» 

Blog

7 Essential Resources on PCI DSS Security

7 essential resources on PCI DSS compliance

Did you know that 80% of organizations are not compliant with PCI DSS requirements? That means, if you’re reading this, there’s a pretty good chance your company needs to make adjustments in order to ensure a fully compliant payment processing infrastructure.

PCI DSS compliance doesn’t happen overnight, and maintaining compliance year after year can be even more difficult. In fact, only 29% of companies surveyed were in compliance a year after validation. With these statistics in mind, we’ve compiled a collection of the best PCI DSS security and compliance resources.

Don’t see your favorite resource listed? Add to the list by commenting below.

 

PCI DSS compliance guide1. PCI DSS Quick Reference Guide [PDF]

This PDF guide provides a comprehensive overview of PCI DSS requirements, necessary security controls and processes, instructions on how to comply with PCI DSS and a list of trusted resources. Published by the PCI Security Standards Council, it’s authoritative and comprehensive.

Why we love it:
For anyone just beginning their research on PCI DSS, this guide is a great place to start. Keep in mind, the PCI Security Standards Council typically releases a new guide when the next version of requirements is confirmed. Check their website for the most up-to-date version.

 

hacking point of sale2. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions [Book]

This book is a must-have guide for anyone responsible for securing credit and debit card transactions, and offers an inside look at how these systems can be hacked. To beat the enemy, you must know the enemy.

Why we love it:
In the last few years POS hacks have become more prevalent (Wendy’s, Cici’s Pizza and Eddie Bauer, for example). With a reader rating of 4.3 out of 5 stars, this book provides real and actionable solutions on how to achieve better security at the point of sale.

 

 

the hacker playbook3. The Hacker Playbook 2: Practical Guide To Penetration Testing [Book]

This resource goes above and beyond PCI DSS compliance to teach security professionals how to protect against hacking through the game of penetration hacking. Described by readers as a “no-fluff” “ultimate playbook”, this top-rated book made our list of recommended PCI DSS security resources for good reason.

Why we love it:
This step-by-step guide is top-rated, and takes a unique approach to preventative security, helping readers to better understand all the ways their infrastructure could be compromised.

 

 

 

 

PCI DSS validation requirements4. Validation Requirements [Infographic]

Are you a visual learner? Then this infographic is a great place to start when looking to understand PCI DSS validation requirements.

Why we love it:
The chart is straight-forward, allowing anyone to quickly understand which validation requirements their organization falls under.

 

 

 

reduce PCI DSS scope5. Reduce PCI DSS Scope [SlideShare]

Most PCI DSS compliant businesses are looking to minimize the cost and effort that comes with PCI DSS compliance. Fortunately, there are a few key ways at reducing the scope of PCI DSS, and this helpful SlideShare explains them.

Why we love it:
Reducing PCI DSS scope is a very important aspect of PCI DSS compliance, and can greatly help to reduce the costs dedicated to maintaining compliance. Beginning on slide 23, this SlideShare offers some great ways to reduce PCI DSS overhead.

 

 

 

 

PCI DSS compliance made easy6. PCI DSS Compliance Made Easy [Video]

In this 3 minute video, a small business owner explains how PCI DSS compliance affects him, his customers, and his business. He also explains the important risks of non-compliance.

Why we love it:
PCI DSS compliance applies to so many types of businesses, and the importance of these regulations can easily be missed by small business owners focusing on day-to-day operations. This video takes a personable, engaging approach to PCI DSS compliance.

 

 

how to give your PCI DSS compliance program a tune up7. Acquirers: How to Give Your PCI DSS Compliance Program a Tune Up [Infographic]

If you’re confident that your organization is already meeting PCI DSS compliance, this infographic is for you. Learn four ways you can give your PCI DSS compliance program a tune-up, to ensure on-going compliance in years to come.

