File System Auditor 2.0 Released!

Today we released version 2.0 of our File System Auditor solution.




If you're unfamiliar with the product it does what the name implies; audits the activity in a Windows file system. Using a file system driver, File System Auditor tracks each and every action with the file system and records those actions in a centralized secure SQL database. Actions are intelligently audited, so a move of a file (which could really be a copy and a delete) shows up as a single move entry rather than two separate entries. No longer do you need to rummage through thousands of event log entries or rely on snapshot solutions that only get bits and pieces of the changes to your Windows file servers.

What's new with FSA 2.0:

• New improved interface
• Centralized configuration of audit settings enterprise-wide
• Support for Windows Clustered servers
• Improved Reporting of activities

File System Auditor assists with compliance needs for such standards as SOX, HIPAA, GLBA, FISMA, NIST/FIPS, ITIL, COBIT, PCI, 21CRF11 and more that require organizations to audit activity of users on secured systems.

A 30-day evaluation is available on the File System Auditor product homepage.

7 Best Security Practices: (4) Compliance Self-Assessments

Continuing my blogs on Gary Miliefsky's article "The 7 best practices for network security in 2007", I'd like to take the next logical step (which happens to also be Gary's next step) after Frequent Security Assessments, which is to apply the security you have in place to compliance standards and perform Compliance Self-Assessments.

First, not every company is subject to compliance standards. Here are a few:

• Sarbanes-Oxley - Applies to publically traded companies
• Health Insurance Portability and Accountability Act (HIPAA) - applies to the health industry
• Gramm-Leach-Bliley Act (GLBA) - applies to the financial and insurance industries All security sections of compliance standards do is define
• Payment Card Industry Data Security Standard (PCI DSS) - applies to any organization handling creditcard information.

There are a ton more; I just picked some of the most broad-reaching standards.

Organizations can take the Frequent Security Assessments and simply apply the results towards proving compliance. Every standard, while seemingly specific to a partular industry secretly is so generic, they could almost be interchanged with one-another with only the protected data terms being switched out. Just like the old 70's skit Letterman, you can rip out "Patient Health Information" in HIPAA with "cardholder information" in PCI and you'd have nearly the same standards.

The key issue here is knowing what steps need to be taken to assess your security according to the appropriate standard and working to test those standards out before you are audited.

MSI Readiness Analyzer

Today we released a FREE standalone tool for testing application compatibility with Microsoft Windows Vista - the MSI Readiness Analyzer for Windows Vista.

This tool will analyze legacy MSI packages and test them for compatibility with Windows Vista:

• Required Admin Privileges
• Use of Vista's Restart Manager
• Use of Logging
• Registry and File System Permissions

It will also perform the MCE validation (which is an advanced and faster form of Microsoft's ICE validation that checks for consistency within the MSI package) found within Desktop Authority MSI Studio.

You can find out more about the MSI Readiness Analyzer on our website. The download is free and does not require any registration.

ScriptLogic Google and Live Toolbar Buttons

If you're a user of either the Google or the Microsoft Live toolbar, you can now install a ScriptLogic button to gain direct access to:

• Searching ScriptLogic.com (using the Google search box)
• ScriptLogic Knowledgebase and Discussion Forums
• The latest product downloads
• Beta downloads
• ScriptLogic news
• The latest whitepapers

Get the Google Toobar here and install the ScriptLogic Google Toolbar Button here.

Get the Microsoft Live Toolbar here and install the ScriptLogic Live Toolbar button here.

ScriptLogic on TechForum Live

I've been on a hiatus from the 7 security best practices as my wife just had our 4th child (I'm sure you all will understand). I'll return to complete those later this week.

Last Friday, I had the privilege of being on TechForum Live, the streamed live "radio" show arm of the Technology Managers Forum, a NY-based professional association for IT Managers. The topic of discussion was "The Microsoft Desktop: Coping with Imperfect Software" (not my favorite title choice) with myself and Eric Schultze of Shavlik (Eric, whom I've known for about a year now is the authority on Microsoft patching. If you have a chance to meet him, ask him about the time Microsoft asked him to hack into their system to retrieve the password of I think it was Bill Gates - it is a fantastic story if your a real techie).

I got a chance to discuss the issues migrating to Windows Vista and Eric spoke about protection through patching, even in the case of Vista. It is about an hour show and was informative, even for me.

You can listen to the recorded broadcast here.