12/25/21 12/25/21 Software Assist Software Assist Corporation Corporation 1 “Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just a protocol for internal and external file integration mechanism.” L. Frank Kenney Principal Analyst, Gartner Inc. Is your Is your FTP FTP environment environment exposing exposing sensitive sensitive data? data?
20
Embed
12/23/2015Software Assist Corporation1 “Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
“Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just a protocol for internal and external file
integration mechanism.”
L. Frank KenneyPrincipal Analyst, Gartner Inc.
Is yourIs yourFTP FTP
environment environment exposingexposing
sensitive data? sensitive data?
FTP/WatchDogFTP/WatchDog Real-time monitoring of FTP server activityReal-time monitoring of FTP server activity Monitors Open Systems FTP (Windows, UNIX, Linux, Monitors Open Systems FTP (Windows, UNIX, Linux,
etc.)etc.) Consolidates FTP activity on multiple FTP servers into a Consolidates FTP activity on multiple FTP servers into a
single viewsingle view Enables real-time escalation of exceptionsEnables real-time escalation of exceptions Extends automation efforts to include FTP usageExtends automation efforts to include FTP usage Facilitates comprehensive FTP usage auditing in Facilitates comprehensive FTP usage auditing in
secondsseconds Provides unparalled visibility into what data is moving Provides unparalled visibility into what data is moving
in and out of the organization through FTPin and out of the organization through FTP
FTP ExposureFTP Exposure Auditors are looking at FTPAuditors are looking at FTP
Exposes companies to data breachExposes companies to data breach Unsecured data transmissionUnsecured data transmission Transmission of sensitive data not monitoredTransmission of sensitive data not monitored Logging of FTP activity inconsistentLogging of FTP activity inconsistent FTP usage not regularly auditedFTP usage not regularly audited Shared User ID usageShared User ID usage Anonymous FTPAnonymous FTP Policies not enforced (no audit)Policies not enforced (no audit) Due diligenceDue diligence
Texas Woman’s University Texas Woman’s University The personal information of about 15,000 TWU The personal information of about 15,000 TWU
students was exposed to potential identity theft students was exposed to potential identity theft (names, addresses and SSNs) (names, addresses and SSNs)
IRS Tuition Statement data transmitted to an IRS Tuition Statement data transmitted to an outside vendor via a outside vendor via a non-securenon-secure connection. connection.
Wide news coverageWide news coverage TWU officials say there is no indication at this time TWU officials say there is no indication at this time
that this data has been accessed or used by that this data has been accessed or used by anyoneanyone
““The university recognizes the seriousness of this The university recognizes the seriousness of this exposure and the need to inform the affected exposure and the need to inform the affected students as quickly as possible”students as quickly as possible”
Brand Name ExposedBrand Name Exposed Acxiom hacked (Aug ‘03)Acxiom hacked (Aug ‘03)
Through one FTP server outside the Through one FTP server outside the firewallfirewall
Bank of America tapes lost (Feb ‘05)Bank of America tapes lost (Feb ‘05) Credit card records of 1.2 million federal Credit card records of 1.2 million federal
employees, including 60 U.S. senatorsemployees, including 60 U.S. senators ChoicePoint hacked (Feb ’05)ChoicePoint hacked (Feb ’05)
Thieves stole information on 145,000 Thieves stole information on 145,000 peoplepeople
DSW hacked (Mar ’05)DSW hacked (Mar ’05) Credit card data breached compromising Credit card data breached compromising
information on 1.4 million peopleinformation on 1.4 million people ABN Amro tapes lost (Dec ’05)ABN Amro tapes lost (Dec ’05)
With sensitive data on 2,000,000 With sensitive data on 2,000,000 customers (later found after the damage customers (later found after the damage was done)was done)
Marriott Timeshare tapes lost (Dec ’05)Marriott Timeshare tapes lost (Dec ’05) With credit card and SSN info on 206,000 With credit card and SSN info on 206,000
With SSN info on 226,000 customers and With SSN info on 226,000 customers and financial advisorsfinancial advisors
American International Group Breach (June ’06)American International Group Breach (June ’06) Personal information of approximately Personal information of approximately
Consumer Rights Privacy Consumer Rights Privacy GroupGroup
Privacy Rights ClearinghousePrivacy Rights Clearinghouse Tracks all publicly announced data breaches Tracks all publicly announced data breaches
(since February, 2005)(since February, 2005) http://www.privacyrights.org/ar/ChronDataBreaches.htmhttp://www.privacyrights.org/ar/ChronDataBreaches.htm Shows data breaches of over 100 million Shows data breaches of over 100 million
people’s sensitive financial and health datapeople’s sensitive financial and health data
usageusage Monitor transmission of sensitive dataMonitor transmission of sensitive data Manage FTP by exceptionManage FTP by exception
Implement secured FTPImplement secured FTP Secured options on FTP serverSecured options on FTP server Managed File Transfer solutionManaged File Transfer solution
Maintain controls to ensure accountabilityMaintain controls to ensure accountability Eliminate shared User IDs when possibleEliminate shared User IDs when possible Track changes to FTP environmentTrack changes to FTP environment
FTP settings and optionsFTP settings and options Regular review of data accessible to FTPRegular review of data accessible to FTP
Real-time collection of enterprise-wide FTP Real-time collection of enterprise-wide FTP activityactivity Real-Time Monitor manages data collection processReal-Time Monitor manages data collection process Agents on distributed platformsAgents on distributed platforms Accumulate in SQL database History FileAccumulate in SQL database History File
Software Assist offers an analysis of FTP usage in Software Assist offers an analysis of FTP usage in your companyyour company
Send one or more FTP logs to Software AssistSend one or more FTP logs to Software Assist Web-based comprehensive analysis of FTP server Web-based comprehensive analysis of FTP server
usage.usage. Nominal cost is fully applicable to an Nominal cost is fully applicable to an
FTP/WatchDog licenseFTP/WatchDog license Visit our web site for more information:Visit our web site for more information:
Why Others Have Chosen Our FTP Why Others Have Chosen Our FTP AnalysisAnalysis
Concerns over unsecured FTP transmission of sensitive dataConcerns over unsecured FTP transmission of sensitive data Compliance rules dictated by HIPPA and SOX, make it mandatory Compliance rules dictated by HIPPA and SOX, make it mandatory
to know exactly where FTP data is going to and coming fromto know exactly where FTP data is going to and coming from Auditors are asking questions they can’t answer easilyAuditors are asking questions they can’t answer easily Long-running FTP transmissions are impacting service levelsLong-running FTP transmissions are impacting service levels Uneasy with how little information they have about FTP usage in Uneasy with how little information they have about FTP usage in
their enterprisetheir enterprise Unexplained FTP bottlenecks are becoming a problemUnexplained FTP bottlenecks are becoming a problem Help desks are fielding more questions about FTPs and have Help desks are fielding more questions about FTPs and have
Find out if FTP is a problemFind out if FTP is a problem Evaluate Compliance LevelEvaluate Compliance Level Web Presentation of FindingsWeb Presentation of Findings
Product TrialProduct Trial Automated installationAutomated installation 1 hour installation and configuration time1 hour installation and configuration time