Why we love it:
In a sea of resources on “what is PCI DSS” and the basics to becoming compliant, this infographic speaks to those organizations that have moved past that stage in their compliance.GoAnywhere PCI DSS Guide

 

 

Want more PCI DSS compliance resources? Check out our new guide on how GoAnywhere Managed File Transfer helps to make PCI DSS compliance easy. 

 

 


8 Shocking PCI DSS Compliance Statistics

8 PCI DSS statistics



If you work for any organization that processes credit or debit card information, you’ve heard of the Payment Card Industry Data Security Standard (PCI DSS), the regulatory standard aimed at preventing costly data breaches like the ones you may have heard about at Home Depot or TJX. But how much do you really know about PCI DSS compliance? Here are some interesting PCI DSS compliance statistics you may have missed.

 

1.     PCI DSS compliance has increased by 167% since 2012

This is the best news on the list. According to Verizon’s latest PCI DSS Compliance Report, the number of organizations that are fully compliant at the time of interim assessment is growing rapidly each year.

 

PCI DSS statistics infographic2.     80% of organizations are still not compliant

While the increase in businesses taking PCI DSS compliance seriously is important, the number of compliant organizations was very low to begin with. According to Verizon’s report, four out of five companies still fail at interim assessment.

 

 

3.     Only 26% of news media executives feel confident their businesses are compliant

A Newscycle Solutions survey found that only a small number of executives felt confident they had achieved PCI DSS compliance. Another 13 percent were not certain. While this compliance statistic is a snapshot of a specific industry, it’s common across all types of organizations to feel unsure about meeting PCI DSS standards. IT infrastructure becomes more complex every day, PCI DSS rules change frequently, and many companies lack up-to-date expertise.

 

4.     Only 29% of companies are compliant a year after validation

Many businesses check PCI DSS compliance off the list and then stop worrying about it. Unfortunately, less than a third have maintained compliance a year later. While successfully demonstrating PCI DSS compliance to an auditor is a big relief, it won’t keep your business safe from security threats. The Verizon report recommends building a robust framework with security policies, procedures, and testing mechanisms to ensure compliance every day of the year.  

 

5.     You could pay $100,000 a month for being non-compliant…or much more

One of the least understood aspects of PCI DSS compliance is that the fines for non-compliance are levied on the payment processors or credit card companies (the acquirers) that work with the non-compliant business, not the business itself. Those fines range from $5,000 to $100,000 a month. Of course, the acquirer will recoup the money from you, quite likely with added penalties and increased transaction fees.

 

6.     None of the companies breached during Verizon’s investigations were fully compliant

This statistic is just in case you thought that PCI DSS standards were only important for your auditors. In Verizon’s ten years of having a forensics team investigate PCI DSS compliance, they have never found a company that was fully PCI DSS compliant at the time it was breached. Take note.

 

7.     69% of consumers would be less inclined to do business with a breached organization

According to Verizon, the majority of consumers would be hesitant to do business with an organization that has suffered a data breach. If you’re having trouble justifying the cost of robust security solutions, this is what you need to think about: being complacent about PCI DSS compliance today could lead to years of lost customers and a damaged reputation for your brand.

 

8.     The average total cost of a data breach is $4 Million

According to the Ponemon Institute, which tracks the costs of data breaches every year, the current amount is up 29 percent since 2013. Refer to #6 for why this statistic directly relates to your PCI DSS compliance.

 

 

It’s clear that many organizations are struggling with PCI DSS compliance. It doesn’t have to be difficult. Seek out security software solutions that protect your valuable data using up-to-date methods, generate detailed logs to keep auditors happy, and allow you to easily test for PCI DSS compliance.

Interested in learning more about PCI DSS compliance? Explore our PCI DSS resource section for requirement details, industry whitepapers and recent articles.

 

Ready to try a managed file transfer solution that keeps your enterprise data transfers secure and helps you assess whether you are PCI DSS compliant? Download a free 30-day trial of GoAnywhere MFT.

