Date post: | 18-Jan-2016 |
Category: |
Documents |
Upload: | arlene-gordon |
View: | 220 times |
Download: | 0 times |
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 11
“Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just a protocol for internal and external file
integration mechanism.”
L. Frank KenneyPrincipal Analyst, Gartner Inc.
Is yourIs yourFTP FTP
environment environment exposingexposing
sensitive data? sensitive data?
FTP/WatchDogFTP/WatchDog Real-time monitoring of FTP server activityReal-time monitoring of FTP server activity Monitors Open Systems FTP (Windows, UNIX, Linux, Monitors Open Systems FTP (Windows, UNIX, Linux,
etc.)etc.) Consolidates FTP activity on multiple FTP servers into a Consolidates FTP activity on multiple FTP servers into a
single viewsingle view Enables real-time escalation of exceptionsEnables real-time escalation of exceptions Extends automation efforts to include FTP usageExtends automation efforts to include FTP usage Facilitates comprehensive FTP usage auditing in Facilitates comprehensive FTP usage auditing in
secondsseconds Provides unparalled visibility into what data is moving Provides unparalled visibility into what data is moving
in and out of the organization through FTPin and out of the organization through FTP
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 22
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 33
Why Monitor Real-Time?Why Monitor Real-Time? Address the entire FTP exposureAddress the entire FTP exposure Escalate FTP delivery problemsEscalate FTP delivery problems Enhance securityEnhance security Improve process automationImprove process automation Centralize monitoring and analysisCentralize monitoring and analysis Protect sensitive dataProtect sensitive data Manage by exceptionManage by exception Boost operational excellenceBoost operational excellence Save MoneySave Money
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 44
Visibility into Sensitive Data Visibility into Sensitive Data TransmissionsTransmissions
What sensitive data is being transmitted?What sensitive data is being transmitted?
Where is it coming from and where is it going?Where is it coming from and where is it going?
Is it properly secured during transmission?Is it properly secured during transmission?
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 55
Visibility into Sensitive Data Visibility into Sensitive Data TransmissionsTransmissions
Who is transmitting sensitive data?Who is transmitting sensitive data?
Are they using secured connections?Are they using secured connections?
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 66
Visibility into Sensitive Data Visibility into Sensitive Data TransmissionsTransmissions
Where is sensitive data going and coming from?Where is sensitive data going and coming from?
Are public transmissions properly secured?Are public transmissions properly secured?††
† † Requires z/OS 1.5 and up with SMF 119 recordsRequires z/OS 1.5 and up with SMF 119 records
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 77
Visibility into FTP Server AccessibilityVisibility into FTP Server Accessibility
Where is data coming from and where is it going?Where is data coming from and where is it going?
Are all transmissions over the Internet properly Are all transmissions over the Internet properly secured?secured?††
† † Requires z/OS 1.5 and up with SMF 119 recordsRequires z/OS 1.5 and up with SMF 119 records
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 88
Visibility into User Access to FTPVisibility into User Access to FTP Who are our largest FTP users?Who are our largest FTP users?
Are they using secured connections?Are they using secured connections?††
† † Requires z/OS 1.5 and up with SMF 119 recordsRequires z/OS 1.5 and up with SMF 119 records
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 99
Manage FTP Usage by ExceptionManage FTP Usage by Exception What exceptional FTP transactions occurred?What exceptional FTP transactions occurred?
Who is initiating these transactions?Who is initiating these transactions?
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1010
Visibility into Failed FTP ActivityVisibility into Failed FTP Activity What transmissions failed?What transmissions failed?
Was production processing impacted?Was production processing impacted?
Are hackers attempting to break into our FTP Are hackers attempting to break into our FTP servers?servers?
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1111
FTP ExposureFTP Exposure Auditors are looking at FTPAuditors are looking at FTP
Exposes companies to data breachExposes companies to data breach Unsecured data transmissionUnsecured data transmission Transmission of sensitive data not monitoredTransmission of sensitive data not monitored Logging of FTP activity inconsistentLogging of FTP activity inconsistent FTP usage not regularly auditedFTP usage not regularly audited Shared User ID usageShared User ID usage Anonymous FTPAnonymous FTP Policies not enforced (no audit)Policies not enforced (no audit) Due diligenceDue diligence
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1212
Texas Woman’s University Texas Woman’s University The personal information of about 15,000 TWU The personal information of about 15,000 TWU
students was exposed to potential identity theft students was exposed to potential identity theft (names, addresses and SSNs) (names, addresses and SSNs)
IRS Tuition Statement data transmitted to an IRS Tuition Statement data transmitted to an outside vendor via a outside vendor via a non-securenon-secure connection. connection.
