Windows

STEALTHbits provides comprehensive security and governance for Windows File Systems and Operating Systems.

Request a Free Trial

Powered by ChronoForms - ChronoEngine.com

Windows File Systems Auditing and Reporting

Auditing & Reporting

  • Determine effective access to a share or folder as well as where a user or group has access
  • Identify where direct permissions are applied which may be indicative of high-risk or otherwise toxic conditions
  • Identify and revoke permissions that are no longer being leveraged, enforcing a least privilege access model

Remediation

  • Automatically replace existing share/folder permissions with a resource-based group model that reduces user access in accordance with least privilege access principles

Governance

  • Identify and assign data owners from the business for each file share through analysis of permissions, content ownership, and activity
  • Enable data owners to perform periodic reviews of access to their data
  • Enable data owners to perform ad-hoc access modifications to their data
  • Enable users to request access to shared folders and have the request reviewed, approved or denied by the data owner

Content

  • Profile content sizes to identify areas where cleanup efforts can be focused, saving costs associated with data storage and management
  • Locate stale file that have not been modified in a defined period of time to reclaim costly storage space and reduce risk
  • Clean-up stale files while still maintaining access for users through automated stubbing and moving of files to alternative storage locations

File Activity Monitoring

  • Monitor all file access activities such as reads, modifications, creations, deletions, and permission changes
  • Track all file and folder deletions, permission changes, and successful permission changes performed on High Risk Trustees

Threat & Vulnerability Detection

  • Identify and remediate Open Access to file share resources
  • Identity suspicious actions and activity patterns indicative of ransomware, account compromise, and data exfiltration
  • Isolate and identify Administrator access activities like file reads in shares they don’t have access to, Local user activity, and activities occurring as a result of open access to data

Sensitive Data Discovery

  • Identify files (including images using OCR) containing sensitive content such as Credit Card and Social Security numbers, personal health information, and dozens of other types of Personally Identifiable Information (PII) in multiple languages
  • Create and search for custom criteria specific to an organization such as Employee ID numbers, trade secrets, and product formulas
  • Enable data custodians to review the sensitive data found within their shared folders, mark “hits” as false-positives and make remediation decisions

Data Classification

  • Collect file metadata including classification tags that have been implemented via internal processes or third-party solutions
  • Tag files with classifications that denote the file’s sensitivity levels, contents, or other designations

Integration

  • Publish file system entitlements to IAM/IGA platforms through open data views

Attack Detection for Windows File Systems

Attack Detection

  • Detect unusually high volumes of file activity indicative of crypto ransomware attacks and data exfiltration attempts

Real-Time Alerting

  • Monitor all or specific file activities and operations for security, compliance, or operational purposes
  • Monitor and alert on access to sensitive files, folders, or shares for security intelligence and compliance fulfillment

Integration

  • Forward all or specific events directly to SIEM for a more contextual security event feed, consolidated alerting, and correlation with other data sources

Windows Systems Auditing and Reporting

Auditing & Reporting

  • Identify who has system-level access through local users and groups or domain group memberships
  • Identify accounts being used to run services to aid in privileged account management efforts
  • Identify all installed applications and their usage for license reclamation and reallocation
  • Calculate effective group policy from all GPOs at the domain level and how they interact at the system level

Governance

  • Manage local group membership through Group Membership Reviews, allowing resource owners to review the membership of Local Administrator groups and remove or grant access

Vulnerability Assessment

  • Identify critical conditions and configurations that expose a system or the credentials contained within it to high risk of compromise or indicate that it may be compromised already
  • Identify tools used by hackers and bad actors for reconnaissance
  • Determine compliance with patch and anti-virus updates to identify and remediate security vulnerabilities

File Activity Monitoring for Windows Devices

File Activity Monitoring

  • Monitor file access events in real-time without any reliance on native logging
  • Query and report upon file access events for any user across all or individual systems over any timeframe
  • Feed all or particular file activities to alternative technologies like SIEM in real-time for advanced analysis and correlation

Resources

3 Ways Sensitive Information Escapes Access Control

Executive Brief

Learn more

Closing The Door On Open Access

White Paper

Learn more

5 Challenges with Monitoring Windows File Activity

White Paper

Learn more