 


3 Data Breaches That May Have Been Avoided through PCI DSS Compliance

data breaches avoided with PCI DSS compliance

 

“Dear Valued Customer,

As you may have heard, on September 8, 2014, we confirmed that our payment data systems have been breached, which could potentially impact customers using payment cards at our U.S. and Canadian stores.”

 

This is an excerpt from an actual email distributed by a large retailer, in the wake of a massive data breach jeopardizing over 50 million credit cards. Since 2004, Payment Card Industry Data Security Standards (PCI DSS) has stood as a core regulation aimed at thwarting breaches like the above, and any organization that accepts, transmits or stores cardholder data must comply.

Now, here’s the shocking truth: In the latest PCI DSS Compliance Report conducted by Verizon, none of the companies it had investigated in ten years had been fully PCI DSS compliant at the time they were breached.

In many cases, companies achieve total PCI DSS compliance once but don’t sustain it. According to the Verizon report, 80 percent of companies fail at interim assessment. Technology moves quickly, and compliance solutions and policies implemented in past years may not be enough to stand up to modern security threats.

Other organizations believe that they don’t have to worry about protecting data. They believe their business is too small to be the target of hackers, or too large and successful to be using outdated, inadequate security practices. Sometimes they believe that data breaches only affect big retailers, not other industries.

But PCI DSS compliance needs to be taken seriously by everyone or the consequences can be devastating. Here are three organizations that experienced the detriment of non-compliance.

home depot data breach logo#1: Data Breach at Home Depot Compromises 56 Million Credit Cards

In what went down in history as one of the worst retail data breaches of all time, malware infected Home Depot point-of-sale systems and stole millions of customer credit and debit cards. The Home Depot attack seems to be a case of relying on inadequate software solutions and policies for data breach prevention. Employees later said that the company used outdated antivirus software and failed to monitor the network for unusual behavior.

PCI DSS standards require routine vulnerability scans, but according to employees, more than a dozen systems handling customer information were not assessed and were off limits to much of the security staff. In Home Depot’s case, investing in a security software with the ability to audit security infrastructure for PCI DSS compliance, may have been the difference between a $19.5 million data breach settlement, and business as usual.

OPM data breach logo#2: Office of Personnel Management Data Breach Affects Millions

After hackers attacked the Office of Personnel Management (OPM)’s servers and stole the personnel files of 4.2 million former and current government employees, as well as the security clearance background investigation information of millions more, a congressional investigation uncovered the organization’s security shortcomings.

Among many other findings, the report took especial issue with the department’s lack of two-factor authentication for employee access to sensitive data, claiming it was an oversight that could have prevented the security breach. This points to a key problem that PCI DSS compliance is meant to address. It’s not enough to encrypt and protect your files during transfer, you need to monitor internal actors as well. A robust security solution will authenticate users, give them only the access they need, and maintain a detailed log of each user’s actions.

TJX data breach logo#3: Over 45 Million Credit Card Numbers Stolen in TJX Breach

TJX Companies, owner of popular home brands such as TJ Maxx, Marshalls, and HomeGoods, experienced a data breach in which more than 80GB of cardholder data was stolen over a period of 18 months. Before the company was able to detect and halt the breach, 45.6 records had been stolen.

Documents filed in court after the breach claimed that TJX had failed to comply with nine out of the twelve PCI DSS requirements. Factors contributing to the incident included an improperly configured wireless network, a failure to segment networks carrying cardholder data from the rest of TJX's network, and the storage of prohibited data. Two members of the PCI DSS Standards Council later pointed to PCI DSS compliance as the clearest way to protect data against a TJX-style breach.

PCI DSS Compliance Can be Tricky, We Get It.

No company embarks on an initiative to avoid PCI DSS compliance. You are trusted by your customers, partners and vendors to take the proper measures to secure and protect their sensitive payment data. It’s that trust that has kept your company successful for so many years!

