SFTP or Secure File Transfer Protocol has long been a de facto standard for secure file transfer.  Originally designed by the Internet Engineering Task Force (IETF), this extension of the Secure Shell protocol (SSH) 2.0 provides secure file transfer capabilities over the SSH network protocol.

In a nutshell, SFTP encrypOwn Worst Enemyts your data and moves it through an impenetrable encrypted tunnel that makes interception and decoding virtually impossible. While incredibly useful for business-to-business data sharing, SFTP poses a problem in our security-conscious world. Oddly enough, the problem is that SFTP works too well.

Let me explain. SFTP works so well that no one can see what’s being transferred—not even the people who need to see it for security reasons. Case in point: Edward Snowden. No matter what your thoughts on the subject, the fact is that Snowden used his privileged user status to transfer and steal sensitive files. Why was he able to do this? Because no one could see what he was doing. As a “privileged user” on the network, he had extensive access to sensitive files—files that he was able to transfer about, as he desired, without detection.

In addition to the threats posed by unscrupulous privileged users, there’s another threat that’s cause for alarm. It’s called Advanced Persistent Threat (APT).  Basically, an APT is a ceaseless, sophisticated attack carried out by an organized group to accomplish a particular result—typically, the acquisition of information. The classic APT mode of operation is to doggedly steal the credentials of privileged users. The purpose, of course, is to gain unfettered access to sensitive or secret data. Once “in,” these APTers can transfer data and steal it without detection.  On a side note, Snowden used some of these APT tactics to steal credentials and validate self-signed certificates to gain access to classified documents.

APTs are often discussed in the context of government, but let me be clear: Companies are also a primary target. Take the recent Wall Street Journal article about a foreign government stealing plans for a new steel technology from US Steel. Such behavior is just the tip of the iceberg when it comes to how far some entities will go to steal information and technology.

So given that transferring files is an essential business operation, what can you do to protect your organization from these dangerous threats? At Micro Focus, our customers are asking for a holistic approach to secure file transfer—one that provides more visibility, flexibility, and control. That’s why we’re introducing Reflection® for Secure IT Gateway. This new SSH-based solution sits between the user and the SFTP server, and acts as a central point of control. Its job is to track every file going in and out of your enterprise, including who transferred it and what’s in it.   It also provides the ability to essentially offload files and allow for 3rd party inspection and can then either stop the transfer and notify if something seem amiss or complete the transfer as required.

Reflection for Secure IT Gateway comes with a powerful browser-based interface that you can use to accomplish a number of transfer-related tasks:

  • Expose files for inspection by third-party tools
  • Automate pre- and post-transfer actions
  • Grant and manage SFTP administrator rights
  • Provision users
  • Configure transfers
  • Create jobs for enterprise level automation
  • Delegate tasks

Read more about Reflection for Secure IT Gateway or download our evaluation software and take a test drive. Learn how you can continue to benefit from the ironclad security of SFTP while also gaining greater file transfer visibility, flexibility, and control.

{ 0 comments }

It Ain’t Broke, but There’s Still a Better Way

by David Fletcher on August 2, 2016

We’ve all heard the old adage “If it ain’t broke, don’t fix it.” But here’s the thing: Even if it’s not broken, it could be better. Think about regular film versus digital? Rotary phones versus smartphones? Those electric football games that vibrated the players across the field versus Xbox?  All the early versions worked just fine. They delivered the same results as their new counterparts. So why did we upgrade?

It Ain't Broke, but There's Still a Better WayThe answer is obvious. We wanted a better experience. After all, what’s not to like about achieving the same thing with less effort, achieving more with less effort, improving results, or just having more fun along the way?

The same is true for software. Remember the early days of running a single application in DOS? Think back to how clunky and inefficient those applications were. Yet we thought they were amazing!

These days there’s another topic that is top-of-mind in the software world, and that is the topic of computer security. While an older version of your software may still accomplish the task it was designed for, the world in which that software lives has undergone radical change. Software designed ten years ago isn’t able to shield your enterprise against the sophisticated threats of today. The gap is vast and dangerous.

Change comes when the benefits of a new solution outweighs the risk or pain of change. The good news is that change has come to Micro Focus® Rumba+ Desktop. The merger of Micro Focus and The Attachmate Group is enabling customers of both Rumba and Reflection terminal emulation software to get the best of both worlds. That’s why there are big gains to be had by updating now.

