Capabilities

This section describes the main File Access Manager capabilities and provides a technical mapping of each service to a set of capabilities. You can find more information on each capability in the relevant chapters of this guide.

Activity Monitoring

Activity monitoring involves capturing information about events that users perform on monitored applications.

An activity includes the following elements:

  • Who? – A user

  • Performed what action? – Read, write, or delete

  • Where? – On what business resource? For example, a file, a file folder, a SharePoint site, or an Exchange mailbox

  • When? – Date and time which is displayed in the user’s local time

Real-Time Alerts

Issue real-time alerts based on pre-defined alert rules regarding suspicious activities.

Threshold Based Alerts

Issue threshold alerts when the number of activities in a given time frame exceeds a defined threshold. An example of a threshold alert would be, “Alert me when a user reads more than 1000 files in an hour.”  

Crawling

Crawling is a process that discovers the business resources (BRs) of a specific application, such as folders, mailboxes, etc.. It is the first task performed on an application, since BR(s) are required for many other capabilities, such as Permissions Collection and Data Classification.

Permissions Collection

Permissions Collection is a process that discovers and collects permissions on the BR(s) of an application. These permissions are later used and displayed in Permissions Forensics, Access Certification campaigns, Access Requests, and in other locations.

Data Classification

The File Access Manager Data Classification mechanism provides the ability to discover and classify resources and files containing sensitive information, such as credit cards, personal information, and health records.

Identity Collection

Identity Collection is the technical process of collecting and aggregating users and groups from different identity repositories, such as Active Directory, Azure, and NIS. This information is used in Permissions Collection, as well as to analyze users, groups, users’ membership in groups, the structure of groups, and other information.

Access Certification

Access Certification is a process (run as a campaign) to certify and/or remove stale or unneeded permissions (or identities).

Access Requests

Access Requests are users’ requests to gain permission to BR(s). File Access Manager manages and automatically fulfills these access requests using approval workflows.

Access Fulfillment

Access Fulfillment automatically adds or removes permissions to users’ BR(s).

Discovery of Data Owners

Since most organizations have many business resources, discovering the data owners can be a complex task. Normally, IT personnel need the help of an organization’s business users to discover which data owners own a specific business resource. File Access Manager automates the discovery process by collecting data on the activities and permissions of specific folders, and asking business owners who owns those folders.