We read about data breaches and attacks like these in the news on a regular basis, but we don’t pause often enough to audit our own data security practices. IT infrastructure in today’s enterprises is increasingly complex, especially for large companies with systems spread around the world like Home Depot. Add to that the fact that PCI DSS compliance has multiple, complex requirements, and it can be daunting for IT and security teams to implement a sustainable process that ensures ongoing compliance.

PCI DSS compliance can be greatly simplified by using software solutions with features designed to help you achieve security and compliance. This type of software addresses PCI DSS requirements, provides the information you need to satisfy an audit, and in some cases even helps you check whether you are meeting compliance standards.

PCI DSS Compliance with Secure Managed File Transfer

File transfers are an essential point of vulnerability to consider when developing your security strategy. The most common file transfer pitfall is relying on inadequate methods such as poor FTP implementation practices, file sharing apps, and unencrypted email attachments.

A secure managed file transfer (MFT) platform guards your sensitive data against attacks with robust security and encryption methods, all while streamlining the file transfer process and saving your team time and resources that can be used to tackle other potential security issues.  Furthermore, a good MFT solution will have features like detailed audit logging and compliance assessments to eliminate the headache involved with ensuring your file transfers are compliant.

To make protecting data transfers as easy as possible, make sure your managed file transfer platform provides:

  • Secure connections for the transmission of sensitive data
  • Integration with existing critical applications
  • Role-based security and user authentication
  • Strong encryption methods
  • Detailed logs for audit reporting

Securely managing your data transfers is just one aspect of achieving PCI DSS compliance, but it is an essential step toward fully protecting your enterprise against security threats.

 

Interested in learning more about PCI DSS compliance? Explore our PCI DSS resource section for requirement details, industry whitepapers and recent articles.

 

Assess the PCI DSS compliance of your file transfers for free when you try GoAnywhere MFT for 30 days. Sign up for a trial here.


Are Your Data Transfers PCI DSS Compliant? Find Out with the Security Settings Audit Report from GoAnywhere.

Complying with the Payment Card Industry’s Data Security Standard (PCI DSS) is mandatory for every organization around the world that processes credit or debit card information. GoAnywhere Managed File Transfer has several features, like detailed event logs and role-based security, to help users eliminate the security vulnerabilities that PCI DSS was designed to combat. For more information on how GoAnywhere makes PCI DSS compliance easy, instantly download the guide

But PCI DSS requirements are complicated, and making sure you have checked all the boxes is often a time-consuming process for IT teams. Failing a PCI DSS audit comes with hefty fines, so you don’t want to leave anything to chance. One important aspect of achieving compliance is securing your data transfers. GoAnywhere users have a quick and easy way to ensurethat their GoAnywhere implementation is compliant with PCI DSS requirements for protecting data transfers: the Security Settings Audit Report. Painlessly checking data transfers off the list makes achieving overall PCI DSS compliance much simpler. 


GoAnywhere Advanced Reporting Module

GoAnywhere helps you manage and monitor your system information and file transfer activity with a variety of detailed PDF reports. The Security Settings Audit Report is one of several reports that can be generated on-demand through the browser-based console or scheduled and distributed automatically.

The Security Settings Audit Report

For each of over 60 security settings, the report will indicate the status of your GoAnywhere installation. There are five possible outcomes for each setting tested:

  • Pass: The setting meets the PCI DSS requirement.
  • Fail: The setting does not meet the PCI DSS requirement. In this case, you will also be given a recommendation for remedying the problem.
  • Warning: You will need to look into this issue further to determine if you are compliant. Recommended actions are provided.
  • Not Applicable: A check on this setting is not required, typically due to GoAnywhere features that you are not licensed to use.
  • Fatal: A configuration problem is preventing GoAnywhere from accessing the appropriate data.

In addition to the status check and recommended actions, the report lets you know which section of PCI DSS the setting applies to.

The enhanced Security Settings Audit Report released with GoAnywhere version 5.4 includes some new checks. The report now ensures that Gateway is being used for inbound connections, that Gateway's control channel is protected with SSL/TLS and a shared secret value, that Admin users are not allowed to view Resource passwords, and that Admin users follow password age and history restrictions.

