Windows file server acts as a file and folder storage that can be accessed by many users. Even though a working environment based on cooperation has many benefits, it may be difficult to prevent unauthorized access by monitoring the authorizations to shared folders. In order for the users to access the shared folders only, which they use while working, the managers need detailed authorization reports of all shared folders in IT media. These reports indicate whether any user has extreme authorization levels that may cause them to become an insider threat. In big corporations with many users and a workload that continually increases, it may be difficult for a manager to monitor the access authorization for any user account by using local methods. A proactive and continuous solution is required in order to remain above the file server authorizations.
Access control logs and process creation logs on Windows are shared with Logsign SIEM and are subject to the relevant correlation.
Behavioral analysis is conducted with correlation processes, and the user is tagged as Attacker, Victim, Suspicious.
Following the first activity started by the attacker on the side of the user, behavioral analysis is conducted with the logs received from the sources, and logs are enriched. Log activities formed with the activities conducted by the attacker are correlated and displayed on the relevant dashboard panels.
Malicious access demands detected by the Logsign correlation motor can be identified by Logsign SIEM. They are shared with the relevant IT managers via SMS & E-mail by enabling visibility and analysis.