File Share Activity Monitoring

By: Packetmotion  09-12-2011
Keywords: Access Controls, Audit Trail, Activity Monitoring

Organizations are faced with addressing ever-increasing compliance regulations and insider threats, requiring tighter policies and controls around “unstructured” file sharing data. Intellectual property, financial information, patient healthcare records and credit card data are just a few examples of sensitive assets that require tight user access auditing and controls. Merely finding and classifying these assets is difficult enough, but managing access control rights to “least privilege” and auditing access are even greater challenges. These requirements must be also met in an efficient manner, without affecting availability and performance.

Comprehensive audit trail and real-time enforcement for file shares with no agents, in-line appliances, or reliance on APIs

PacketMotion’s PacketSentry not only captures and saves detailed user transactions across a wide array of file shares (NetApp, EMC, Windows Servers, SharePoint and NFS) it also maps out sensitive data, identifies file owners, provides detailed access reports, and enforces policies. Unlike other solutions on the market, PacketSentry accomplishes these tasks without the use of agents or in-line appliances, allowing you to integrate PacketSentry into your network in a matter of hours, without the possibility of affecting production data or taxing system resources. With Active Directory (AD) based policies, access rights automatically update as users are moved to different AD groups, offering unparalleled ease of management.

Key Features:

  • Full audit trail of user and administrator file share data access
  • Real-time alerting and enforcement to block access by unauthorized staff
  • Complete Access Control Rights Management solution
  • Identifies likely in-scope data for internal audit or compliance based on activity monitoring of key user groups.
  • File ownership reports – identifies data owners based on actual access, supporting ongoing access control rights management
  • Summarizes access to help determine least privilege access controls for users and groups
  • File systems permissions auditing and reporting – detect rights assigned that bypass AD-group level controls
  • Identifies excessive/abnormal data access levels
  • Dormant File Management – Identifying files that are no longer needed on the server
  • Active Directory synchronization supports user, group, and host-based reporting.
  • Lowers the cost of audit and compliance with its unique architecture and automated policies
  • No logging, agents, or in-line appliances

Keywords: Access Controls, Activity Monitoring, Audit Trail,

Other products and services from Packetmotion


High Risk Users

Privileged Users – IT Administrators, third-party consultants, external support teams and managed service providers are granted very broad access to IT systems, including critical infrastructure and sensitive data repositories. PacketSentry’s architecture is based on network-based deep packet inspection and identity correlation at the Active Directory domain, database, and application levels.


Database Activity Monitoring

Stringent compliance reporting requirements from an array of mandates such as SOX, PCI DSS, ISO2700x and HIPAA/HITECH require comprehensive database monitoring solutions, and strong access controls to combat fraudulent activities. PacketSentry provides a granular identity-based audit trail of all database activity – down to specific instances, tables and queries – without agents or heavy logging.


User Activity Management

Built on a robust, yet easy to use rule engine, PacketMotion’s UAM system enables organizations to “blacklist” or “whitelist” specific user behaviors, create alerts based on access levels and known or anticipated behaviors, and block user actions that are identified as being suspicious or out of the norm.