While you’re in the thick of combating the plethora of IT security threats, network anomalies, intrusions, phishing, malware, etc., you know that through it all you need to be keenly aware of all file activity. And there’s lots of it. While file auditing is clearly an important part of any APT or malware detection strategy, being able to adequately monitor all system file changes and payment card data access is a primary requirement of PCI compliance.
For the sake of securing your network and data, you likely devote a fair amount of your IT budget to the cause. However, dealing with all the challenges that accompany file auditing can ring up some non-monetary expenses as well. File auditing is clearly a big part of your IT management and can consume a significant amount of your security staff and technology resources. It can also call for a lot of thinking, planning, and even more training.
For example, with Windows® File Auditing, how do you configure a consistent audit policy across multiple systems? How do you limit auditing to specific file types? The New Technology File System (NTFS) audit policy doesn’t provide support for wildcards.
Then of course there is the matter of collecting, analyzing, and alerting on file access events. This is something that a SIEM solution can assist with, but it needs to be a SIEM resource with some real knowledge of engineering to make sense of the cryptic events Windows generates.
One of the other big challenges you have to tangle with in Windows file auditing is noise. There are some things you can do in your audit configurations to reduce noise. But with Windows NTFS file auditing there’s no way to get rid of the noise.
If you’re in a small, budget-constrained security department, you could immediately start noticing implied expenses in terms of limited security expertise, the time and effort required to accurately set up and configure the tool, and the labor involved completing all of the necessary file auditing tasks. With adequate threat detection, file security, and PCI compliance on the line, file auditing is more than a financial investment.
Given the gravity of file auditing in your IT security operations, this is not a process that you should entrust to the nearest free file auditing tool. Sure, you might not have to put money on the counter for the tool, but you’ll soon start seeing the costs of “free” coming from all directions. A little thought, research, and education can go a long way toward controlling the costs and adhering to the compliance regulations.
To gain in-depth knowledge about file access auditing in Windows, attend this free, live training Webinar.