Monitoring network file stores by analysing network traffic!
Network based file stores have been around for quite some time now and they continue to be a popular way to share data within organizations. While cloud based services such as Dropbox and Office 365 are popular, network based file stores will be around for a long time.
There are many reasons why organizations choose to store their data locally on their network. For many, it comes down to the security risks of storing confidential data outside of their networks. For others, it is the convenience of locally stored data which can be easily accessed and it won’t go offline if Internet connectivity is lost.
However, network based file stores have become the number one target for Ransomware attacks. All it takes is for one infected client to encrypt all data on network file shares. For this very reason alone, it is vital that you have some level of visibility as to what is happening on your network file stores. From my own experience, I know of three approaches:
- Agent\client based software solutions
- Native logging on file server
- Network traffic analysis
I am not going into any detail on the agent\client options as they are very vendor specific and I don’t know of any that does not impact on file server performance.