Monday, December 21, 2015

Can Varonis Capture "Copy" Events?



I get asked regularly if Varonis DatAdvantage can identify when a user copies a file?  

It depends. 

  • If the user opens a file on a server and copies it to his desktop, Varonis DOES NOT record the copy to the desktop, only that the file on the server was opened.  
  • If the user copies a file from one folder to another on the same server, we will see a rename event.
  • If the user copies a file from one server to another server, you will see a File Open on the first server and a File Create on the second server.

Based on how must people ask the question, the answer is no.  To really know what the user did with the file you need a Data Loss Prevention solution like Digital Guardian (our choice) or Symantec DLP.

2 comments:

  1. What if the user copied the file without opening it? Does it record that copy event?

    ReplyDelete
  2. Every "copy" event will start with Windows opening the file. Varonis will record that as an open.

    ReplyDelete