Wide news coverageWide news coverage TWU officials say there is no indication at this time TWU officials say there is no indication at this time
that this data has been accessed or used by that this data has been accessed or used by anyoneanyone
““The university recognizes the seriousness of this The university recognizes the seriousness of this exposure and the need to inform the affected exposure and the need to inform the affected students as quickly as possible”students as quickly as possible”
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1313
Brand Name ExposedBrand Name Exposed Acxiom hacked (Aug ‘03)Acxiom hacked (Aug ‘03)
Through one FTP server outside the Through one FTP server outside the firewallfirewall
Bank of America tapes lost (Feb ‘05)Bank of America tapes lost (Feb ‘05) Credit card records of 1.2 million federal Credit card records of 1.2 million federal
employees, including 60 U.S. senatorsemployees, including 60 U.S. senators ChoicePoint hacked (Feb ’05)ChoicePoint hacked (Feb ’05)
Thieves stole information on 145,000 Thieves stole information on 145,000 peoplepeople
DSW hacked (Mar ’05)DSW hacked (Mar ’05) Credit card data breached compromising Credit card data breached compromising
information on 1.4 million peopleinformation on 1.4 million people ABN Amro tapes lost (Dec ’05)ABN Amro tapes lost (Dec ’05)
With sensitive data on 2,000,000 With sensitive data on 2,000,000 customers (later found after the damage customers (later found after the damage was done)was done)
Marriott Timeshare tapes lost (Dec ’05)Marriott Timeshare tapes lost (Dec ’05) With credit card and SSN info on 206,000 With credit card and SSN info on 206,000
clientsclients Ameriprise Laptop Stolen (Jan 2006)Ameriprise Laptop Stolen (Jan 2006)
With SSN info on 226,000 customers and With SSN info on 226,000 customers and financial advisorsfinancial advisors
American International Group Breach (June ’06)American International Group Breach (June ’06) Personal information of approximately Personal information of approximately
970,000 potential customers breached 970,000 potential customers breached
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1414
Consumer Rights Privacy Consumer Rights Privacy GroupGroup
Privacy Rights ClearinghousePrivacy Rights Clearinghouse Tracks all publicly announced data breaches Tracks all publicly announced data breaches
(since February, 2005)(since February, 2005) http://www.privacyrights.org/ar/ChronDataBreaches.htmhttp://www.privacyrights.org/ar/ChronDataBreaches.htm Shows data breaches of over 100 million Shows data breaches of over 100 million
people’s sensitive financial and health datapeople’s sensitive financial and health data
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1515
FTP ComplianceFTP Compliance Log FTP usage on all platformsLog FTP usage on all platforms
Maintain accessible, historical FTP usage logsMaintain accessible, historical FTP usage logs Perform regular end-to-end audits of FTP Perform regular end-to-end audits of FTP
usageusage Monitor transmission of sensitive dataMonitor transmission of sensitive data Manage FTP by exceptionManage FTP by exception
Implement secured FTPImplement secured FTP Secured options on FTP serverSecured options on FTP server Managed File Transfer solutionManaged File Transfer solution
Maintain controls to ensure accountabilityMaintain controls to ensure accountability Eliminate shared User IDs when possibleEliminate shared User IDs when possible Track changes to FTP environmentTrack changes to FTP environment
FTP settings and optionsFTP settings and options Regular review of data accessible to FTPRegular review of data accessible to FTP
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1616
Real-Time Monitoring & Real-Time Monitoring & AutomationAutomation
Real-time collection of enterprise-wide FTP Real-time collection of enterprise-wide FTP activityactivity Real-Time Monitor manages data collection processReal-Time Monitor manages data collection process Agents on distributed platformsAgents on distributed platforms Accumulate in SQL database History FileAccumulate in SQL database History File
AlertsAlerts Sensitive DataSensitive Data Failed FTP TransactionsFailed FTP Transactions User-Defined AlertsUser-Defined Alerts
Select by characteristics of FTP TransactionSelect by characteristics of FTP Transaction Alerts via emailAlerts via email
AutomationAutomation Alerts and exceptions interface with automation effortsAlerts and exceptions interface with automation efforts
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1717
FTP/WatchDog SchematicFTP/WatchDog Schematic
FTP AnalysisFTP Analysis
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1818
Software Assist offers an analysis of FTP usage in Software Assist offers an analysis of FTP usage in your companyyour company
Send one or more FTP logs to Software AssistSend one or more FTP logs to Software Assist Web-based comprehensive analysis of FTP server Web-based comprehensive analysis of FTP server
usage.usage. Nominal cost is fully applicable to an Nominal cost is fully applicable to an
FTP/WatchDog licenseFTP/WatchDog license Visit our web site for more information:Visit our web site for more information:
www.softwareassist.net/webpages/FTPAnalysis.htmwww.softwareassist.net/webpages/FTPAnalysis.htm
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 1919
Why Others Have Chosen Our FTP Why Others Have Chosen Our FTP AnalysisAnalysis
Concerns over unsecured FTP transmission of sensitive dataConcerns over unsecured FTP transmission of sensitive data Compliance rules dictated by HIPPA and SOX, make it mandatory Compliance rules dictated by HIPPA and SOX, make it mandatory
to know exactly where FTP data is going to and coming fromto know exactly where FTP data is going to and coming from Auditors are asking questions they can’t answer easilyAuditors are asking questions they can’t answer easily Long-running FTP transmissions are impacting service levelsLong-running FTP transmissions are impacting service levels Uneasy with how little information they have about FTP usage in Uneasy with how little information they have about FTP usage in
their enterprisetheir enterprise Unexplained FTP bottlenecks are becoming a problemUnexplained FTP bottlenecks are becoming a problem Help desks are fielding more questions about FTPs and have Help desks are fielding more questions about FTPs and have
trouble answering themtrouble answering them
04/21/2304/21/23 Software Assist CorporationSoftware Assist Corporation 2020
Next Steps Next Steps FTP AnalysisFTP Analysis
Find out if FTP is a problemFind out if FTP is a problem Evaluate Compliance LevelEvaluate Compliance Level Web Presentation of FindingsWeb Presentation of Findings
Product TrialProduct Trial Automated installationAutomated installation 1 hour installation and configuration time1 hour installation and configuration time
LicenseLicense