Veritas Data Insight - Auditing

Veritas Data Insight: Data Activity & Auditing

Chris FarmerData Insight

Veritas Data Insight is a tool to help GDPR and in many cases, it should be used as a toolset that allows the reduction in the service area of attack.

By which I mean ensuring that shared folders are not open to all and that security at the folder and file level is what it is meant to be. 

Large Unstructured Shares

With many businesses, the influx of new users, software and applications can put a strain on the IT Department and like many of those IT Departments, staff turnover can cause incomplete documentation. 

With folder sprawl and incomplete documentation, it can be genuinely easy for an IT Staff member to apply the wrong permissions or perhaps not seek the correct authorisation. 

Consider that, when ten folders turn into ten thousand, a massive issue can suddenly arise, and it will land in someone's lap to fix. If it is yours, Excel will not be of much help! 

Ownership

One of the key issues with file shares and folders is managing who should be in Control of the folder, from an approval process and who should have access to those folders and files within, be it Modify or Read Only.

From a Filer & Share Level, a custodian can be assigned, and the folders beneath can also have custodians and ownership assigned.

Veritas Data Insight - Ownership
Veritas Data Insight - Ownership

Data Insight can help in two areas;

  1. It can look at whom is accessing certain folders and from the access patterns can infer an owner. 
  2. Using the self-service portal, workflows can be enabled so that the ownerships can be confirmed or could be assigned elsewhere 

As you can see, in the image below, when navigating to any folder, Veritas Data Insight shows some relevant information in the Overview pain (1). Showing whom created the folder (2), user by last activity (3) and the Custodians (4). Not only that, but on the right hand side, you also have the size of the folder (5), number of Files (6), the inferred Owner (7) (based on activity) and the active, inactive and any sensitive files in the folder (8). 

Veritas Data Insight - Activity

This can all be done via the end users themselves, using the Veritas Data Insight Self Service portal, which is an Addon to the Veritas Data Insight suite. Thus, removing the guess work from the IT Department.

Auditing

Veritas Data Insight also provides auditing on every folder and file, who has created, accessed, modified or deleted a file.

Information Available on a File

Use the 4 Images in the slider to view typical information can can be viewed per file.

  • Veritas Data Insight - Activity and Monitoring - User Activity

    Veritas Data Insight - Activity and Monitoring - User Activity on a particular file.

  • Veritas Data Insight - Activity and Monitoring - Audit Logs

  • Veritas Data Insight - Activity and Monitoring - File Activity

Information Available on a Folder

5 Images in the Slider below shows the information from the Veritas Data Insight Web GUI.

  • Veritas Data Insight - Activity and Monitoring - Folder - Overview

    A quick overview on the folder. In this case you can see when the folder was created and by whom. When the last know activity was and even see the files within that folder.

  • Veritas Data Insight - Activity and Monitoring - Folder - User Activity

    A view by users, who has accessed the folder using either a Pie Chart of a Tabular Chart,

  • Veritas Data Insight - Activity and Monitoring - Folder - Folder Activity

    Shows the Folder access over time. So in this example you could summarise that the folder has some activity in November and so far just 1 Read in December.

  • Veritas Data Insight - Activity and Monitoring - Folder - Audit

    Shows all the activity that has occurred, by User, Access Type and Date, on the files within the selected folder.

  • Veritas Data Insight - Activity and Monitoring - Folder - Audit

    Shows all the activity that has occurred, by User, Access Type and Date, on the files within the selected folder.

Ongoing Monitoring

As a tool to allow auditing of activity and defining ownership, it is also key to have a strategy on how deep you are willing to permit ownership and therefore assigning permission.  One option, that I have used, is to go no deeper that 3 folders. 

This provides a good compromise on flexibility and management burden.  Implementing such a strategy, if something is not already in place requires full backing on senior management and project sponsors.  But once done, utilizing an application like Veritas Data Insight makes things so much simpler.

Extras
Ransomware

One other thing that Veritas Data Insight can do, and this is due to the auditing of users and activity, is have the potential to spot a ransomware attacks.

By default, the system looks for odd activity and because Veritas has created a template report, that can set to run once every 4 hours, the report could highlight a user that has been reading and writing an abnormally large number of files. This does not mean that they have be infected, but it can give an advanced warning and not only that, the report can show what has been changed, allowing easier restoration of those files.

Breaches

Data breaches will need to be reported on with GDPR and once again with a report generated by Veritas Data Insight, unusual activity from a user could show that that user is copying large amounts of data, this might be genuine or it could be a malicious act by that user, who is preparing to give sensitive data to a competitor.

Veritas Data Insight

Veritas Data Insight activity tracking and reporting provides a comprehensive view of all unstructured data files monitored and audited.

Using the web GUI to navigate and information on files in near real-time or the reports, providing information to the relevant departments and useful for historical reporting and compliance.

If you need any assistance please get in touch