Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/23/2015Software Assist Corporation1 “Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just.

Published byArlene Gordon Modified over 8 years ago

Similar presentations

Presentation on theme: "12/23/2015Software Assist Corporation1 “Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just."— Presentation transcript:

1 12/23/2015Software Assist Corporation1 “Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just a protocol for internal and external file integration mechanism.” L. Frank Kenney Principal Analyst, Gartner Inc. Is your FTP environment exposing sensitive data?

2 FTP/WatchDog Real-time monitoring of FTP server activity Real-time monitoring of FTP server activity Monitors Open Systems FTP (Windows, UNIX, Linux, etc.) Monitors Open Systems FTP (Windows, UNIX, Linux, etc.) Consolidates FTP activity on multiple FTP servers into a single view Consolidates FTP activity on multiple FTP servers into a single view Enables real-time escalation of exceptions Enables real-time escalation of exceptions Extends automation efforts to include FTP usage Extends automation efforts to include FTP usage Facilitates comprehensive FTP usage auditing in seconds Facilitates comprehensive FTP usage auditing in seconds Provides unparalled visibility into what data is moving in and out of the organization through FTP Provides unparalled visibility into what data is moving in and out of the organization through FTP 12/23/2015Software Assist Corporation2

3 12/23/2015Software Assist Corporation3 Why Monitor Real-Time? Address the entire FTP exposure Address the entire FTP exposure Escalate FTP delivery problems Escalate FTP delivery problems Enhance security Enhance security Improve process automation Improve process automation Centralize monitoring and analysis Centralize monitoring and analysis Protect sensitive data Protect sensitive data Manage by exception Manage by exception Boost operational excellence Boost operational excellence Save Money Save Money

4 12/23/2015Software Assist Corporation4 Visibility into Sensitive Data Transmissions What sensitive data is being transmitted? What sensitive data is being transmitted? Where is it coming from and where is it going? Where is it coming from and where is it going? Is it properly secured during transmission? Is it properly secured during transmission?

5 12/23/2015Software Assist Corporation5 Visibility into Sensitive Data Transmissions Who is transmitting sensitive data? Who is transmitting sensitive data? Are they using secured connections? Are they using secured connections?

6 12/23/2015Software Assist Corporation6 Visibility into Sensitive Data Transmissions Where is sensitive data going and coming from? Where is sensitive data going and coming from? Are public transmissions properly secured? † Are public transmissions properly secured? † † Requires z/OS 1.5 and up with SMF 119 records

7 12/23/2015Software Assist Corporation7 Visibility into FTP Server Accessibility Where is data coming from and where is it going? Where is data coming from and where is it going? Are all transmissions over the Internet properly secured? † Are all transmissions over the Internet properly secured? † † Requires z/OS 1.5 and up with SMF 119 records

8 12/23/2015Software Assist Corporation8 Visibility into User Access to FTP Who are our largest FTP users? Who are our largest FTP users? Are they using secured connections? † Are they using secured connections? † † Requires z/OS 1.5 and up with SMF 119 records

9 12/23/2015Software Assist Corporation9 Manage FTP Usage by Exception What exceptional FTP transactions occurred? What exceptional FTP transactions occurred? Who is initiating these transactions? Who is initiating these transactions?

10 12/23/2015Software Assist Corporation10 Visibility into Failed FTP Activity What transmissions failed? What transmissions failed? Was production processing impacted? Was production processing impacted? Are hackers attempting to break into our FTP servers? Are hackers attempting to break into our FTP servers?

11 12/23/2015Software Assist Corporation11 FTP Exposure Auditors are looking at FTP Auditors are looking at FTP Exposes companies to data breach Exposes companies to data breach Unsecured data transmission Unsecured data transmission Transmission of sensitive data not monitored Transmission of sensitive data not monitored Logging of FTP activity inconsistent Logging of FTP activity inconsistent FTP usage not regularly audited FTP usage not regularly audited Shared User ID usage Shared User ID usage Anonymous FTP Anonymous FTP Policies not enforced (no audit) Policies not enforced (no audit) Due diligence Due diligence

12 12/23/2015Software Assist Corporation12 Texas Woman’s University The personal information of about 15,000 TWU students was exposed to potential identity theft (names, addresses and SSNs) The personal information of about 15,000 TWU students was exposed to potential identity theft (names, addresses and SSNs) IRS Tuition Statement data transmitted to an outside vendor via a non-secure connection. IRS Tuition Statement data transmitted to an outside vendor via a non-secure connection. Wide news coverage Wide news coveragenews coveragenews coverage TWU officials say there is no indication at this time that this data has been accessed or used by anyone TWU officials say there is no indication at this time that this data has been accessed or used by anyone “The university recognizes the seriousness of this exposure and the need to inform the affected students as quickly as possible” “The university recognizes the seriousness of this exposure and the need to inform the affected students as quickly as possible”

