In this fun discussion there is a brief bonus discovery about a cool project Jess is working on with Microsoft Archiving Services…..this is a cool technology that can be used to free up expensive SAN space and reduce third party costs.
During the installation we reviewed basics like scanning file servers and specify signatures for sensitive items to look for such as Social Security Numbers, credit card numbers, HIPPA, PCI, as well as custom search strings. You can then configure reports and alerts for actions that occur on these items, or on non-sensitive items. You can also monitor AD group membership changes.
Stop the Noise
You can alert on fewer non-sensitive items which allows you to eliminate alerts that you probably don’t care about, and simplifies your data governance monitoring overall because there is less noise to sift through.
You can run a report on AD group membership. I found it useful to setup a report to monitor membership of privileged groups such as Domain Admins, as well as an alert when this membership is changed. In addition, you can alert on an account being enabled, disabled, locked, unlocked, or reset. All of these help to keep tabs on privileged access or normal user accounts.
File/folder permission changes:
You can alert and report on permission changes to files and folders, for sensitive items, non-sensitive items or both. This helps you monitor any unauthorized access changes.
Sensitive file/folder actions:
If you have critical or very sensitive files, you can even create a report to monitor if these files or folders are opened or deleted. This report will include the username that accessed these items.
Another useful report is the File Statistics report, which can be run either sensitive or non-sensitive files. It lists all files and whether or not they were accessed during the time period you specify. This is useful for determining if files are unused and are a good candidate for archival storage.
You can setup a report to list activity by users other than the mailbox owner, which happens when users send as another user. This can track this behavior and detect abuse of this functionality. Users such as administrative assistants can be excluded from this report.
Love this episode? Leave a Review
If you haven’t already, please make sure you leave us a review on iTunes.
About Bill Murphy
Bill Murphy is a world-renowned IT Security Expert dedicated to your success as an IT business leader.
Connect With Us On Social Media
Join The CIO Innovation Mastermind Community
We invite the top 20% of Business IT Leaders for my CIO Innovation Mastermind Events group to participate in monthly discussions on things like VR, AI, and other disruptive & emerging technologies. If you want to become a member, email Chief of Staff, Jamie Luber Jluber@redzonetech.net for more information.