Prod­ucts Overview

We spe­cial­ize in pro­vid­ing Ana­lyt­ics, Secu­rity and Con­trols for respon­si­ble file trans­fer usage to large and medium-​sized enter­prises. Our prod­ucts help cus­tomers world­wide become more secure, more com­pli­ant and more effi­cient.

Despite its flaws, cor­po­ra­tions use FTP due to the fact that FTP is avail­able (and typ­i­cally free) on every plat­form. FTP is used for server to server file trans­fer in the data cen­ter, as an infor­ma­tion shar­ing tool in end user depart­ments and, most impor­tantly, FTP is the most com­mon B2B data exchange pro­to­col, used for trans­fer­ring files to and from ven­dors, cus­tomers and busi­ness part­ners around the globe.

Due to its ori­gins in the aca­d­e­mic world, FTP requires third party man­age­ment tools to pro­vide the secu­rity, con­trols and man­age­ment capa­bil­i­ties required in a cor­po­rate envi­ron­ment han­dling sen­si­tive or con­fi­den­tial data.

The wide­spread use of FTP and its inher­ent pur­pose — to serve data across the net­work — make it a prime tar­get for attacks. Tools and tech­niques used to gain access to FTP servers are widely shared even amongst ama­teur hack­ers. In addi­tion, cor­po­ra­tions of any kind are a con­stant vic­tim of attacks from pro­fes­sional intrud­ers.
Unfor­tu­nately, most enter­prises lack the tools to pre­vent attacks or even detect they are being attacked.

FTP/​Armor detects attacks AND actively blocks the attacks in real-​time while alert­ing IT staff of the attack tak­ing place.

What are FTP Attacks?

Most peo­ple expect their account to be locked after enter­ing a num­ber of invalid pass­words in a row — whether it is when they log on to a com­puter or when they insert their debit card into an ATM. Not so with FTP. A num­ber of prod­ucts to aid in auto­mated FTP pass­word hack­ing make use of the fact that FTP will allow users to enter invalid pass­words lit­er­ally for days with­out lock­ing the account or alert­ing any­one. These tools are widely avail­able on the inter­net, and the instruc­tions on how to use them are even posted on YouTube and other video shar­ing sites.

FTP hack­ing tools typ­i­cally offer two meth­ods of attacks:

Dictionary-​based Attacks

While Brute Force Attacks are guar­an­teed to even­tu­ally dis­cover the cor­rect pass­word, the down­side is that the may run for a very long time. Attack­ers there­fore often try another, far quicker method first: The Dictionary-​based Attack. With that approach, the attacker sup­plies the tool with a dic­tio­nary — a list of words to try as pass­words in var­i­ous com­bi­na­tions. These lists usu­ally con­sist of human names, pet names, places, TV shows, etc. A sam­ple list might be: ‘adam, Adam, apple, Apple, bar­bara, Bar­bara, chicago, Chicago, fido, Fido, house, House,’ etc. Should the Dictionary-​based attack fail to find the cor­rect pass­word, then the intruder would resort to the Brute Force Attack instead:

Brute Force Attacks

Brute force attacks let the attacker set a min­i­mum and max­i­mum pass­word length, and the tool will con­nect to the FTP server and try all pos­si­ble pass­word com­bi­na­tions match­ing those cri­te­ria in a ser­ial man­ner, e.g. from aaa to ZZZZZZZZ until it finds the cor­rect pass­word. Some FTP Servers (e.g. on z/​OS) do not sup­port case-​sensitive pass­words, which sig­nif­i­cantly increases the vul­ner­a­bil­ity to brute force attacks due to the reduced num­ber of poten­tial pass­word combinations.

Can a Fire­wall pro­tect against FTP Attacks?

One of the most com­mon mis­takes made is to assume that only Internet-​facing FTP Servers need to be pro­tected. The oppo­site is true. While a fire­wall is very help­ful in keep­ing the vast major­ity of ama­teur hack­ers, col­lege kids etc. out, fire­walls have the fol­low­ing shortfalls:

  • Fire­walls are no match for pro­fes­sional intrud­ers. Email-​based phish­ing scams and other tech­niques enable pro­fes­sional intrud­ers to take con­trol of com­put­ers on the cor­po­rate net­work despite fire­walls being in place.
  • The advent of telecom­mut­ing and work-​from-​home days makes cor­po­rate devices eas­ier to pen­e­trate, espe­cially when these devices are used by the fam­ily mem­bers of employees.
  • The ris­ing prac­tice of BYOD (Bring Your Own Device) — allow­ing employ­ees to use per­sonal devices for work pur­poses — reduces a corporation’s abil­ity to install appro­pri­ate safe­guards on devices attached to the cor­po­rate network.
  • Fire­walls can­not pro­tect against actions by mali­cious, dis­grun­tled or mis­guided employ­ees and con­trac­tors hav­ing legit­i­mate access to the cor­po­rate net­work. In the recently released report ” Under­stand The State Of Data Secu­rity And Pri­vacy: 2012 To 2013, Indus­try Ana­lyst For­rester Group esti­mates that about 33% of all cases of mali­cious data thefts are per­formed by insid­ers with legit­i­mate access to the network.

