This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."
Download it now to read this article plus other related content.
Auditing and Reporting
While the majority of our testing was devoted to the verification of security features, in today's regulatory environment, a robust auditing feature can be just as critical as security.
The most comprehensive monitoring feature for this purpose is shadowing, which is the ability to record all data transferred to and/or from a device or port. DeviceLock and SecureWave both support shadowing.
During our testing, shadowing allowed us to capture all data sent to specific devices, including our printer/scanner/copier/fax machine. How many companies actually monitor the information sent over a fax or documents that have been scanned? Low-tech crimes are often overlooked.
The only drawback we could see with data shadowing was, ultimately, data storage. A large enterprise could generate an enormous amount of data.
Safend uses file logging; while not as robust as shadowing, it lets administrators track what files are being accessed, moved, deleted, created and modified.
Safend took the honors for the most useful logs, with excellent information for forensic investigations.
We also liked DeviceWall's detailed Policy Change Logs, which record all the policy changes made and provide comprehensive connection reporting. On the other hand, we found the graphical Audit Log Reports and Acceptable Risk meter of little use to a security professional.
This was first published in March 2007