Let me be more specific. The latest release of Rumba+ Desktop now offers centralized security and management via Host Access Management and Security Server (MSS).  MSS meets one of IT’s greatest challenges—keeping up with an ever-changing IT security landscape. Customers always say, “We have 1000s of desktops at 100s of global locations. How do we keep up with PCI DSS, SHA-2, and TLS standards? How can we keep all of our clients up-to-date and secure? Just when we get everything updated, something new comes along that requires touching all of those workstations again.”

Well, Rumba+ Desktop combined with Host Access Management and Security Server solves the problem.  Together, these products make it possible for you to:

  • Take centralized control of your host-access operations. You can lock down 100s (or 1000s) of desktops with ease, control access using your Identity and Access Management system (yes, it’s possible), and grant or deny access based on group or role. You can quickly apply changes to align with business needs or make post-install adjustments. And you can do it on your schedule, not someone else’s.
  • Reinforce security as you remove the need for mainframe passwords. By teaming Rumba+ Desktop with MSS, you can integrate your host systems with your existing IAM system. Then you can replace weak eight-character passwords with strong complex ones. You can even banish mainframe passwords—and password-reset headaches—by automatically signing users on to their mainframe applications.
  • Build a wall of security in front of your host. You can deliver end-to-end encryption and enforce access control at the perimeter with a patented security proxy. You can also enable multifactor authentication to authorize access to your host systems—which means you can take complete control of who is accessing your most valuable assets.

Micro Focus terminal emulation products have been providing secure access to host systems for decades. As technology advances and the security landscape continues to change, you can count on Micro Focus to help you find a better way.

{ 0 comments }

Browser-Based Terminal Emulation and the Java Plug-In—What You Need to Know

August 2, 2016

The death of the Java plug-in is not news. Lots of articles talk about it. Even Oracle (who makes the Java plug-in) has finally agreed to dump it. For many users and businesses, this is not a big deal. And for IT staff, it’s actually a relief. It means they’ll no longer have to deal […]

Read the full article →

Move beyond weak mainframe passwords with advanced multifactor authentication

June 22, 2016

More and more companies are moving to multifactor authentication. Almost everyone agrees that multifactor authentication is the best way to provide the strongest level of authentication (who you are). This technology is taking hold in many industries, and for the most part it’s working pretty well. Now ask yourself “How can I use multifactor authentication […]

Read the full article →

Why SSL Puts Your Organization at Risk

May 20, 2016

Nothing breeds acrimony like success. Such is the case with Secure Sockets Layer (SSL). Originally developed by Netscape (remember Netscape?) for their web browser to encrypt communications between web browsers and servers, the SSL specification was eventually taken on and standardized by the IETF as the Transport Layer Security (TLS) specification. SSL became the de […]

Read the full article →

White Hats, Black Hats. A Hacker Community is Emerging Around the Mainframe. What You Need to Know…

May 3, 2016

Times are changing and we all need to take notice. The mainframe computing environment, with protocols dating back decades, is a new frontier of exploration for both the White Hat and the Black Hat hackers. A White Hat is an ethical hacker who seeks to expose vulnerabilities publicly so they can be addressed before they […]

Read the full article →

My Macro Just Crashed the Mainframe!

April 6, 2016

It was a simple macro that took down the mainframe. Yes, it really happens—and more often than you might think. Our customers tell us over and over again that they need to be able to lock down access to host resources. They also feel an equally strong need to lock down and harden who can […]

Read the full article →

Your Biggest Security Threat May Be Sitting Right Down the Hall

February 24, 2016

Most companies say that their employees are their greatest assets. They are the lifeblood of the organization. They are what makes the business thrive. They could also pose the greatest security threat your company will ever face. There’s no way around it—employees must be entrusted with sensitive information to do their jobs. And therein lies […]

Read the full article →

Merging Attachmate and Micro Focus will change how you think about Terminal Emulation

November 3, 2015

When it comes to mergers and acquisitions we have all heard and read about the chaos that comes from the ones that don’t work. Remember when AOL announced that it was buying Time Warner to create the “world’s largest media company” or how about when Sprint and Nextel agreed to merge only to have Sprint […]

Read the full article →

Unlocking the Treasure Chest: The Five Critical Capabilities of a Data Integration Solution

August 19, 2015

Databases are like treasure chests, waiting to be cracked open. Within them, you can find critical analytics information that gives your organization the information needed to gain a competitive edge. However, if your organization uses Unisys ClearPath MCP server and its non-relational DMSII database, getting the data you need can be difficult. Most traditional BI […]

Read the full article →