Adequately and efficiently capturing file system access and change activities can dramatically increase an organization’s ability to detect insider threats, prevent data breaches, and mitigate the damage that can be done by advanced threats like crypto ransomware. Native file system auditing functions within file repositories like Windows file servers and NAS devices like NetApp and Dell/EMC, however, are highly challenging to work with – sometimes impossible – often resulting in a significant blind spot for security practitioners and IT operations personnel.
The importance of capturing file system activity cannot be understated, having far-reaching benefits from Ransomware detection to forensic investigations, all of which lead to greater security and efficiency for an organization.
Just in these examples alone, there are at least three major beneficiaries of the visibility file system auditing can provide, including Security, Storage Operations, and Governance teams.
It’s easy to see that auditing file system activity is a worthwhile concept and for multiple reasons; so why doesn’t everyone do it? Here’s what it ultimately boils down to, but I’d highly suggest reading this White Paper called “5 Challenges with Monitoring Windows File Activity” for some specifics:
So, that’s why everyone doesn’t do it. It causes them grief and understanding the output is like another full-time job.
So far, we’ve discussed many of the merits of monitoring file activity on your Windows and NAS devices, as well as some of the hurdles to making it happen.
You can dedicate the time, resources, and money to ensure critical systems have the horsepower they need to churn out the data, stuff it all into SIEM (even the garbage data), brush up on your Event Log knowledge, and write your rules and correlation routines, but that’s a pretty expensive proposition.
Alternatively, you could use a highly tuned, intelligent file system auditing alternative like STEALTHbits File Activity Monitor. It’s lightweight, easy-to-use, scalable, configurable, affordable, and interoperable with your SIEM (check out the IBM QRadar and Splunk apps that come along with it for free).
Learn more about STEALTHbits File Activity Monitor.
As General Manager, Adam is responsible for product lifecycle and market adoption from concept to implementation through to customer success. He is passionate about market strategies, and developing long-term path for success for our customers and partners.
Previously, Adam served as CMO and has held a variety of senior leadership positions at Stealthbits – now part of Netwrix including Sales, Marketing, Product Management, and Operational Management roles where his focus has consistently been setting product strategy, defining roadmap, driving strategic engagements and product evangelism.
Adam holds a Bachelor of Science degree in Business Administration from Susquehanna University, Selinsgrove, PA.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply