Removable Device Auditing
Organizations usually devote most of their resources to preventing external security threats. However, insider threats are equally dangerous and must be kept at bay. Sensitive data theft can severely damage organizations. USB drives are often used for this purpose because they are small and can contain large amounts of data. It is therefore essential to audit their use to:
- Prevent sensitive data from leaving your organization.
- Prevent the introduction of malicious content, such as viruses or spyware, to your organization's network.
Auditing removable devices with EventLog Analyzer
- EventLog Analyzer audits USB device usage through Windows event logs.
- Predefined reports display USB port activity.
- The reports are available in table, list, and graphical formats, with support for several graph types.
- Real-time alerts can be set up to instantly notify the administrator when a removable drive enters the network.
- Correlation rules help identify any suspicious activity.
- Plain text log information can be viewed by clicking on the respective points of the report.
Removable device reports
- Reports are provided to show all instances of a USB device being plugged into or taken out of the network.
- Identify who is making use of these devices, as well as when and where they are used.
- Keep track of all actions taken with removable devices, such as successful and failed creations, reads, modifications, and deletions.
- View trend and top N reports to understand overall usage patterns for removable devices.
USB Plugged In | USB Plugged Out | Removable Disk Reads | Removable Disk Failed Reads | Removable Disk Creates | Removable Disk Failed Creates | Removable Disk Modifications | Removable Disk Failed Modifications | Removable Disk Deletes | Removable Disk Failed Deletes | Host Based Removable Disk Changes | Top Successful Users on Removable Disk Auditing | Top Failed Users on Removable Disk Auditing | Removable Disk Changes Trend