Organizations spend thousands, if not millions of dollars, on their data storage infrastructure. However, many lack visibility into file activity on Network-attached storage (NAS) devices like NetApp, Dell EMC, and Hitachi—as well as Windows devices. This is because native auditing can present challenges like configuration complexity, undifferentiated events, and performance issues. As a result, companies are unable to answer basic questions like:
Having this insight would enable organizations to make more informed decisions around data management to improve operations, security, and compliance.
I wanted to see how Stealthbits File Activity Monitor can help storage and security teams gain this insight so I asked Solution Engineer Nick Nieves if I could join him on a customer demo. Here’s what I learned:
Nick tells the customer that Stealthbits File Activity Monitor (SFAM) is an easy-to-use, stand-alone utility that will give them visibility into what users, machines, and service accounts are doing across file servers. Nick shows the storage administrators how quickly they can add the monitoring capability to NAS devices (the customer is mostly a NetApp shop) to see file operations as they happen—as well as failed operations where users tried to access files to which they don’t have rights.
Nick says common file activities organizations want to keep tabs on are:
The customer’s team wants to try the utility so they use its query capabilities to drill-down into a particular user’s activity over a specific time period.
Nick then shows them how they can sort and report on the file activity data the way they want, including exporting it into formats like .csv for Excel analysis.
The conversation gets even more interesting when the security team says it uses Splunk for Security Information and Event Management (SIEM). Nick demonstrates how Stealthbits can feed enriched file system data into Splunk to deliver real-time insights on a pre-configured dashboard.
He walks them through the tabs of Stealthbits File Activity Monitor App for Splunk, showing how they have both graphical and detailed data insight into deletions, permissions changes, and threats like Ransomware. Being able to detect Ransomware attacks against network file shares is of great interest to this customer since its industry has been one of the hardest hit.
In hearing the customer’s comments on how Stealthbits File Activity Monitor is going to increase the value of their NetApp and Splunk investments—while saving money on fewer events per incident being fed into SIEM, I decided to write this blog to help more customers.
Tuula Fai is the Senior Marketing Director of StealthAUDIT at STEALTHbits. For the past 20 years, she has worked in a variety of roles within the software industry, starting as a developer and implementation engineer before moving into product marketing and digital campaigns. Having worked in both customer service and human resources, she is passionate about safeguarding customer and employee data as part of overall security initiatives. She graduated Summa cum Laude from Georgetown with an MBA in marketing and IT, and has won two technology marketing awards. You can find her running and writing in the Rocky Mountains of Colorado.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply