A key feature of the EventTracker Windows. Agent is the ability to monitor removable media including USB ... available f
Monitoring USB and Writeable Media with EventTracker The proliferation of writeable media devices such as USB thumb drives and CD/DVD-W has created security challenges in private networks — In fact, much of the more serious theft of organizations’ data today is from internal sources, and a very convenient and efficient way to accomplish this is by utilizing these devices to copy confidential data. This often takes a few seconds, and since it can be easily done from a desktop, physically limiting access to the servers is not a complete solution. So the question becomes, how does an organization protect itself against data leakage from such endpoints and internal threats, such as maliciously infecting the network with spyware and viruses borne on such media? EventTracker from Prism Microsystems provides complete security event and information management from servers in the datacenter all the way down to the workstation, and gives valuable insight into what users are doing. A key feature of the EventTracker Windows Agent is the ability to monitor removable media including USB drives, and CD/DVD drives. This allows organizations to detect and in many cases prevent confidential data loss, and limit purposeful or accidental attacks from insiders. This feature is available for Windows servers 2003 and 2008 including R2 and for workstations including XP, Vista and Windows 7.
How it Works On servers or workstations the EventTracker Windows Agent is notified anytime a USB device or writeable media is inserted or removed. The EventTracker Agent monitors all file change activities for these devices, including any adds, modifications, deletions, or copies that are made. This information, combined with the time and date, the drive letter, and the user name ensures that you always know what is happening in your IT infrastructure. USB devices can be disabled based on serial number, ensuring nothing bad gets in, and vital information does not get out. A common scenario is to enable USB devices at a workstation, monitor activity, but restrict USB devices by serial number at servers. Based on your organization’s predefined policy and the type of activity that is detected, EventTracker can generate an incident alert to notify IT personnel, and optionally launch automatic remediation actions. Robust reporting capabilities allow you to drill-down to the computer level, user level, and by type of event, so you are always able to see what happened, who did it, when it occurred, and where it occurred — a vital requirement in meeting compliance mandates. A complete report of all files copied to USB or burnt to the CD/DVD drive is provided. The ability to monitor writeable media with EventTracker Windows agents provides substantial benefits to your organization: “Invisible”
EventTracker report detailing files added or removed
Because EventTracker Windows Agents operate behind the scenes, the users are unaware of any monitoring that is occurring.
Enhances IT Infrastructure Security
Reduces Costs
EventTracker Windows Agents ensure that you c a n see every activity taken by every user of the IT infrastructure, providing visibility to a c o m p l e t e record of files that have been added, removed, modified, or copied to or from a writeable drive, and in many cases prevent unauthorized loss of confidential data, or placement of malicious code.
EventTracker shortens the time it takes to investigate an incident, or based on your organization’s predetermined policies, can even prevent one.
Mobile Workforce Management When the workstation/laptop is connected to the network, real-time monitoring communicates data to the centralized EventTracker dashboard. Any activities that occur when the device is not connected to the network are stored in cache memory, and communicated upon reconnection to the network.
About Prism Microsystems Prism Microsystems delivers business critical solutions that transform high-volume cryptic log data into actionable, prioritized intelligence that will fundamentally change your perception of the utility, value and organizational potential inherent in log files. Prism’s leading solutions offer Security Information and Event Management (SIEM), real-time Log Management, and powerful Change and Configuration Management to optimize IT operations, detect and deter costly security breaches, and comply with multiple regulatory mandates.
EventTracker Incident Screen Indicating a USB Insertion
8815 Centre Park Drive— Columbia, MD 21045 Toll Free: 877.333.1433 Main: 410.953.6776 Fax: 410. 953.6780 www.prismmicrosys.com
