File activity monitoring is similar to database activity monitoring in many respects. For instance, a simple vivid example is that in both cases, you discover the sensitive data on your servers and configure policies to create rules about data access and actions to be taken when rules are met.
File activity monitoring may include the following capabilities:
- Discovery to inventory files and metadata.
- Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information.
- Monitoring- which can be used without discovery and classification to monitor access to files based on policy rules, audit and alert on inappropriate access, or even block access to the files to prevent data leakage.
File activity monitoring, usually abbreviated as FAM, puts to use a discovery agent commonly referred to as a file crawler to inventory the files on each server and identify sensitive data within the files. The discovery agent/ file crawler then collects the full list of folders and files, their owner, access permissions, size, the date and time of the last update.
File activity monitoring puts to use some decision plans to identify the sensitive data within each file. Each decision plan contains a set of well defined rules for recognizing a certain type of data. By default, file activity monitoring uses decision plans that identify data for SOX, PCI, HIPAA, and source code. You can create your own decision plans, and may even activate and deactivate decision plans to focus on the types of sensitive data about which you are concerned. You may view this as analogous to the classification process used with databases. Decision plans are analogous to classification policies.
The discovery agent/ file crawler sends file metadata and data from its classification process to the Guardium system. You can view that data in reports or in the File version of the enterprise search function.
In a nutshell, file activity monitor simplifies the file compliance process by allowing you to continuously audit file storage systems and keep a detailed record of every file access across the company, including the actions of privileged users. Show that you have unstructured data governance under control by using predefined reports to efficiently summarize your audit data.
A quick point to note, file activity monitoring discovery and classification cannot be installed if there is no S-TAP installed on the Guardium system.
- Imperva Database Activity Monitoring
- SecureSphere For Sharepoint
- File Firewall For Dynamic Data Masking