To get started with easy PCI DSS compliance using GoAnywhere MFT and the Security Settings Audit Report, download a free 30-day trial of GoAnywhere.

 


New Version of GoAnywhere Managed File Transfer Improves Application Integration and API Support

Linoma Software has extended GoAnywhere Managed File Transfer’s workflow automation and file transfer features to include SOAP and RESTful Web Services.  Combined with new JSON Read & Write tasks, GoAnywhere MFT 5.4 provides better integration with Web Services and other applications for securely transferring data and automating processes.

“Organizations are looking for ways to automate data transfers and integrate systems using cloud-based or internal API’s” says Steve Luebbe, Linoma’s Director of Engineering.  “They also want an easy way to process the XML and JSON formatted data that is returned from the server which are some of the new features we incorporated into GoAnywhere MFT 5.4.”

To provide a fully integrated SOAP and REST solution, a number of new tasks, resources, and workflow features were added including:

  • A REST resource and new tasks to interact with RESTful Web Services. These tasks support XML and JSON based services.
  • A SOAP resource and task to provide streamlined integration with SOAP web services. A wizard is provided to simplify creation of actions by building them based on the WSDL definition. Files can be sent inline or using MTOM. The files and XML payload returned from the web service can then be stored or processed.
  • Tasks to read and write JSON data.

In addition to Workflow enhancements, both Secure Forms and GoAnywhere Command have been updated to integrate with Web Services.  Secure Forms can now be submitted using SOAP requests, offering an ideal solution for users to build custom applications that submit data and files to GoAnywhere.  GoAnywhere’s API interface supports both REST and SOAP requests to automate GoAnywhere Workflows and User provisioning through existing applications.

Significant Time Savings

The new Web Services integration delivers significant time savings for GoAnywhere users. In just a few steps, users can take advantage of Web Services standardization to quickly connect applications and share data across a diverse range of systems and platforms. The entire process can be completed with just a few clicks and requires no programming knowledge.                                        

Continuing Advancements with GoAnywhere Automation & Security

Current GoAnywhere MFT customers who upgrade to the new release also gain functionality for workflow automation and user authentication. New feature highlights include:

  • An updated Workflow Designer that streamlines the configuration and creation process. New Component and Variable panels simplify adding tasks and variables to a project.
  • Several new Reports, including a Custom Report task allows creation of PDF reports based on data from a database, Excel file, XML, JSON, or fixed-width files.
  • Administrative Users can now be synchronized against an LDAP or Active Directory system to automatically create user accounts and simplify administration.
  • Kerberos single sign-on was added to the Secure Mail Outlook Plugin and to GoDrive for Windows.
  • Secure Forms has 6 additional components: text area, multi-checkbox, number, bulleted list, checkbox, and radio buttons.

For a complete list of enhancements for GoAnywhere MFT 5.4, visit the release notes page.

 


Get the Guide: Achieving PCI DSS Compliance with GoAnywhere MFT


Instantly Download the GoAnywhere MFT PCI DSS guideThe Payment Card Industry’s Data Security Standard (PCI DSS) was created to increase controls over cardholder data and reduce fraud. It applies to every organization around the world that processes credit or debit card information. Unfortunately, it’s not always clear to businesses which steps need to be implemented to ensure PCI DSS compliance. Using the right software solutions can take a lot of the work out of your hands.

It’s essential to factor protection for your file transfers into your security and compliance plan. If you possess customer cardholder data, an unsecure transfer method leaves that data especially vulnerable to interception and theft. The most common file transfer pitfall is relying on inadequate methods such as free FTP tools, file sharing apps, and email attachments. Ideally, your file transfer solution will go beyond protecting your data with encryption and secure protocols and also help you to provide the information that an auditor needs through detailed reports and role-based access.

