Imperva Blog|Login|中文Deutsch日本語
File Activity Monitoring

File Activity Monitoring, Auditing and User Rights Management

Video: SecureSphere File Security
Conventional approaches for managing file permissions and for file activity monitoring simply don’t work for most organizations. Third-party administrative tools and other widely used solutions, such as directory services groups and the file auditing built-in to operating systems, do not keep pace with organizational changes or the volume and growth of unstructured data.

SecureSphere File Activity Monitoring (FAM) delivers user rights management, real-time file monitoring, and access auditing for files stored on file servers and network attached storage (NAS) devices. SecureSphere identifies existing user access rights and facilitates a complete file permissions review cycle to help ensure access to sensitive data is based on a business need-to-know. SecureSphere audits all data access activity to provide visibility into who owns and is using file data. It accelerates incident response and forensic investigations with analytics, reporting and alerts on abnormal activity. Unlike native auditing solutions, SecureSphere performs file auditing by monitoring network communications, so it is able to establish an audit trail without degrading file server performance.

Key Capabilities
Identify excessive user access rights and enable a complete file rights audit and review cycle
Audit all access to files including access by privileged users and applications
Alert on file access requests that violate corporate policies
Identify data owners
Document compliance, investigate and respond to incidents with advanced analytics and reporting

To learn more, click on the Capabilities tab.

Control User Access Rights to Sensitive File Data

SecureSphere FAM identifies existing user access rights and facilitates a complete rights review cycle to ensure sensitive file data is accessible only by those with a business need-to-know. It streamlines audits by aggregating, consolidating and reporting on user access rights to file data across all file servers and NAS devices. SecureSphere accelerates review cycles by:

  • Identifying users with access to sensitive, high-risk file data
  • Highlighting users with excessive access rights
  • Discovering dormant users and un-used access rights
  • Providing rights review workflow capabilities
  • Tracking and alerting on Active Directory changes in real-time

Audit all File Data Access

SecureSphere performs continuous monitoring and detailed auditing of all file operations in real-time to provide organizations with a complete audit trail that shows the 'Who, What, When, Where, and How' of each file data access. It monitors network communications and transparently records every user access of file data without impacting applications, users or file servers. SecureSphere creates a detailed audit trail that includes the name of the user, file accessed, parent directory, access operation (e.g., open, read, write, delete, etc.), access time, etc. For maximum security, the audit trail is maintained in an external, secured, and hardened repository which can be accessed exclusively through read-only views via a role based access mechanism. In addition, users can audit all changes made to users and groups within Microsoft Active Directory with SecureSphere Directory Services Monitoring.

Identify Owners of Files and Folders

SecureSphere FAM helps in the identification of data owners by providing visibility into the users of files and folders. The primary file and folder users are either the data owners or, as the largest data consumers, are able to immediately identify an owner. Owner identification is critical for compliance, security and IT operations because owners understand the business relevance of their data and can therefore provide critical input on how data should be managed and protected.

Quickly and efficiently document compliance, investigate and respond to incidents

SecureSphere provides interactive, on-screen audit analytics for visualizing file data access activity, Active Directory changes, and user rights with just a few clicks. Security, compliance and audit staff can leverage these analytics to identify trends, patterns and problems with file activity and user rights. SecureSphere reporting complements on-screen analytics and helps measure risk and document compliance with regulations such as SOX, PCI, and data privacy laws. For increased efficiency and automation, SecureSphere provides report templates and scheduling.

Alert on Abnormal Activity

SecureSphere FAM detects and alerts on access activity that deviates from corporate policy. Using a flexible framework, administrators can create policies that consider a variety of criteria, such as file meta-data (e.g., name, location, type, etc.), permissions, changes made within Active Directory and user access activity, and then take action when undesirable behaviors are observed. For example, an alert policy can be configured to trigger when “Marketing” users access “Financial Data”. SecureSphere alerts support a broad range of actions including sending an email to interested parties, assigning a follow-up task to an administrator, or executing an operating system command. Organizations can also establish file data security policies by blocking access with SecureSphere File Firewall and monitor all changes made in Microsoft Active Directory with SecureSphere Directory Services Monitoring.

Increase IT Operations Efficiency

SecureSphere helps IT operations staff, such as Windows, storage, help desk and directory services administrators work more efficiently. For example, because SecureSphere creates an audit record of all file access activity, data that is not being accessed can be identified and deleted or archived. Help desk staff can make faster decisions about granting access rights with SecureSphere information about data owners and effective permissions. Data ownership details and information about unused data also expedite data migrations and directory services domain consolidations. Migration and consolidation projects are also a natural time to conduct rights reviews, which User Rights Management for Files dramatically simplifies.

Deploy with Confidence

SecureSphere offers multiple deployment options, with drop-in simplicity through physical and virtual appliances, lightweight SecureSphere agents or a hybrid mix. Centrally managed, SecureSphere meets the needs of any environment – from small organizations with a single file server to large enterprises with geographically distributed data centers.

File Activity Monitoring Specifications

Specification Description
File Systems Supported
  • Windows file servers
  • Unix/Linux file servers
  • NAS devices with CIFS (v1 and v2) file shares and NFS (v3) file shares
Directory Services Supported
  • Microsoft Active Directory (AD) users and groups
  • LDAP v3 users and groups
User Rights Management
  • Audit user access rights to files via file system permissions
  • Validate excessive rights on sensitive data
  • Identify dormant accounts
  • Identify files accessible by global groups
  • Track changes to user rights
  • Revoke rights and group membership
  • Recommend data owners
File System Activity Audit
  • User name
  • Organizational department
  • File name
  • Folder path
  • File & Folder operations
  • Source & Destination IP
  • Data classification
  • Data owner
Data Classification
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Deployment Modes
  • Network: Non-inline sniffer, transparent bridge
  • Host: Lightweight agents (local or global mode)
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
  • MX Server for centralized management
  • Integrated management option
Events and Reporting
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Related Products