Menu

¿Cómo rastrear archivos copiados de un dispositivo USB?

Data breaches continue to be listed as one of the top cybersecurity risks. Controlling what happens to USB devices is essential to managing threats and identifying extracted files.

However, copying files is only one of the modalities. Sometimes USB devices are infected with malware designed to infect computers or entire networks.

Attacks can even reach the cloud ecosystem. According to Delta Protect, 52% of malicious software can use USB devices to avoid detection by the cloud’s cybersecurity system.

Is it possible to prevent copying files to USB devices?

DLP (Data Loss Prevention) software allows you to restrict the copying of files to USB devices or other peripherals. This is one of the methods that businesses can use to protect their sensitive information.

ManageEngine’s DataSecurity Plus features a DLP module designed to prevent data loss using USB devices with capabilities to monitor and audit any files copied to USB.

How to monitor file activities on USB?

Below you will find the step-by-step to monitor file activities on USB.

  1. Download and install DataSecurity Plus.

  2. Open the DataSecurity Plus console.

  3. Go to the Endpoints tab. Go to Settings → Sources → Devices.

  4. On the Configured Workstations page, select Add Workstations in the upper-right corner.
1 2048x536 1

  1. Select your Domain.

  2. Select the + symbol next to the Select Workstations text box and add the workstations you want to audit and protect.

  3. Choose Audit Removable Devices.

  4. Select Install agent and finish.

2 2048x647 1
  1. Go to Reports. Under Source-Based Reports, choose Report on File Activities on Removable Storage.

  2. Use the Period drop-down menu to select the desired time range in which file activities on removable storage devices such as USB will be monitored.

  3. The report shows all file activities on removable storage media.

3 2 1024x314 1

Related content: It’s time to talk about the biggest data breaches in 2024

 How to track files copied from a USB device?

  1. Go to Endpoints → Settings → Audit Settings.

  2. Choose Removable Storage from the available audit profiles.

  3. Select Edit for the Audit Removable Devices audit profile.

  4. The audit profile is predefined with an appropriate Name, Source, and Description.

  5. Go to the Criteria section and add these filters under the Include tab tab:

    • Actions: Pasted files.

    • Users: Everyone.

  6. Use the Exclude option to exempt trusted users, groups, and non-essential files from the Copied Files report.

4 1024x372 1

How to trigger instant alarms in response to sensitive files copied to USB?

  1. In the DataSecurity Plus console, navigate to the Endpoints tab.

  2. Go to Settings → Settings → Alert Settings.

  3. Choose Removable Storage from the available Audit Profiles.

  4. Select the Edit option for the Data Loss Prevention alert profile.

  5. The alert profile is predefined with an appropriate Name, Source, Description, and Severity.

  6. Go to the Criteria section and add these filters under the Include: tab:

    • Actions: Pasted files.

    • Users: Everyone.

    • File classification*: Restricted.

Note: Use other criteria such as File Type, File Size, File Name, and more to selectively monitor critical data being copied.

  1. Use the Exclude option to exempt trusted users, groups, and non-essential files from the Copied Files report.

5 1024x433 1

  1. Under the Threshold tab:

    • Check Enable.

    • Specify the desired threshold value (for example, setting “100 events in 1 minute from any source” will generate an alert when 100 or more files are copied/pasted in less than a minute).

Note: The threshold limit can be customized to your organization’s needs.

6 1024x349 1

  1. Under the Response tab:

    • Email, and check Enable Email Notifications.

      • Specify one or more email addresses to which you would like to send alerts.

      • Set the Email Priority to High.

    • Add an appropriate Subject and Message for your email.

      • Select Lock USB and check Enable USB lock.

    • Click Save.

Now, you’ve successfully configured DataSecurity Plus to audit, alert, and respond to sensitive files that were copied.

7 1024x542 1

Related content: Data leaks don’t stop! More than one billion identities stolen in 2024

DataSecurity Plus: A comprehensive solution for data protection

With DataSecurity Plus you can:

  • Identify potential data security threats and protect critical data by monitoring all file activities and modifications in real-time.

  • Restrict viewing or copying of classified files on USB and auxiliary devices.

  • Generate instant alerts and block the movement of files with critical data, such as PII or ePHI, through business and Outlook email addresses.

Learn more about DataSecurity Plus

If you want to know more about this tool, you can schedule a free demo, quote the licensing of this tool or download a fully functional trial for 30 days.

Would you like to read

Placehodler

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse vel ultricies massa. Praesent at semper augue. Pellentesque at tortor vel ante blandit aliquam. Praesent rutrum ex nec felis lacinia, eu luctus massa ullamcorper. Pellentesque nulla massa, bibendum commodo justo at, euismod rutrum nibh. Cras in felis eget nisl faucibus porta eu ac massa. Donec quis malesuada metus. Phasellus at mauris non magna laoreet luctus. Aliquam erat volutpat. Integer ut lorem a purus aliquam aliquet. Duis maximus porta ex, vel convallis nulla efficitur sed. Ut justo nulla, consequat ac scelerisque in, tincidunt non tortor.

bicycle