The penalties for failing a PCI DSS audit are severe and will likely negate the savings of your “inexpensive” transfer method. Of course, complying with PCI DSS is not just about avoiding fines. PCI DSS compliance should be seen as a set of core principles that will help you avoid a costly breach of your data—and having to tell your customers that you’ve allowed their credit card data to be stolen.

PCI DSS compliance is based on twelve main requirements. We’ve put together a guide that demonstrates how GoAnywhere Managed File Transfer addresses several of them. For example, GoAnywhere protects your files at rest (PCI DSS Requirement 2) using strong encryption methods like AES and OpenPGP. Its role-based accounts allow you to restrict access to cardholder data by business need-to-know (PCI DSS Requirement 7).

Instantly download the guide to see how GoAnywhere helps to make PCI DSS compliance easy.

 

 

 


GoAnywhere MFT Earns Drummond Recertification for AS2

GoAnywhere MFT Drummond CertifiedLinoma Software is pleased to announce that GoAnywhere Managed File Transfer (MFT) has again earned Drummond Recertification for Applicability Statement 2 (AS2) interoperability.

AS2 is a popular security standard that defines how to transfer digital data securely and reliably over the internet using encryption and digital certificates. Some advantages of using the AS2 include end-to-end encryption, non-repudiation verification of senders, recipient authenticity through the use of digital signatures, and validation of original file integrity with successful transfer confirmation.

In order to become Drummond CertifiedTM, companies must submit to rigorous product testing and meet strict requirements to verify compatibility between certified products. The Drummond Group provides a controlled, vendor-neutral environment where routine tests are conducted to ensure that certified products meet strict testing protocols and are kept current.

Drummond Recertification for AS2-3Q16

For the third quarter AS2-3Q16 tests, 13 Global companies participated and 18 products were certified or recertified. “Not all companies are willing to undergo the certification process, since it’s not easy,” said Bob Luebbe, President and Chief Architect at Linoma Software. “We count certification as part of our unwavering commitment to providing one of the highest quality and proven manage file transfer solutions on the market. Being Drummond certified makes it easy for our customers to verify at-a-glance that our MFT solution has been real world tested and is guaranteed to work with their AS2 partners.”

GoAnywhere MFT also successfully met requirements for AS2 optional tests including multiple attachments (MA), file name preservation (FN), file name preservation for multiple attachments (FN-MA), chucked transfer encoding (CTE), and secure hashing algorithm 2 (SHA-2). To learn more about Applicability Statement 2 or AS2, please visit these links:

Learn more about AS2 Transfers with GoAnywhere MFT.

 

 

 

 


SFTP vs. FTPS: The Key Differences

SFTP vs FTPSFTP, SFTP, FTPS, HTTPS, AS2… the many options for transferring files can make it confusing to answer the question that matters—what is the best way to secure your company’s data during transfer? This blog post is an introduction to the differences between the two mainstream secure FTP protocols, SFTP and FTPS, and which is the best choice to protect your file transfers.

Can’t I Just Use FTP?

FTP is a popular file transfer method that has been around longer than the world wide web—and it hasn’t changed much since it’s invention. Back then, it was usually assumed that internet activity was not malicious, so FTP wasn’t created with features to deal with the kind of cybersecurity threats we now see in the news every day.

FTP exchanges data using two separate channels known as the command channel and data channel.  With FTP, both channels are unencrypted, leaving any data sent over these channels vulnerable to being intercepted and read.

Even if a man-in-the-middle attack is a risk that you are personally willing to take, industry regulations such as PCI DSS, HIPAA, and others, require data transfers to be encrypted. Unfortunately, despite escalating security risks and the high cost of non-compliance, FTP is actually growing in popularity.

We highly recommend you avoid the basic FTP protocol and choose a secure option.

What is FTPS?

In the 1990’s concern about internet security was growing, and in response Netscape created the Secure Sockets Layer (SSL, now known as TLS) protocol to protect communications over a network. SSL was applied to FTP to create FTPS. Like FTP, FTPS uses two connections, a command channel and a data channel. You can choose to encrypt both connections or only the data channel.

