Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

8 Things to Look for in File Auditing Software

Here is a list of 8 critical factors IT pros should consider when evaluating file auditing software.
Rob Sobers
1 min read
Published October 3, 2013
Last updated August 17, 2022

Any seasoned IT pro will tell you: auditing file and email activity is hard.  You’ve got a production Exchange or SharePoint server being pounded on relentlessly by users all day long and now you want to turn on auditing to capture crucial metadata, but you’re worried about taxing the box and running out of disk space storing all the audit data.  Dilemma.

In addition to performance and scalability challenges, auditing is hard for other reasons, too.  How do you ensure you’re capturing every event continuously without any gaps?  What about the output?  Where does it go?  Can I search it?  Build reports?  Get alerts?

It might sound scary, but if you can overcome these obstacles, metadata about your most important information assets, like emails and files, can be leveraged for a myriad of use cases (finding “lost” data, detecting data breaches, identifying stale data, and many more).

Here are 8 things to consider when looking at file auditing products:

  1. Does it require that you turn on native auditing (which can often be taxing on the box) and read raw log files?
  2. How much audit data can it store, where, and for how long (some products don’t normalize well and you have to purge audit data often)?
  3. Is the audit data accessible to other complimentary products?  On the flip side, can it take other data sources in?
  4. Is the audit data easily searchable, sort-able, and reportable (raw text in an event viewer just doesn’t cut it)?
  5. Is the audit data unified (i.e., can I look at what a user is doing across Exchange, SharePoint, file servers, etc. in a single view)?
  6. Is the audit data correlated with other metadata (i.e., who’s using data + data sensitivity indicators = win)?
  7. Is the audit data actionable (i.e., if you see a user touching data they shouldn’t, can you safely lock it down or create a real-time alert in case it happens again)?
  8. Is the auditing real-time and comprehensive? (some native auditing systems don’t capture all event types)

I hope these questions help you formulate a plan for deciding which file and email auditing software works for your environment and use cases.  As always, test your auditing software!

Have additional questions?  Feel free to reach out to us on Twitter: @varonis.

File Auditing Software

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

complete-guide-to-windows-file-system-auditing---varonis
Complete Guide to Windows File System Auditing - Varonis
Windows file auditing is key in a cybersecurity plan. Learn about file system auditing and why you'll need an alternate method to get usable file audit data
how-to-run-an-active-directory-audit-using-varonis
How to Run an Active Directory Audit Using Varonis
AD is a primary target for attackers. Read on to learn how to use Varonis to discover vulnerabilities and remediate risk in an Active Directory audit.
varonis-named-a-leader-in-gigaom’s-2023-radar-report-for-data-security-platforms
Varonis Named a Leader in GigaOm’s 2023 Radar Report for Data Security Platforms
Varonis is proud to be named a Leader in GigaOm’s first-ever Radar Report for Data Security Platforms.
windows-10’s-security-reboot,-part-iii:-fido-and-beyond
Windows 10’s Security Reboot, Part III: FIDO and Beyond
FIDO’s Universal Two Factor (U2F) is intended to make it easy for companies to add a strong second factor to their existing crypto infrastructure. Most of us are probably not...