| Product Feature | File System Auditor | Native Windows Auditing |
| Auditing | | |
| Enabling Auditing | Auditing of both files and folders is centrally accomplished within the Service Configuration Console on a per server basis. | Auditing is enabled first at the system policy level and then individual folders and files need to be configured to be audited. |
| View Auditing Configuration | FSA provides a single listing of all folders and files audited on a server. | It is necessary to navigate to the Advanced security settings for each folder (and potentially file) audited to see if auditing is enabled. |
| Storage | Events are centrally stored in a secure SQL database providing a secure audit trail. | Events are stored per server within insecure Event Logs |
| Entries per event | Intelligent Auditing yields a single event for both simple events, such as a file read, as well as complex events, such as a file move. | Tens of entries are created for each event. For example, in a simple test of creating a text file and immediately deleting it, native auditing yielded 42 entries with File System Auditor showing 2 ?
|
|
Will I see tens or hundreds of entries with File System Auditor like I do |
|
No. File System Auditor uses Intelligent Auditing technology to make sense of file system events to yield a single entry in the auditing database.
|
|
Is File System Auditor another "snapshot" based auditing solution? |
|
No. File System Auditor monitors file system activity in real-time to ensure each and every event that occurs is recorded for a truly auditable trail. Snapshot-based auditing solutions can only show you the sum of all the changes since the last snapshot and not each individual event that occurred.
|
|
Does File System Auditor help with meeting compliance standards? |
|
Yes. File System Auditor applies to all regulatory and best practice standards that require protecting sensitive information (such as patient, financial or customer data). See the Compliance Matrix below.
| File System Auditor Compliance Matrix
The listing below is an example of just some of the compliance and best practice standards File System Auditor assists with. | | Standard | Requirement | | HIPAA | Section 164.312(b):
"Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information." | | Sarbanes-Oxley | Section 404(a)(2):
"...contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting." | | GLBA | Section 6801(b)(1):
"...to insure the security and confidentiality of customer records and information..." | | FISMA | Section 3544(b)(5):
"...periodic testing and evaluation of the effectiveness of information security policies, procedures, and practices..." | | NIST 800-53 / FIPS 200 | CA-7 Continuous Monitoring:
"The organization monitors the security controls in the information system on an ongoing basis." | | ITIL | DS5.7: Security Surveillance:
"To ensure such a level of security, that the agreed availability of the infrastructureand the IT services, as well as the business functions, is not compromised." | | COBIT | DS5.7: Security Surveillance:
"IT security administration should ensure that security activity is logged and any indication of imminent security violation is reported immediately to all who may be concerned, internally and externally, and is acted upon in a timely manner." | | CISP | Section 10.2.1:
"Implement automated audit trails to reconstruct the following events, for all system components... all individual user accesses to cardholder data." | | 21CFR11 | Section 11.10(e):
"Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records." |
|
|
|
How does File System Auditor work? |
|
File System Auditor is implemented as a file system driver, ensuring it does not miss any file system events. When files and/or folders are accessed for any reason (read, rename, delete, etc), File System Auditor?
|
|
|
|
|
Copyright © 2001 - 2010 AMT Software. All rights reserved.
All trademarks are property of their respective owners.
Information subject to change without notice.
Revised 15/3/2010 |
| Price - order
