Case Study

We Tailor-Fit Our Solutions to Each of Our Clients

A common requirement for IT and security professionals is to monitor particular folders of interest in Windows for any file activity, such as creating, renaming, moving, deleting, or writing a file. 
 

The traditional approach to this scenario is to apply an auditing policy to a Windows folder. This approach is relatively straightforward to set up and is scalable.
 

However, here is a preview of the events that are generated (see the image):
 

There’s plenty of data, but they’re quite difficult to decipher and still leave plenty of doubt in a user’s mind over what exactly happened to a given file.

Tutela Event Generator.png
Tutela Event Generator2.png

Our Solution

CyberSift has released a (currently Windows-only) agent which monitors file system activity and generates easy-to-understand events. Compare and contrast the native Windows events displayed above to the following events that are produced when the Tutela Event Generator is installed (see the image):
 

The events generated are much easier to use in ascertaining what happened and contain the most useful pieces of information:
 

  • Which file was modified?

  • Which process carried out the change?

  • Which user carried out the change?

  • What was the operation executed on the file?

       – Rename/Move
      (in Windows, moving a file is a special case of          renaming the file)
      – Create
      – Write
      – Delete.