Use case: file cleanup
27.08.2020Back to blog list
In order to transform disorganized data into valuable insights you certainly need a powerful tool, which will assist you in file analysis ensuring frequent information verification.
When your “house” is a mess and tidying up seems beyond your capabilities it is high time to take a close look on FileAuditor solution.
To prove it right let us start with a real life case provided by one of SearchInform clients, which will showcase the importance of cybersecurity to your business, however small it is.
A retail company was ordering expensive market researches, each
costing USD 100 000+. It was revealed that one week after a research
was received it would become available on the Dark Web and turn public for all the Internet users.
Thanks to FileAuditor it was discovered that 300 employees could access the researches instead of 100 specialists who were officially authorized to use them.
Subsequently, redundant access rights were closed. The retrospective investigation eventually pointed out an insider who leaked the research.
What is it?
FileAuditor SearchInform is a DCAP-solution, which is developed for automated file system audit, search for access violations and monitoring changes
in critical data, detecting suspicious user behavior. We encapsulate its essence by stating that its main target is to secure sensitive data against breaches, availability problems and unauthorized modifications.
This file analysis software is tailored to assist your business in identifying data repositories with the maximum concentration of sensitive data and put a high priority on protecting it from improper exposure. It helps to find all redundant, outdated and insignificant data stored on your computer or cloud storage and delete or archive it facilitating storage efficiency.
To develop a comprehension we need to highlight that FileAuditor doesn’t only classify data, it provides a customer with a quality insight that report any derail from the policy and a suspicious demeanor of your employees. It documents all changes made to files, folders, shares and permissions.
An ever-changing world we are living in today requires an enterprise however small entrust its sensitive data to file servers, at the very same time converting these servers into a desirable prey for all sorts of attackers.
The important question here is how to identify a potential IT risk in your infrastructure.
Looking back at the case above you might have already noticed that it is a must to validate your sensitive data is not overexposed and resides only in specified safe locations with ensured access permission rights.
Safe authorized access covered, next step is to control all user changes, spotting malicious insider activity. It will provide you with a detailed information, featuring who and when deleted a file containing important data, or who tried to access shared folders that they don’t have access to.
FileAuditor software solution gains a total visibility of what is going on across your company’s file servers. Moreover, it facilitates cleanup and lower your storage costs; swiftly provides answers to auditors’ questions with
pre-made compliance reports.
How does it work?
- Step 1: Agents are installed on workstations, FileAuditor is activated.
- Step 2: Configured rules determine which workstation resources can be used.
- Step 3: Collected data is transferred to the SearchInform EndpointController server.
- Step 4: EndpointController scans specific servers and collects necessary information about files, folders and access rights.
- Step 5: Collected information is recorded in the Microsoft SQL Server databases.
- Step 6: SearchInform AnalyticConsole client application shows the tree of monitored directories/files.
The good thing about it is that you are enabled to tailor the product to the company’s needs. When it comes to categorizing, a client can specify any type of data, such as a text, attribute, directory, computer, or a particular combination so that only critical data is controlled. You simply create rules to search for critical documents (by text, by regular expressions, by file attributes etc.), set the number of recent file versions to be archived and select speed, frequency, timing and other terms of scanning.
Owners of a company decided to conduct a revision of the accounting department documents for the first time. Several financial statements were missing. FileAuditor helped to recover the missing documents. The business owners found out by whom the documents were deleted and discovered that each file had been previously edited a few times – the figures have been intentionally altered. It turned out that the deputy chief accountant has intentionally killed the files before her dismissal as she considered it unjust and unreasonable.
SearchInform DCAP solution helps to mitigate the insider risk conditioned by disgruntled or money-grubbing employees. It is one hundred percent compatible with GDPR, HIPAA, PCI DSS regulations. It proves that your business evolves around valuable sensitive data and it is a high priority for an enterprise to make every possible effort in order to keep the data safe.
The FileAuditor solution monitors workstations and file servers, enables to customize search settings, makes an instant detection of modified files, saves several recent file versions and keeps copies of deleted files.