Breaches are an everyday occurrence. IT security professionals work tirelessly to protect against attackers penetrating their organization’s IT infrastructure, but what about the malicious insider?
Do you ever wonder if users in your organization are poking around where they shouldn’t be?
An easy way to investigate, using out-of-the-box capabilities aligned with StealthAUDIT 9.0 and our Access Information Center (AIC), is to leverage the activity information available via Stealthbits Technologies:
Step 1) Select any “sensitive” folder (for example HR or Finance)
Step 2) Select the “Activity Details” report within the Access Information Center
Step 3) Select the desired timeframe (our recommendation is 2-4 weeks)
Step 4) Ensure the ‘include subfolders’ option is selected
Step 5) Use the ‘Access’ column arrow and select ‘Denied’
You now have a list of users that have tried to access data outside of their defined role.
Happy hunting!
If you have questions, feel free to contact support: https://stealthbits.com/support
Want to learn more about StealthAUDIT and/or the AIC and test it out? Email a Stealthbits sales representative today! sales@stealthbits.com
Ian Andersen is the VP of Pre-Sales Engineering at STEALTHbits Technologies. A seasoned security leader offering nineteen years of IT systems experience. Multi-platform systems development, management, and security design expertise. Before becoming the VP of Pre-Sales Engineering, Ian lead the STEALTHbits Technologies Service Enablement Team.
Related Posts
- PROTIP – How to Purge Data in StealthAUDIT
- PROTIP – Fulfill a DSAR with StealthAUDIT 11.0
- Best Practices – Setting up StealthAUDIT SQL Server Database
- ProTip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for Oracle
- Pro Tip – StealthINTERCEPT DB Maintenance Best Practices
- PROTIP: Policy Registration & Managing StealthINTERCEPT via PowerShell and Editing StealthDEFEND Investigations & Categorizing Playbooks
- PROTIP: How to Update the “Have I Been Pwned” (HIBP) Breach Dictionary in StealthINTERCEPT Enterprise Password Enforcer and StealthAUDIT
- Protip: How to Setup User Activity & Database Logon Scans in StealthAUDIT for Oracle
- ProTip – The Power of Character Substitution Checks in StealthINTERCEPT Enterprise Password Enforcer
- Protip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for SQL
Leave a Reply