Cor­po­ra­tions there­fore need a sec­ond layer of defense – pro­tec­tion against threats from inside the cor­po­rate net­work as well as out­side intrud­ers that have pen­e­trated the fire­wall. Reli­able pro­tec­tion can only be achieved by secur­ing each sys­tem – espe­cially servers hold­ing sen­si­tive data – as if there were no fire­wall at all.

FTP/​Armor pre­vents FTP Attacks

FTP/​Armor pro­tects your servers from both Dictionary-​based and Brute Force FTP Attacks. FTP/​Armor mon­i­tors your servers and detects when an attack is tak­ing place. A thresh­old can be set to iden­tify too many logon fail­ures com­ing from a sin­gle IP address. When this thresh­old is reached, FTP/​Armor will auto­mat­i­cally kill the attacker’s active ses­sion and pre­vent the attacker’s IP address from get­ting any fur­ther con­nec­tions with the server. The attack is detected and stopped before prob­lems arise and the attacker is pre­vented from mount­ing another attack from the same place.

Next Steps

White Paper:
Intro­duc­ing File Trans­fer Analytics™

Sen­try Analytics™ Prod­uct Page

Sen­try Armor™ Prod­uct Page

Sen­try Discovery™ Prod­uct Page

Sen­try Guardian™ Prod­uct Page

Con­tact us for more infor­ma­tion

More about the Sen­try Ana­lyt­ics™ Prod­uct Family

  • Sen­try Ana­lyt­ics™
  • Sen­try Armor™
  • Sen­try Dis­cov­ery™
  • Sen­try Guardian™

Sen­try Ana­lyt­ics™: File Trans­fer Audit­ing, Alert­ing and Automation

Many cor­po­ra­tions would not even notice a breach because they do not have the tools or the processes to detect a breach. In addi­tion, even if they should become aware of a breach they would not be able to reli­ably deter­mine exactly what infor­ma­tion had been accessed.

Sen­try Ana­lyt­ics™ pro­vides the con­trols to mon­i­tor and audit FTP activ­ity as well as detect and inves­ti­gate sus­pi­cious activ­ity. Sen­try Ana­lyt­ics™ ensures Audits and Breach inves­ti­ga­tions can be per­formed instantly and are accu­rate, com­pre­hen­sive, timely and cost effective.

Sen­try Ana­lyt­ics™ mon­i­tors FTP activ­ity across the enter­prise and records the activ­ity in a secure loca­tion for audit pur­poses. It can tell you who accessed what infor­ma­tion when and from where — all at the click of a mouse.

Sen­try Ana­lyt­ics™ also helps reduce expo­sure and pre­vent data breaches by pro­vid­ing an automa­tion frame­work capa­ble of detect­ing uploads of sen­si­tive files and remov­ing files auto­mat­i­cally after suc­cess­ful transfer.

Sen­try Armor™: Pro­tect your servers from FTP Attacks

Sen­try Armor™ pro­tects your servers effec­tively against both Dictionary-​based and Brute Force FTP Attacks in a man­ner that is cost-​effective, easy to imple­ment and requires no effort to oper­ate and maintain.

Sen­try Armor™ mon­i­tors your servers in real time and detects when an FTP attack is tak­ing place. It will not only alert you but also stop the attack and pre­vent future attacks by killing the con­nec­tion and block­ing the attacker from access­ing the server again.

Sen­try Dis­cov­ery™: File Trans­fer Server Discovery

Sen­try Dis­cov­ery™ detects secu­rity risks caused by servers you didn’t know were run­ning file trans­fer soft­ware by scan­ning your cor­po­rate net­work and iden­ti­fy­ing every server that is run­ning file trans­fer software.

As this is a recur­ring prob­lem, Sen­try Dis­cov­ery™ can be set up to run at reg­u­lar inter­vals and email the scan results to you. New servers run­ning file trans­fer soft­ware will be brought to your atten­tion with no effort on your part. This allows you to eval­u­ate them in sec­onds and decide whether to dis­able them or secure them appro­pri­ately, depend­ing upon the needs of the business.

Sen­try Guardian™: Secure z/​OS FTP with RACF

z/​OS FTP pro­vides access to all files, datasets and batch out­put res­i­dent on a z/​OS sys­tem. How­ever, it runs with a very sim­plis­tic secu­rity model that is not ade­quate for pro­tect­ing remote access to crit­i­cal cor­po­rate data. Sen­try Guardian™ enables a com­pany to con­trol exactly who can access z/​OS FTP, from where and what they are autho­rized do with it, by writ­ing SAF secu­rity rules (RACF, Top Secret or ACF2). These rules can block unwanted FTP activ­ity (e.g. the trans­mis­sion of sen­si­tive data across the fire­wall). They can also block access to the FTP server from unau­tho­rized loca­tions, thereby defeat­ing hack­ers using bots attempt­ing to gain access.

Want to know more?