According to the security policies, established in the organization, only 100 users had legitimate access rights to the file.
Only a specialized advanced DCAP system is capable of revealing that a document with confidential content is kept in publicly available storage and that users inside corporate perimeter, who don't have legitimate access rights to the file, access or process it.
FileAuditor scans all file storages and checks them for compliance with security policies.
It examines files' names, directory they are kept in, reveals, which users have access to the files, and what's the most important, it analyzes each files' content.
If the file falls under any of the search rule, FileAuditor adds confidentiality label to the file: for instance, personal data or source code.
It doesn't matter, if the file is moved to another directory, its name and extension are changed - FileAuditor makes decision basing on the file content - if the file still contains something confidential after editing, the appropriate label is added to the file and it remains protected.
IS officer detects violations in files and folder access rights distribution.
FileAuditor shows user access rights to each document and folder using information from file system resources.
Thanks to this, an IS specialist does not need to use additional tools, he/she can immediately see: which groups and employees have access to a document and who are not allowed to access it; view the list of operations available to each user / each group of users with a particular file / a particular directory.
This is how change of access rights to file is performed in FileAuditor.
From now on every operation with a document, such as file opening or changing access to it; making changes to file content; file transmissions etc.
You can select files, which during the time period of interest were changed; renamed, transmitted or deleted; which access rights were redistributed; fell under a rule or vice versa, which control was stopped.
FileAuditor in the illustrative manner visualizes operations with files.
According to the rules, configured beforehand, solution prevents unwanted operations, e.g. attaching file to email, opening email via any application etc.
If an employee doesn't have legitimate access rights to work with the file, but intends to forward or open it, he/she receives a notification on the restriction of the operation.
Security policy activation when a user doesn't have legitimate access rights to work with a file.
If the confidential and valuable data is deleted from the file, the confidentiality label is also changed and the file control is stopped.
The solution makes backups of required types of files just in case they are lost or stolen.
The solution monitors all operations with files, reveals, who and when worked with file and what operations exactly were made if a file was renamed or transmitted anywhere.
The file system audit is the first and necessary step.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 21 Dec 2023 11:13:05 +0000