See a File Activity Monitor Demo without Leaving Your Desk

File Activity Monitoring

Organizations spend thousands, if not millions of dollars, on their data storage infrastructure. However, many lack visibility into file activity on Network-attached storage (NAS) devices like NetApp, Dell EMC, and Hitachi—as well as Windows devices. This is because native auditing can present challenges like configuration complexity, undifferentiated events, and performance issues. As a result, companies are unable to answer basic questions like:

• Who moved, deleted, or modified a file?
• What provisioning changes have been made?
• Which files/folders are stale and can be migrated to cloud storage?
• Where is there suspicious file activity?

Having this insight would enable organizations to make more informed decisions around data management to improve operations, security, and compliance.

I wanted to see how Stealthbits File Activity Monitor can help storage and security teams gain this insight so I asked Solution Engineer Nick Nieves if I could join him on a customer demo. Here’s what I learned:

Stealthbits File Activity Monitor

Nick tells the customer that Stealthbits File Activity Monitor (SFAM) is an easy-to-use, stand-alone utility that will give them visibility into what users, machines, and service accounts are doing across file servers. Nick shows the storage administrators how quickly they can add the monitoring capability to NAS devices (the customer is mostly a NetApp shop) to see file operations as they happen—as well as failed operations where users tried to access files to which they don’t have rights. 

Nick says common file activities organizations want to keep tabs on are:

• Checking the file activity of employees who have given notice, or been terminated, to see if they have copied valuable files to USB drives or cloud storage
• Recording access events to files that are subject to regulation like plant emission measurements or drug trial results
• Restoring files that are accidentally deleted, moved, or renamed—or restoring permissions that are inadvertently changed

The customer’s team wants to try the utility so they use its query capabilities to drill-down into a particular user’s activity over a specific time period. 

Nick then shows them how they can sort and report on the file activity data the way they want, including exporting it into formats like .csv for Excel analysis.

Stealthbits File Activity Monitor App for Splunk

The conversation gets even more interesting when the security team says it uses Splunk for Security Information and Event Management (SIEM). Nick demonstrates how Stealthbits can feed enriched file system data into Splunk to deliver real-time insights on a pre-configured dashboard.

He walks them through the tabs of Stealthbits File Activity Monitor App for Splunk, showing how they have both graphical and detailed data insight into deletions, permissions changes, and threats like Ransomware. Being able to detect Ransomware attacks against network file shares is of great interest to this customer since its industry has been one of the hardest hit. 

In hearing the customer’s comments on how Stealthbits File Activity Monitor is going to increase the value of their NetApp and Splunk investments—while saving money on fewer events per incident being fed into SIEM, I decided to write this blog to help more customers.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Name

Email*