FTPS authenticates your connection using either a user ID and password, a certificate, or both. When connecting to a trading partner's FTPS server, your FTPS client will first check if the server's certificate is trusted. The certificate is considered trusted if either the certificate was signed by a known certificate authority (CA), or if the certificate was self-signed by your partner and you have a copy of their public certificate in your trusted key store. Your partner may also require that you supply a certificate when you connect to them. If your certificate isn’t signed by a third-party CA, your partner may allow you to self-sign your certificate, sending them the public portion beforehand to load into their trusted key store.

User ID authentication can be used with any combination of certificate and/or password authentication.

What is SFTP?

While FTPS adds a layer to the FTP protocol, SFTP is an entirely different protocol based on the network protocol SSH (Secure Shell) rather than FTP. Unlike both FTP and FTPS, SFTP uses only one connection and encrypts both authentication information and data files being transferred.

SFTP provides two methods for authenticating connections. Like FTP, you can simply use a user ID and password. However, with SFTP these credentials are encrypted, which gives it a major security advantage over FTP. The other authentication method you can use with SFTP is SSH keys. This involves first generating a SSH private key and public key. You then send your SSH public key to your trading partner and they load it onto their server and associate it with your account. When they connect to your SFTP server, their client software will transmit your public key to the server for authentication. If the public key matches your private key, along with any user or password supplied, then the authentication will succeed.

User ID authentication can be used with any combination of key and/or password authentication.

What is the difference between FTPS and SFTP?

We’ve established that both FTPS and SFTP offer strong protection through authentication options that FTP can’t provide. So why should you choose one over the other?

One major difference between FTPS and SFTP is that FTPS uses multiple port numbers. The first port, for the command channel, is used for authentication and passing commands. However, every time a file transfer request or directory listing request is made, another port number needs to be opened for the data channel. You and your trading partners will therefore have to open a range of ports in your firewalls to allow for FTPS connections, which can be a security risk for your network. SFTP needs only a single port number for all SFTP communications, making it easy to secure.

While both protocols have their benefits, we recommend SFTP thanks to its better usability with firewalls. For an enterprise, it is ideal to have a managed file transfer (MFT) solution that can manage, monitor, and automate file transfers using a variety of protocols, including FTPS and SFTP. MFT is extremely valuable if you have trading partners with different requirements, and it has additional features like detailed audit logs to help you comply with industry regulations.

GoAnywhere is a managed file transfer solution that supports both SFTP and FTPS. Learn more about GoAnywhere MFT.  


Linoma Software named Cybersecurity Leader of 2016 for Excellence-in-class in Secure File Transfer and Data Encryption

Linoma Cybersecurity Top 20 Leader 2016Linoma Software has been named by Cyber Defense Magazine as one of the Top 20 Cybersecurity Leaders of 2016 for innovations in the field of information security. The list was released last month during National Cybersecurity Awareness Month.

Bob Luebbe, CISSP, and President at Linoma, said he was honored that Linoma was included on the selective list of industry leaders. “We are continually working to deliver best-in-class security software and it’s a great honor for the quality of our solutions to be recognized alongside some of the top names in Cybersecurity.”

Linoma Software, a division of HelpSystems, is known for providing secure managed file transfer and encryption solutions to over 3,000 customers worldwide, including Fortune 500 companies, mid-sized enterprises and government entities. Linoma has also been named one of the nation’s Fastest-growing Private Companies four years in a row by Inc. Magazine and was chosen for a Cybersecurity Excellence Award in 2016.

This is Cyber Defense Magazine’s fourth year of honoring innovators. “The competition was fierce, after many months of review and judging by leading independent information security experts, Cyber Defense Magazine is pleased to have selected those on this list as the Top 20 most innovative and interesting to watch this year and into 2017,” said Stevin Miliefsky, president of the magazine.