Going beyond basic file auditing for data protection
Making the difference between read to output, and read to copy
MOST OF THE IMPORTANT DATA LOSS VECTORS DEPEND ON COPYING files in order to compromise security-sensitive data. However, detecting and investigating such incidents usually relies on object access logs or file monitoring solutions that only monitor basic file operations, such as read and write. These solutions can, at most, tell if someone accessed a file, but they cannot distinguish between cases where the file was output to the screen, or copied to another location. At the same time, they cannot identify the source of a data breach, in case multiple users had accessed the compromised records. In spite of these limitations, companies continue to rely on such solutions for their data security and compliance needs, in lack of technology that is able to detect more complex file operations, such as file copy or file rename…
Click here to download the full document.