Is your FTP environment exposing sensitive data Most

Is your FTP environment exposing sensitive data? “Most companies have little idea how pervasive FTP activity is in their organizations because FTP is no longer just a protocol for internal and external file integration mechanism. ” L. Frank Kenney Principal Analyst, Gartner Inc. 3/17/2018 Software Assist Corporation 1

FTP/Watch. Dog n n n n Real-time monitoring of FTP server activity Monitors Open Systems FTP (Windows, UNIX, Linux, etc. ) Consolidates FTP activity on multiple FTP servers into a single view Enables real-time escalation of exceptions Extends automation efforts to include FTP usage Facilitates comprehensive FTP usage auditing in seconds Provides unparalled visibility into what data is moving in and out of the organization through FTP 3/17/2018 Software Assist Corporation 2

Why Monitor Real-Time? n Address the entire FTP exposure n Escalate FTP delivery problems n Enhance security n Improve process automation n Centralize monitoring and analysis n Protect sensitive data n Manage by exception n Boost operational excellence n Save Money 3/17/2018 Software Assist Corporation 3

Visibility into Sensitive Data Transmissions n What sensitive data is being transmitted? n Where is it coming from and where is it going? n Is it properly secured during transmission? 3/17/2018 Software Assist Corporation 4

Visibility into Sensitive Data Transmissions n Who is transmitting sensitive data? n Are they using secured connections? 3/17/2018 Software Assist Corporation 5

Visibility into Sensitive Data Transmissions n Where is sensitive data going and coming from? n Are public transmissions properly secured? † † Requires z/OS 1. 5 and up with SMF 119 records 3/17/2018 Software Assist Corporation 6

Visibility into FTP Server Accessibility n Where is data coming from and where is it going? n Are all transmissions over the Internet properly secured? † † Requires z/OS 1. 5 and up with SMF 119 records 3/17/2018 Software Assist Corporation 7

Visibility into User Access to FTP n Who are our largest FTP users? n Are they using secured connections? † † Requires z/OS 1. 5 and up with SMF 119 records 3/17/2018 Software Assist Corporation 8

Manage FTP Usage by Exception n What exceptional FTP transactions occurred? n Who is initiating these transactions? 3/17/2018 Software Assist Corporation 9

Visibility into Failed FTP Activity n What transmissions failed? n Was production processing impacted? n Are hackers attempting to break into our FTP servers? 3/17/2018 Software Assist Corporation 10

FTP Exposure n Auditors are looking at FTP n n n n n 3/17/2018 Exposes companies to data breach Unsecured data transmission Transmission of sensitive data not monitored Logging of FTP activity inconsistent FTP usage not regularly audited Shared User ID usage Anonymous FTP Policies not enforced (no audit) Due diligence Software Assist Corporation 11

Texas Woman’s University n n n The personal information of about 15, 000 TWU students was exposed to potential identity theft (names, addresses and SSNs) IRS Tuition Statement data transmitted to an outside vendor via a non-secure connection. Wide news coverage TWU officials say there is no indication at this time that this data has been accessed or used by anyone “The university recognizes the seriousness of this exposure and the need to inform the affected students as quickly as possible” 3/17/2018 Software Assist Corporation 12

Brand Name Exposed n n n n Acxiom hacked (Aug ‘ 03) n Through one FTP server outside the firewall Bank of America tapes lost (Feb ‘ 05) n Credit card records of 1. 2 million federal employees, including 60 U. S. senators Choice. Point hacked (Feb ’ 05) n Thieves stole information on 145, 000 people DSW hacked (Mar ’ 05) n Credit card data breached compromising information on 1. 4 million people ABN Amro tapes lost (Dec ’ 05) n With sensitive data on 2, 000 customers (later found after the damage was done) Marriott Timeshare tapes lost (Dec ’ 05) n With credit card and SSN info on 206, 000 clients Ameriprise Laptop Stolen (Jan 2006) n With SSN info on 226, 000 customers and financial advisors American International Group Breach (June ’ 06) n Personal information of approximately 970, 000 potential customers breached 3/17/2018 Software Assist Corporation 13

Consumer Rights Privacy Group n Privacy n n n Rights Clearinghouse Tracks all publicly announced data breaches (since February, 2005) http: //www. privacyrights. org/ar/Chron. Data. Breaches. htm Shows data breaches of over 100 million people’s sensitive financial and health data 3/17/2018 Software Assist Corporation 14

FTP Compliance n Log FTP usage on all platforms n n Perform regular end-to-end audits of FTP usage n n n Monitor transmission of sensitive data Manage FTP by exception Implement secured FTP n n n Maintain accessible, historical FTP usage logs Secured options on FTP server Managed File Transfer solution Maintain controls to ensure accountability n n Eliminate shared User IDs when possible Track changes to FTP environment n n 3/17/2018 FTP settings and options Regular review of data accessible to FTP Software Assist Corporation 15

Real-Time Monitoring & Automation n Real-time collection of enterprise-wide FTP activity n n Real-Time Monitor manages data collection process Agents on distributed platforms Accumulate in SQL database History File Alerts n n n Sensitive Data Failed FTP Transactions User-Defined Alerts n n n Automation n 3/17/2018 Select by characteristics of FTP Transaction Alerts via email Alerts and exceptions interface with automation efforts Software Assist Corporation 16

FTP/Watch. Dog Schematic 3/17/2018 Software Assist Corporation 17

n n n 3/17/2018 FTP Analysis Software Assist offers an analysis of FTP usage in your company Send one or more FTP logs to Software Assist Web-based comprehensive analysis of FTP server usage. Nominal cost is fully applicable to an FTP/Watch. Dog license Visit our web site for more information: www. softwareassist. net/webpages/FTPAnalysis. htm Software Assist Corporation 18

Why Others Have Chosen Our FTP Analysis n n Concerns over unsecured FTP transmission of sensitive data Compliance rules dictated by HIPPA and SOX, make it mandatory to know exactly where FTP data is going to and coming from n Auditors are asking questions they can’t answer easily n Long-running FTP transmissions are impacting service levels n n n Uneasy with how little information they have about FTP usage in their enterprise Unexplained FTP bottlenecks are becoming a problem Help desks are fielding more questions about FTPs and have trouble answering them 3/17/2018 Software Assist Corporation 19

Next Steps n FTP Analysis n n Product Trial n n n 3/17/2018 Find out if FTP is a problem Evaluate Compliance Level Web Presentation of Findings Automated installation 1 hour installation and configuration time License Software Assist Corporation 20