Much media attention is given to hackers and professional intruders, leading corporations to focus on perimeter security to keep outside intruders at bay. Unfortunately that diverts attention away from securing the vital components of a corporate network behind the firewall.
One third of all attacks are performed from inside the corporate network by malicious employees and contractors. Therefore corporations need to consider a second layer of defence – protection against threats from inside the corporate network as well as outside intruders that have penetrated the firewall. Reliable protection can only be achieved by securing each system – especially servers holding sensitive data – as if there were no firewall at all.
One of the most overlooked avenues for data breaches is FTP (File Transfer Protocol). How-to-guides for hacking FTP are widely available, so FTP attacks have become the method of choice for amateur and professional hackers as well as disgruntled, greedy or misguided employees and entities of foreign governments.
Despite its flaws, corporations use FTP due to the fact that FTP is available (and typically free) on every platform. FTP is used for server to server file transfer in the data centre, as information sharing tool in end user departments and, most importantly, FTP is the most common B2B data exchange protocol, used for transferring files to and from vendors, customers and business partners around the globe. Due to its origins in the academic world, FTP requires third party management tools to provide the security, controls and management capabilities required in a corporate environment handling sensitive or confidential data.
Here are some of the solutions we have in our portfolio to ensure responsible FTP usage to large and medium-sized enterprises. These products help customers worldwide become more secure, more compliant and more efficient:
FTP Auditing Solutions
FTP Armor protects your servers from FTP attacks. FTP Armor protects, detects, combats and actively blocks server attacks, in real time, while alerting IT staff of the attack taking place.
FTP/Auditor scans your corporate network and identifies every server that has FTP active. FTP/Auditor can be set up to run scans at regular intervals and email the results to IT.
FTP/Guardian enables a company to control exactly who can access z/OS FTP, from where and what they are authorized do with it, by writing SAF security rules (RACF, Top Secret or ACF2).
FTP/Sentry provides the tools to monitor and audit FTP activity, alerting IT of certain data movements and providing accurate and comprehensive information instantly for breach investigations.