How to Improve File Transfer Security and Prevent Zero Day Attacks

Thank you for viewing for this on-demand webinar. If you have questions following the webinar, please contact us. You can also download the presentation slides here.

 

About the Webinar

Encryption is a necessary part of every organization’s security strategy. With vast amounts of personal data stored, processed, or shared online, simply protecting data at rest isn’t enough. Every transmission, connection, and integration exchanged with trading partners and third-party vendors should also be secure. And even if you know your partners and vendors, can you be sure their files are safe from malicious content?

By integrating Managed File Transfer (MFT) and Content Disarm and Reconstruction (CDR) technology, you can protect your data wherever it resides while ensuring every incoming file is sanitized from possible zero-day attacks and undisclosed threats.

Learn how your organization can benefit from an MFT and CDR integration. In this live event, you’ll learn how two solutions, GoAnywhere MFT and Votiro Disarmer, work together to create a powerful security layer for critical file transfers. Topics that will be covered include:

  • Why organizations need file encryption and CDR technology
  • How an MFT and CDR integration provides full file transfer protection
  • An overview of solutions: GoAnywhere MFT and Votiro Disarmer
  • A look at GoAnywhere’s Votiro cloud integration for zero-day threat removal

Is an MFT and CDR integration right for your organization? Watch the webinar!

Transcript

Chris Wilson: How to improve file transfer security and prevent zero-day attacks, hosted with their friends from Votiro. Before we get started, I just wanted to let you know the event is scheduled for an hour, but we will likely wrap up early. We are recording this event, so if you'd like to re-watch any portions or share it with a friend you can do so. We'll send out a link to the recording within a day or so after the event. If you have any questions throughout the webinar, please submit them through the Q&A pane, and we'll have a couple of team members online answering them throughout the presentation. We'll also have Q&A time at the end of the webinar if you'd like to stay on the line and submit a live question. Lastly, at the end of the webinar, you'll see a quick survey pop up. Please fill that out, as it helps us understand how we did and what parts of the presentation were helpful to you.

If you have any questions that aren't answered on today's call, you can enter those there as well, and someone will get back to you. And with that, I think it's time to get started. So just a bit about me. I'm Chris Wilson, I'm the Business Development Manager for HelpSystems. I manage resellers, channel partners, system integrators, as well as other software tools that want to integrate with GoAnywhere. And to that end, I'd like to introduce Nadav Sevy, from Votiro. They're one of the latest connection types for us with our cloud connector feature. Nadav.

Nadav Sevy: Hi everyone. My name is Nadav Sevy. I'm the Regional Sales Manager here at Votiro. I am basically responsible for educating the North American market about our technology. So really looking forward to being here with you guys.

Chris: Great, thanks Nadav. So just a bit about our agenda. I'm going to talk a little bit about HelpSystems, our background. We're going to get into file transfer security challenges, what we're seeing in the marketplace. We're going to talk a little bit about MFT. What is it? How does it differ from traditional file transfer solutions that you might be experienced with? Then Nadav is going to go ahead and talk about Votiro. What is CDR technology? How does it differ from maybe what you know about antivirus? And then we'll just spend a bit of time showing you how to add Votiro to GoAnywhere, and we'll talk through some use case examples. At the very end, we'll talk about next steps and handle your questions.

So with that, let me take a moment and share a little bit of background on our company. HelpSystems has been in business for over 35 years. We focus on developing cyber security and automation solutions. We have over 600 employees in 20 offices around the world, to serve our customers. The corporate headquarters is in Eden Prairie, Minnesota, but all of the GoAnywhere R&D and support takes place right outside of Omaha, Nebraska. Our R&D team is constantly improving GoAnywhere, which is really based on the feedback we get from our customers. There are two or three major releases of GoAnywhere per year, which delve demonstrates our active development schedule, and you can view the release notes on our website if you're curious about that. We do believe in providing the best possible support to our customers, with 24/7 support, 365 days a year. One of the most interesting things about GoAnywhere is we have an almost 99% retention rate with our customers on product maintenance, which is a really an exceptional record for a software tool, and it's something we're extremely proud of, and it's really a testament to the great service and value we're providing. And we are a member of the PCI Security Council. We stay up to date on those latest standards and ensure our customers maintain compliance.

