image

File Trans­fer Audit­ing, Alert­ing and Automation

Many cor­po­ra­tions would not even notice a breach because they do not have the tools or the processes to detect a breach. In addi­tion, even if they should become aware of a breach they would not be able to reli­ably deter­mine exactly what infor­ma­tion had been accessed.

Sen­try Ana­lyt­ics™ mon­i­tors FTP activ­ity across the enter­prise and records the activ­ity in a secure location.

It can tell you who accessed what infor­ma­tion when and from where — all at the click of a mouse.

IT staff gains vis­i­bil­ity to FTP activ­ity enterprise-​wide and are able to mon­i­tor sys­tem health as well as iden­tify excep­tions immediately.

Sen­try Ana­lyt­ics™ pro­vides the con­trols to mon­i­tor and audit FTP activ­ity as well as detect and inves­ti­gate sus­pi­cious activ­ity. Sen­try Ana­lyt­ics™ ensures Audits and Breach inves­ti­ga­tions can be per­formed instantly and are accu­rate, com­pre­hen­sive, timely and cost effective.

The expo­sure to breaches is mag­ni­fied expo­nen­tially when sen­si­tive files remain exposed on servers longer than they need to. As users often for­get to delete their files, many breaches hap­pen long after a file was uploaded. Most enter­prises lack the FTP automa­tion capa­bil­i­ties to man­age file retention.

Sen­try Ana­lyt­ics™ helps reduce expo­sure and pre­vent data breaches by pro­vid­ing an automa­tion frame­work capa­ble of detect­ing uploads of sen­si­tive files and remov­ing files auto­mat­i­cally after suc­cess­ful transfer.

Next Steps



Sen­try Analytics™ Datasheet

Sen­try Analytics™ Tech­Pa­per

Con­tact us for more infor­ma­tion

More Infor­ma­tion on Sen­try Analytics™

  • How Sen­try Ana­lyt­ics™ works
  • Audit and Breach Inves­ti­ga­tion capa­bil­i­ties
  • Alerts
  • Ben­e­fits

How Sen­try Ana­lyt­ics™ works

Remote Mon­i­tor­ing Agents are deployed on dis­trib­uted plat­forms (Linux, Unix, Win­dows etc.) as well as IBM z/​OS Main­frames and pro­vide real-​time FTP usage data to the Real-​Time Mon­i­tor.
Sen­try Analytics™’s Real-​Time Mon­i­tor inter­faces with Remote Mon­i­tor­ing Agents to mon­i­tor FTP activ­ity across the enter­prise and records the activ­ity in a secure loca­tion for audit pur­poses. It also mon­i­tors the health of the Remote Mon­i­tor­ing Agents and can gen­er­ate an alert when an agent becomes unre­spon­sive.
Sen­try Ana­lyt­ics™ Desk­top, a Win­dows appli­ca­tion, can tell you who accessed what infor­ma­tion when and from where.
The Alert Cen­ter allows you to define alerts for a vari­ety of user-​defined events includ­ing uploads of sen­si­tive data, trans­fers to des­ti­na­tions out­side the cor­po­rate net­work, failed trans­fers etc.
The Automa­tion Frame­work enables you to ini­ti­ate actions based upon events that have been detected, such as delet­ing files after suc­cess­ful down­load, noti­fy­ing busi­ness part­ners of failed or inter­rupted file trans­fers etc.

Audit and Breach Inves­ti­ga­tion capabilities

Breach inves­ti­ga­tions can be dif­fi­cult, as often very lit­tle infor­ma­tion is avail­able. Sen­try Ana­lyt­ics™ allows you to inves­ti­gate a breach in sev­eral pos­si­ble ways:
  • By File­name: If you know that a given file has been accessed, Sen­try Ana­lyt­ics™ will show you which ID accessed it when and from which IP address.
  • By IP address: If you know an attack orig­i­nated from a given IP address, Sen­try Ana­lyt­ics™ will show you what files on which servers were accessed and when they were accessed.
  • By FTP Server: If you know a given FTP server was breached, Sen­try Ana­lyt­ics™ will show what files were accessed when, under which ID and from which IP address.
  • By Time Period: If you know when an attack hap­pened, Sen­try Ana­lyt­ics™ will show you what files on which servers were accessed as well as which IDs were used and from which IP addresses they were accessed.

Alerts

The Real-​Time Mon­i­tor can gen­er­ate alerts for any cir­cum­stance. For example:
  • Alerts can be gen­er­ated for uploads of sen­si­tive data (iden­ti­fied by file name using pat­tern matching).
  • Alerts can be gen­er­ated for trans­mis­sions of sen­si­tive data.
  • Alerts can be gen­er­ated for failed FTP trans­ac­tions (failed file trans­fers, logon fail­ures, etc.).
  • Alerts can be gen­er­ated for spe­cific FTP trans­ac­tions, based on selec­tion cri­te­ria you provide.
Alert emails con­tain crit­i­cal infor­ma­tion about the FTP trans­ac­tion, thereby enabling the email recip­i­ent to deter­mine whether fur­ther action is required. The alert for sen­si­tive data trans­mis­sions con­tains the date and time the trans­ac­tion started, the FTP action (upload, down­load, etc.), the User ID used to ini­ti­ate the trans­ac­tion, the file name of the file involved in the trans­ac­tion, the local and remote IP addresses and an indi­ca­tion whether a secured con­nec­tion was used for the transaction.

Ben­e­fits

Sen­try Ana­lyt­ics™ ensures Audits and Breach inves­ti­ga­tions are:
  • Accu­rate: Per­formed using data stored in a secure loca­tion, so intrud­ers can­not manip­u­late log files.
  • Com­pre­hen­sive: They encom­pass all FTP Servers in the enter­prise — includ­ing those which oth­er­wise might not be included.
  • Per­formed Instantly: Audits and Breach inves­ti­ga­tions are eas­ily per­formed with­out advance plan­ning or notice to col­lect data and can there­fore be per­formed instantly when sus­pi­cion of abuse arises.
  • Timely: In an Active Attack Sce­nario, sec­onds count. Sen­try Ana­lyt­ics™ pro­vides all infor­ma­tion instantly.
  • Cost effec­tive: Ensures Audi­tors and Breach Inves­ti­ga­tors do not waste costly time gath­er­ing data and sift­ing through end­less log files.
In addi­tion, Sen­try Ana­lyt­ics™ pre­vents breaches by detect­ing sen­si­tive files not belong­ing on exposed servers and min­i­miz­ing the time frame legit­i­mate files reside on a server by remov­ing them after a suc­cess­ful transfer.

Want to know more?