13 12/23/2015Software Assist Corporation13 Brand Name Exposed Acxiom hacked (Aug ‘03) Acxiom hacked (Aug ‘03) Through one FTP server outside the firewall Through one FTP server outside the firewall Bank of America tapes lost (Feb ‘05) Bank of America tapes lost (Feb ‘05) Credit card records of 1.2 million federal employees, including 60 U.S. senators Credit card records of 1.2 million federal employees, including 60 U.S. senators ChoicePoint hacked (Feb ’05) ChoicePoint hacked (Feb ’05) Thieves stole information on 145,000 people Thieves stole information on 145,000 people DSW hacked (Mar ’05) DSW hacked (Mar ’05) Credit card data breached compromising information on 1.4 million people Credit card data breached compromising information on 1.4 million people ABN Amro tapes lost (Dec ’05) ABN Amro tapes lost (Dec ’05) With sensitive data on 2,000,000 customers (later found after the damage was done) With sensitive data on 2,000,000 customers (later found after the damage was done) Marriott Timeshare tapes lost (Dec ’05) Marriott Timeshare tapes lost (Dec ’05) With credit card and SSN info on 206,000 clients With credit card and SSN info on 206,000 clients Ameriprise Laptop Stolen (Jan 2006) Ameriprise Laptop Stolen (Jan 2006) With SSN info on 226,000 customers and financial advisors With SSN info on 226,000 customers and financial advisors American International Group Breach (June ’06) American International Group Breach (June ’06) Personal information of approximately 970,000 potential customers breached Personal information of approximately 970,000 potential customers breached

14 12/23/2015Software Assist Corporation14 Consumer Rights Privacy Group Privacy Rights Clearinghouse Privacy Rights Clearinghouse Tracks all publicly announced data breaches (since February, 2005) Tracks all publicly announced data breaches (since February, 2005) http://www.privacyrights.org/ar/ChronDataBreaches.htm http://www.privacyrights.org/ar/ChronDataBreaches.htm http://www.privacyrights.org/ar/ChronDataBreaches.htm Shows data breaches of over 100 million people’s sensitive financial and health data Shows data breaches of over 100 million people’s sensitive financial and health data

15 12/23/2015Software Assist Corporation15 FTP Compliance Log FTP usage on all platforms Log FTP usage on all platforms Maintain accessible, historical FTP usage logs Maintain accessible, historical FTP usage logs Perform regular end-to-end audits of FTP usage Perform regular end-to-end audits of FTP usage Monitor transmission of sensitive data Monitor transmission of sensitive data Manage FTP by exception Manage FTP by exception Implement secured FTP Implement secured FTP Secured options on FTP server Secured options on FTP server Managed File Transfer solution Managed File Transfer solution Maintain controls to ensure accountability Maintain controls to ensure accountability Eliminate shared User IDs when possible Eliminate shared User IDs when possible Track changes to FTP environment Track changes to FTP environment FTP settings and options FTP settings and options Regular review of data accessible to FTP Regular review of data accessible to FTP

16 12/23/2015Software Assist Corporation16 Real-Time Monitoring & Automation Real-time collection of enterprise-wide FTP activity Real-time collection of enterprise-wide FTP activity Real-Time Monitor manages data collection process Real-Time Monitor manages data collection process Agents on distributed platforms Agents on distributed platforms Accumulate in SQL database History File Accumulate in SQL database History File Alerts Alerts Sensitive Data Sensitive Data Failed FTP Transactions Failed FTP Transactions User-Defined Alerts User-Defined Alerts Select by characteristics of FTP Transaction Select by characteristics of FTP Transaction Alerts via email Alerts via email Automation Automation Alerts and exceptions interface with automation efforts Alerts and exceptions interface with automation efforts

17 12/23/2015Software Assist Corporation17 FTP/WatchDog Schematic

18 FTP Analysis FTP Analysis 12/23/2015Software Assist Corporation18 Software Assist offers an analysis of FTP usage in your company Software Assist offers an analysis of FTP usage in your company Send one or more FTP logs to Software Assist Send one or more FTP logs to Software Assist Web-based comprehensive analysis of FTP server usage. Web-based comprehensive analysis of FTP server usage. Nominal cost is fully applicable to an FTP/WatchDog license Nominal cost is fully applicable to an FTP/WatchDog license Visit our web site for more information: Visit our web site for more information: www.softwareassist.net/webpages/FTPAnalysis.htm

19 12/23/2015Software Assist Corporation19 Why Others Have Chosen Our FTP Analysis Concerns over unsecured FTP transmission of sensitive data Concerns over unsecured FTP transmission of sensitive data Compliance rules dictated by HIPPA and SOX, make it mandatory to know exactly where FTP data is going to and coming from Compliance rules dictated by HIPPA and SOX, make it mandatory to know exactly where FTP data is going to and coming from Auditors are asking questions they can’t answer easily Auditors are asking questions they can’t answer easily Long-running FTP transmissions are impacting service levels Long-running FTP transmissions are impacting service levels Uneasy with how little information they have about FTP usage in their enterprise Uneasy with how little information they have about FTP usage in their enterprise Unexplained FTP bottlenecks are becoming a problem Unexplained FTP bottlenecks are becoming a problem Help desks are fielding more questions about FTPs and have trouble answering them Help desks are fielding more questions about FTPs and have trouble answering them

20 12/23/2015Software Assist Corporation20 Next Steps FTP Analysis FTP Analysis Find out if FTP is a problem Find out if FTP is a problem Evaluate Compliance Level Evaluate Compliance Level Web Presentation of Findings Web Presentation of Findings Product Trial Product Trial Automated installation Automated installation 1 hour installation and configuration time 1 hour installation and configuration time License License

Download ppt "12/23/2015Software Assist Corporation1 “Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
CFIT Presentation Presented By: Sumit Nijhawan

CFIT Presentation Presented By: Sumit Nijhawan
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Nastel AutoPilot M6™ for WebSphere MQ Guide MQ 25 janvier 2011 Nastel solutions ensure successful completion of over 1B transactions per day Scott Corrigan.

Nastel AutoPilot M6™ for WebSphere MQ Guide MQ 25 janvier 2011 Nastel solutions ensure successful completion of over 1B transactions per day Scott Corrigan.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Network security policy: best practices

Network security policy: best practices
Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.

Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.

Similar presentations

Ads by Google