![]() In most cases after all is considered, well thought file access permissions are most of the battle, as anything else quickly becomes cumbersome for a very diminished return. Who is going to spend the time reviewing the millions of lines of file audit data?.Hand written notes made to take data off site?.What prevents the photocopier from being exploited?.What prevents printouts made during the normal course from being exploited?.If you have a larger organization or one with full time IT nerds to manage the solution then it may make sense. I mostly deal with small 10-25 user networks and when put in to context with the cost and complexity of most DLP solutions, the cost and scale of those solutions makes no sense. Plenty of DLP packages promise 100% seamless insight, but few appear to do it without a LOT of setup and a LOT of maintenance. Cost is another story. There is absolutely no way to determine what was done with the file, that component has to reside on the workstation that is accessing the file. Please let me know if you have any questions or would like any assistance with it.Īt the request of a client, I spent a great deal of time looking into DLP solutions:įrom the server side, all you can see is the file access and the account used to access it. If you'd like to download a free trial or try our Test Drive that doesn't require any installation at all, you may do so here Opens a new window. It will be able to tell you when users create documents on removable, cloud or network storage, for example. It has no knowledge really of whether that read was for the purposes of opening that file in Microsoft Word or if it was to initiate a file copy.Īnother solution you might want to look at, though, would be our product, Spector 360 Opens a new window, and, more specifically, its Document Tracking features Opens a new window. The operating system on the server just knows that a read was requested on the file. ![]() They will not be able to tell you that the file was copied, because they simply do not know. Having worked with many file system auditing solutions in the past (including ScriptLogic's File System Auditor and Quest's ChangeAuditor) I can tell you that even with solutions that have an agent and don't require the Event Log, you're still only going to see the read in one location and the create in another.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |