the use of native logs. Today we’ll delve deeper into the explanation of these solutions and reveal five more real-life cases where you could use our file activity monitoring solutions.
Case 6: File Tampering
File tampering is when a user modifies the contents of
a file such as spreadsheet calculations or other data.
The STEALTHbits Activity Monitor automatically records who modified the spreadsheet (or other files), when, and from where.
Case 7: Administrator Activity Auditing
An administrator exploits his admin rights to access files with sensitive data.
The
file activity monitor solves this by providing an audit trail of all
administrator access, enabling the identification of privileged account misuse
or abuse.
Case 8: Sensitive Data Auditing
The law, or other regulations, require organizations
to record access events to files containing sensitive data.
The
file activity monitor will work with a DLP or sensitive data discovery solution
to provide an audit trail of access events to files with sensitive data.
Case 9: Ransomware Detection
Large numbers of files accessed and modified in a short time period can be indicative of crypto-ransomware.
The file activity monitor combines with a SIEM solution like Splunk or QRadar to send an alert when a large number of file access and modification events occur.
Case 10: Data Sabotage
File deletions
(individually or in bulk) can indicate attempts to sabotage data or
individuals.
The
file activity monitor can provide an audit trail of all file deletions within an
environment, allowing administrators to catch perpetrators and stop them from deleting
data.
To learn more about different approaches to solving critical change and access issues check out STEALTHbits File Activity Monitoring Solutions, StealthAUDIT, and StealthINTERCEPT.
Leave a Reply