Saturday, April 13, 2024

Leaving USB Devices & Critical Enterprise Data Unmonitored can Leave Your Sysadmins Perplexed

A USB device is a popular choice for storing data and information and, alas, a popular data theft target for hackers. In this article, we’ll cover the challenges for sysadmins and how these are addressed utilizing an often overlooked security strategy, file shadowing, that can safeguard your network.

To err is human, and to top it with a pinch of unpredictability is a perfect recipe for a colossal disaster.

– Sysadmins worldwide  

Delving into the lives of a sysadmin, it’s wise to stay a step ahead in today’s security-laden environment.

Firefighting is not an ideal solution for sysadmins; instead, being strategic and dynamic reduces uncertainties about the best way to counter cyber threats faced by the organization.

Managing myriads of devices in an organization, handling ad-hoc but “priority” tasks, and pulling all-nighters to handle security concerns are typical tasks for a sysadmin.

The tedious aspects of the job make it hard for anyone to remain continually upbeat. While that is the case with most professions, the risks in the sysadmin’s role come with a price, equivalent to a goalie’s momentary lapse that leads to an opponent’s advantage.

An oversight or error can cost your organization dearly!

Now, cast your eyes on the quote again. Associating it with a dedicated sysadmin shows how sysadmins juggle multiple tricky tasks. From an organization’s standpoint on security, the sysadmin roles allow no room for error.

Sysadmins design the organization’s network infrastructure to manage how a USB device is utilized. While controlling USB devices is pivotal, the information accessed by the devices is often sporadically managed.

It is crucial to ensure the USB devices are granted the appropriate permissions before they are provided access to the organization’s sensitive data. 

In a nutshell, we’ve defined the role of USB devices and discussed a key repercussion, file loss, resulting from improper device management.

Blocking all device access isn’t practical, as productivity would take a wild hit. If the tech-savvy world has taught us anything, it is to trust no one on the security front. So, what are we left with?

The silver bullet to this issue, file shadowing, creates a copy of the file that is deemed vital, thus protecting the file when a USB device tries to access it.

Whether creating a file copy in a network path of your convenience, excluding a file type/extension of your choice, or specifying the file size, ManageEngine Device Control Plus is your one-stop solution.

How is file shadowing different from a backup?

On the surface, file shadowing might seem more like the concept of a backup, and while it walks a similar lane, it is quite the contrary.

File shadowing helps track changes to the file, while a backup keeps a duplicated copy of the original file.

Device Control Plus provides a practical approach for framing your organization’s file shadowing policy.

This easy-to-utilize software solution breaks the concept into simpler parts for maximum customization, saving sysadmins considerable time and effort.

File shadowing in Device Control Plus can be configured in five steps

Nominate a USB device of your choice

Any USB device is eligible for file shadowing. The policy can be applied to particular devices so that only the file activities on those devices will be replicated.

Control the nature of the file to be shadowed.

The limiter for file size and file types or extensions for exclusion can be set for file shadowing. This narrowed approach ensures that only specific file types of the specified size are replicated instead of every file. 

Design the safe house for your critical files

The path in which the shadowed file resides can be configured for a user role or a group of user roles. While the user knows the file’s disk space, having a dedicated location for storing the copies is vital.

The path that is configured for a device will contain the copied file. The domain credentials to access the remote share where the shadowed data is stored can also be configured for added security.

Utilize Custom Groups to streamline policy enforcement

With a device control policy in place, applying it to a group rather than individual users makes sense. Custom Group groups users/user roles and endpoints relevant to the device control policy.

Voila! The report

Extensive audits will be generated in real-time as soon as the file shadowing policies are applied. The logs include details such as the devices, endpoints, and users involved in the operation, the file name, and the time it was shadowed. The logs are readily available and are used to analyze file shadow actions performed across the organization.

The kryptonite of file shadowing

File shadowing requires disk space and considerable bandwidth to store the shadowed data in a remote share folder. It uses file extension and size filters to ensure the shadowing is relevant.

However, files can be tracked with file tracing, regardless of the file size and extensions. However, with file tracing, regardless of the file size and extensions, files can be tracked.


  • Be it an accidental or intentional data loss, the file shadowing/data mirroring feature ensures that the shared folder can still be accessed and utilized, provided the data is transferred beforehand. The missing files are cross-referenced from the shared folder.
  • After extracting information from a system, any file that gets corrupted or goes missing while being transported in the USB device can be swiftly retrieved from the network share folder and restored to a location where authorized employees can regain access.
  • Critical and confidential files, such as passwords, financial records, or protected personal information, require a lot of effort and time by sysadmins when a user tries to access them.
  • Instead of frequently granting and revoking access as the file resides in a vault, with Device Control Plus, users can be granted access to the replicated data stored in network file archive remote share, a security benefit.

While this article advocates file shadowing, other features are designed to optimize peripheral device management.

With Device Control Plus, you can enforce a Zero Trust policy and only let the devices you choose have their way around the network by creating a list utilizing role-based access control.

This is a method for defining user rules based on their roles, or in other words, a hierarchical approach to manage the logs, and file tracing reports, to name a few.

Feel free to explore the features of Device Control Plus.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles