Data Transfer Automation – Insider Threat
The Data Transfer Auditor (DTAuditor) identifies potential insider threats by actively logging all data transferred to removable media. Our unique solution was specifically built for the DoD community with flexible options to control and alert when a certain amount of sensitive or classified data is moved to removable media devices such as CDs or USB drives. Data Transfer Auditor eliminates the strain of manually tracking and converting data transfers to electronic format. Our DTAuditor solution monitors data transfers and automatically provides the following metadata that can be used for the analysis and alert possible bad actor behavior and user data quotas.
- Who transferred the data
- What individual files were transferred
- The size of each individual file moved
- When the file was transferred
- What device the files were transferred to
Our insider threat solution tracks and records the transfer and movement of critical information, actively monitor’s user behavior, helps organizations meet DoD compliance, and reduces organizational risk.
- Monitors data transfers to hold all users accountable
- Logs all data traffic transferred from Windows systems to removable media and triggers an alert or stops the activity if transfer limits are exceeded
- Metadata is sent to protected logging systems providing a detailed record of each file that was transferred
Why use the Data Transfer Auditor?
- Data Transfer Auditor increases user accountability
- Know what data is being transferred and taken off the system to removable media
- Safeguards sensitive data
For Windows Operating Systems, SecureStrux has developed a unique and flexible insider threat solution combining powerful built-in tools and techniques already native to the operating system to capture file transfers. All of the information collected is easily recorded and sent to Syslog collectors for further analysis and monitoring.
This solution allows leadership to monitor and subsequently know who removed data, what was moved, and how much data was moved to removable devices by authorized users to detect the possibility of security violations and reduce the risk of insider threat. Additionally, this solution demonstrates adequate and consistent compliance with the requirements and intention of various DoD Directives.
Click here to read the full white paper: Insider Threat Automation Solution