The NextLabs File Server Access Audit solution is the only centralized auditing and reporting solution with its own software integrated natively into file servers and Microsoft SharePoint servers to collect file access activities. This allows precise activity logging without the noise of low-level event logs, and activity data is sent to the centralized report server for real-time activity monitoring across file servers and SharePoint servers distributed throughout the enterprise.
- Monitor file access activities on file servers to comply with regulations to monitor IT infrastructure. Log file access activity across file servers to provide evidence of internal control for HIPAA, SOX, and PCI-DSS audits.
- Eliminate Windows Object Access event logs to reduce cost of collecting, managing, and maintaining activity data. Automatically capture file access activity and store it directly in the centralized Activity Journal database, with zero maintenance on file servers.
- Collect only the audit data you need without messy, meaningless event logs. Target specific servers, users, and data types to log, optimizing data collection with precise actual user activity.
- Audit file server access interactively: no more reading cryptic event logs or converting them to generate reports. View the report dashboard for a snapshot of server and user activity, or run reports to audit actual user activity with full details in real-time.
- Create and manage audit policies centrally with one-click deployment to file servers. Manage the audit policy life-cycle with ease using graphical tool to: create, edit, deploy, and deactivate policies
File Server Access Audit Solution
Monitoring and auditing file access in the enterprise is required in order to demonstrate compliance with regulations such as SOX (J-SOX, K-SOX), HIPAA, and PCI-DSS. In today's vastly diverse IT environment with file servers distributed geographically and files stored increasingly in Microsoft SharePoint, auditing file access across the enterprise is becoming more difficult. Many of today's audit solutions depend on traditional system event logs, which contain so many low-level access events that they cannot produce meaningful audit reports. Collecting and analyzing system event logs is an outdated approach that does not give IT the tools they need to easily monitor and audit file access across systems and applications.
Capture Access Activity with Policy Adapters
Many solutions for auditing file server access depend on the Windows Object Access event log to produce audit reports. These reports are often difficult to read, and give no sense of what users are actually doing, because they generate so many event entries for just one simple action like opening a file. Furthermore, many applications, such as Microsoft Office applications, create temporary files that generate even more meaningless entries. Some solutions use a converter and analyzer to interpret what the user is actually doing, but even that approach does not provide accurate, detailed audit reports.
NextLabs' solution takes a different approach: Policy Adapters that integrate with the file system to monitor activities and log file server access. Policy Adapters:
- Run as a Windows service or Linux daemon on system start up
- Have zero perceptible latency to end users
- Require no maintenance or change to network infrastructure
- Monitor network file access activities over CIFS/SMB/Samba and NFS protocols
- Log actual file access activity as single, distinct actions including open, create, edit, delete, rename, change at-tribute, and change security
- Log user activity on file server host machines, including e-mail file, print file, copy to USB device, upload to Web, run application, and log on/off
- Capture only relevant activity dictated by audit policies, to optimize data collection and eliminate useless data such as activities on temporary files
- Automatically receive audit policies from the central Policy Server when audit scope changes
- Upload logs automatically to the Policy Server, with configurable frequency and log size
Store Activity Logs in a Centralized Activity Journal Database
The solution provides enterprise-class scalability to manage file server activity log uploads.
- One load-balanced Policy Server can handle log uploads from thousands of Policy Adapters on geographically distributed file servers
- All file access activities are stored centrally in the Policy Server's Activity Journal database for easy data backup and archiving
- Activity data is immediately available for running audit reports or monitoring activities in real time; no need for a converter or analyzer to clean the data before it can be used
- Activity Journal supports enterprise databases including Oracle, Microsoft SQL Server, and PostgreSQL
View Activity Dashboards and Run Audit Reports in the Reporter Application
The solution provides an easy-to-use, browser-based Reporter application to view and analyze file server access activities.
Using Reporter, you can:
- Glance at the summary dashboard for a quick snapshot of servers and users with the highest activity
- View reports of actual user activity on file servers with full details about the file, user, time, client host, network, application, and action
- Get a global view of file server activity across the enterprise with the centralized Activity Journal database
- Run reports with the interactive query builder to search activity for a specific file server or user
- Analyze activity patterns with summary charts, grouped by server, user, and audit policy, with one-click drill-down to see list of activities
- Filter file access activity over time, for historical data analysis
- Save, print, and share reports to provide evidence of control for an IT system audit
- Support popular browser applications including Microsoft Internet Explorer and Mozilla Firefox
Define and Manage Audit Policy in Policy Studio
Setting up audit policies is easy, thanks to Policy Studio, the graphical application where you create, edit, manage, and deploy audit policy. There is no need to set up audit policy on each file server manually or depend on system administrators to create policy.
With Policy Studio, you can:
- Manage policies on the Policy Server with the ease of an interactive desktop application
- Create audit policy with flexible activity logging options based on:
- File: server name, file and folder location, file type (e.g. Word, Excel, PowerPoint files), file properties, and document content
- User: user name, user group membership, user role and identity (e.g. department=Finance)
- Action: open, create, edit, delete, rename, change attribute, change security, e-mail, print, copy, upload, run, and log on/off
- Manage the whole policy life-cycle: create, edit, deploy, deactivate, and delete
- Delegate policy administration to regional or departmental owners to manage their own file server audit requirements
- View details of active policies deployed to any file server
- Export audit policies in PDF files, as evidence of control for an IT system audit
- Deploy policy to all file servers or target policy deployment to monitor activities only on specific file servers
Send E-mail Alerts and Remediation Workflow
The solution allows IT or business managers to respond immediately when a file server activity triggers an audit policy. For example, whenever an unknown executable program is copied to a shared file server, it could trigger an audit policy that sends an e-mail alert for immediate attention. The audit policy could also trigger a remediation workflow to instruct the Policy Adapter to delete, move, or quarantine the file.
Audit Access Activity on Microsoft Office SharePoint Server
In addition to storing files in file servers, many large enterprises are using Microsoft SharePoint document libraries to store business documents. Similar to the Policy Adapter for file servers, the solution offers the Policy Adapter for Microsoft Office SharePoint Server to monitor document access activity and upload activity log to the centralized Activity Journal database for real-time activity monitoring and audit reporting. NextLabs' solution is the only complete file access audit solution that supports a mixed environment with file servers and SharePoint servers distributed across the enterprise.
Control Center Policy Server Platform
The solution also includes the NextLabs Control Center, a XACML-based policy server platform that provides central management of audit policies.
The Control Center comprises four parts:
- Policy Server - Policy administration point (PAP) where policy and procedures are centrally managed
- Policy Studio - Graphical policy development and management toolset
- Enrollment Manager - Extensible integration manager for enterprise policy information points (PIP) that provides pre-built connectors to common attribute sources such as Active Directory and LDAP directories
- Report Server - Centralized activity journal where activity and audit information is collected, analyzed, and extracted to reports for automated compliance auditing