PA File Sight Ultra edition is a file monitoring software that helps mitigate the security flaws in the Windows environment, especially “Windows File Server”. PA File Sight Ultra helps in protecting the server from ransomware attacks, and allows auditing and alerting of who is reading, writing, and deleting files. Besides file access auditing and logging actions, the PA File Sight Ultra provides traditional reporting on what happened earlier, whether you chose to be notified or not. Having installed, configured, and tested this tool, please refer to this guide on how to setup and configure PA File Sight Ultra and PA Endpoints.
PA File Sight Ultra is prevalent among organizations as it helps meet the compliance mandate in auditing file access and ensuring file integrity included in these standards “HIPAA, ISO 27001/27002, PCI compliance and corporate compliance need. PA File Sight Ultra is a superb option for environments with tight regulatory requirements where access to files requires tight control and auditing. It can augment a traditional antivirus service by blocking zero-day attacks based on file access patterns.
For the sake of completeness, the PA File Sight Ultra software can help meet File Monitoring and Access Auditing requirements.
- Who deleted or moved files or folders (Active Directory)
- Help determine which computer they read/wrote/deleted the file or folders from (IP address and computer name)
- Helps in determining who is reading and writing to files. – Determines the device and IP address files are accessed from
- When new files or folders are created, renamed, or deleted
- Alerts when files are moved to a different location
- Alerts when bulk files are read to, written, and when a file or folder is deleted.
- Detect users copying files: Only the Ultra version supports Endpoints installation on remote devices.
- Protect servers from ransomware by blocking individual user access, and
- And above all, helps in watching for log file modifications, and is useful for PCI DSS file integrity monitoring (FIM)
The figure (architecture) below is a typical installation method for PA File Sight Ultra. As you can see from the diagram, every installation has a monitoring service installed on a Windows Server or Workstation and this service helps in monitoring the drives on the device it is installed on.
Note: The Satellite Monitoring Service option help in monitoring remote servers even across the Internet without needing a VPN. This is accomplished by installing a Satellite Monitoring Service on additional servers or workstations. The Satellite will monitor itself and the alerts will be sent back to the Central Monitoring Service via SSL-encrypted HTTP. Below is the architectural diagram
File Auditing Features: Here are some great features of the PA File Sight Ultra application 1: File Monitoring - All files or just a subset - File and folder creation, deletion, access (reads), and changes (writes) - File and folder permission changes - Successful actions and well as failures - Real-time monitoring that does not require enabling system audit events 2: File Integrity Monitoring (FIM) - Proves log files are only appended to, and not changed in the middle - Alert if an unexpected user or process changes files 3: Alert Details - User account, including domain/Active Directory - User IP address and computer name - Target file and folder - Activity that was done to the file (read, write, and delete) - Date and time of action 4: Reporting (Available in Ultra edition only) - Report on specific users, files or activity - Report on specific time range - Configurable data retention period - Reports in text, HTML, .CSV or PDF formats 5: Notification response: With the Ultra version, you can be alerted anytime a file change is detected. - Email message - SMS test message - SNPP pager etc.
PA File Sight Ultra is an advanced auditing technology and has virtually no performance impact. I urge you to test and see for yourself why companies around the globe choose PA File Sight as their file auditing software. The PA File Sight Ultra can be downloaded from the following link and it comes with a fully functional 30 day trial period.
PA File Sight Ultra is so feature-packed, and unique in the sense, it logs and locks out users when it detects suspicious activities. PA File Sight fills the security and auditing void left by Windows File Server. More top settings can be found in this guide too “File Sight – File Access Monitor“
More on PA File Sight Ultra capabilities (features) - Automated Maintenance Schedule: The PA File Sight Ultra won't run when a device is in a maintenance mode - Performs bulk configuration - Easily brand PA File sight Ultra with your organization name by simply dropping an image file into the reporting directory etc. - Group servers together in visual group to help keep tract of them. - PA File Sight Ultra runs as a service. - PA File Sight ultra allows you to use the embedded SQLite database or use an external Microsoft SQL Server
You will have to install the PA Endpoint on each File Sight Ultra Satellite device. With the Ultra edition, you can manage all configurations from a central monitoring console.
Endpoint notion: By default, the File Sight Ultra monitor sees all activities on a file server as discussed above [includes which users are accessing files, what actions (reading, writing, deleting, etc) they are taking, and their IP address]. However, once a file arrives on the client’s computer, the server-based file sight monitor cannot see what is happening. Is the file being copied to a thumb drive, opened in Word or sent via E-mail? The File Sight Endpoint helps answer those questions.
The File Sight Endpoint is a small agent that gets installed on an end-user computer. It uses very little resources and shouldn't be noticed. It has no user interface.
The File Sight Endpoint performs the following functions: - Connects to the PA File Sight central service, or to a Satellite service - Watches files that are accessed from the network, and record the process that accesses them - Note the files that are written by that process - If a file is read from the network, and then written to disk, it is tagged as a probable copy
In a nutshell, we all are aware that the Windows File Server has limited functionalities. There is no built-in functionality to audit who accessed, moved, or deleted files. There is also no way of detecting and controlling unusual activities.
Because of this, I urge you to try out the PA File Sight Ultra edition. Beyond just file auditing, it will help you meet regulatory requirements such as ISO, and PCI. With the built-in security settings, admins will be alerted if files are tampered with, deleted, or being read by those who shouldn’t have access.