File Control File Security Solution- EaseFilter Filter Driver SDK

Introduction

It is always important to protect your enterprise’s sensitive data. The Windows access control list (ACL) only can do the partial job. Because you can’t set the ACL to the specific processes, you also can’t control the file access dynamically in your application. The EaseFilter File Control Filter Driver SDK can provide you a comprehensive file security solution. So you can authorize or deny the file access to the specific users or the processes. The EaseFilter allows you to monitor or control the file I/O activities in file system level in real time. So you can prevent your sensitive files from being accessed by unauthorized users or processes.

Understand the file control filter driver

The EaseFilter driver is a kernel-mode component that runs as part of the Windows executive above the file system. The file system filter driver can intercept requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target. The file control filter driver can extend or replace functionality provided by the original target of the request. You can log, monitor, modify, or prevent the I/O operations for one or more file systems with the filter driver.

Control the file access in the filter driver

The EaseFilter control filter driver can intercept the file I/O before it goes down to the file system or after it returned from the file system. You can deny the file access in the pre file I/O operations based on the filter rule policies. It meant that the EaseFilter can complete and return the file I/O without going down to the file system. Also you can modify the I/O data before it goes down to the file system or after it returned from the file system.

Block the file I/O operations in pre-IO

If you want to prevent your files from being changed, you have to block the file operations before it goes down to the file system, normally we called it pre-IO. For example if you want to block the file creation, file deletion, file written, then you can complete file operation with access denied status before it goes down to the file system.

Modify the file I/O data in pre-IO or post-IO

You can modify the file I/O data in pre-IO or post-IO. To modify the file I/O data, you must be an advanced user who understand the file I/O data structure, or you will corrupt a file. For example you can replace the write data in the pre-IO, the file encryption is a very good example. You can replace the read data in the post-IO, the file decryption is a very good example too.

Setup the zero-trust file access filter rule

It is simple to implement the zero-trust file security solution with EaseFilter SDK. Zero-trust meant all users or processes can’t access the files by default. In EaseFilter file control SDK, you just need to setup a file control filter rule with zero access right, then the zero-trust file protection is enabled.

Authorize file access to the specific users or processes

With the zero-trust solution, by default all users or process are in the blacklisting. No one can’t access your files if you don’t authorize the user or process to access the files. It can prevent the attack from the malicious software.

You can create a whitelisting users or processes by adding the access rights to the specific users or processes. So you can authorize the file access to the approved users or processes.