So many of you who are joining us today, likely either oversee or belong to teams who are responsible for IT security and operations. Earlier this year, HelpSystems launched a survey, asking people, just like you, to tell us about the cybersecurity risks they're facing and how they're mitigating those risks. We had over 650 IT and security professionals around the world respond, which really gave us a good glimpse into what's really going on in organizations right now, related to security. The survey asked about the top concerns and threats organizations face in 2018, as well as protective strategies they're implementing. The results on your screen came from asking survey participants what cybersecurity exploitations they perceived as most concerning in 2018. We asked them to rank these concerns in order of most concerning. So not surprisingly, ransomware, phishing, stolen credentials, system mis-configurations and unsecure file transfers are all top concerns for IT and security professionals.

Now, if you haven't tackled any of these areas yet, today Nadav and I will share some practical next steps you can take to start addressing these cybersecurity concerns in your organization. I'll get started here by addressing number five, unsecure file transfers, first.

So many of you are familiar with kind of these traditional file transfer methods. They've been around for forever it seems, including clear text, FTP, sending attachments via email and more recently, connecting via cloud type resources like Box and Dropbox. Now with a managed file transfer system, what you're really basically doing is enforcing a set of rules on a server based system that's based on a series of encryption protocols and automation suite and audit tracking, for all that type of activity. And hopefully that will address compliance issues you may have related to things like PCI compliance or HIPAA.

Now when we're talking about GoAnywhere, we're really talking about almost two sides of this product. One way to think about GoAnywhere is as a client. So if you look in this box up on the top of the screen, on the left hand side, that kind of encapsulates all the parts of GoAnywhere that you might associate with the product, acting as the client. So a typical use case for using GoAnywhere this way would be you've got a trading partner out there and you need to take a file and maybe encrypt it via SFTP, send it over that encrypted tunnel and the trading partner receives the file. That's an example of using the product as a client. But as we know there's many, many more facets to file transfer than just taking a static file and sending it somewhere. And that's really where workflow automation comes in, because we can include a lot of different features prior to the file being sent via an encrypted protocol, and after the file is received via an encrypted protocol.

So for example, maybe we want to encrypt the file with PGP encryption or decryption, if we're receiving the file. You can compress with things like gzip and tar. You can use workflow automation to do data translation. So many of our customers use GoAnywhere, almost like an ETL tool, where they are transforming a database file into XLS or vice versa, or XML, and pumping it into their database or extracting it from their database. Those are the types of things you can do inside of workflow automation.

And naturally you can schedule this kind of activity. So you can set this up on an automated basis. And we also have folder monitoring. So you can schedule a folder looping for certain types of files entering your folders on the system. So there's all sorts of different features you might associate with a product acting as a client. Now on the right hand side are all of the parts of GoAnywhere that operate with the product, acting as a service. So if you think about it from a more batch oriented standpoint, that could include something like an SFTP server or an FTPS server to receive files from your trading partners. Sorry, I went forward there. I apologize.

It could also include some of our web-based services. We have these web clients for ad hoc file transfers. So that can include something like secure mail or secure folders. We also have something called secure forms. Those all happen over the HTTPS protocol. So that's a great way of enabling ad hoc type file drop-offs and pickups for actual end users as opposed to server-to-server file transmissions. Now in the bottom part of this screen, you'll see all the different types of touchpoints that we enable through GoAnywhere. If you think about your file system, the way it exists today, whatever you're familiar with, whether it be Windows or Linux, you're kind of limited to the connection types that you have available to you natively through the file system along with file shares, like SMB shares. What GoAnywhere does is it kind of extends the file system that you currently have and includes touchpoints for are all these other types of resources in GoAnywhere.

So that could include other types of platforms in your network. It could include an FTP server, either in your network or outside of your network at a trading partners site. It can include access to things like S3 buckets in Amazon. You can connect to databases, as I was mentioning earlier. You can build workflows that extract data from databases, and so there's an SQL engine for doing that type of thing. And we support importing and interacting with different types of scripts because you may have those already in your price.

Lastly, we have something called MFT agents. So MFT agents are almost like mini workflows that you can deploy to remote servers or servers elsewhere in your enterprise. They're really useful if you have, for example, a trading partner or a customer who maybe they don't have an SFTP client or maybe they just don't have the expertise to operate an SFTP client, but you still need to share information with them. You could deploy this agent very easily on their system and control it centrally from GoAnywhere, and all the communication happens over TLS. So it's a great alternative to using something like SFTP, if that's an issue.

So today, if you're looking at GoAnywhere, there's a number of ways we interact with the cloud. So as I mentioned, we already interact with AWS and Azure. You can create resources for things like S3 buckets and blob storage, along with the databases like RDS, that already exist out in those cloud environments.

Now more recently, over the past year, to year and a half, we've created these things called cloud connectors. So cloud connectors are kind of an invention on our part to really build out the kind of access that many cloud based providers offer in terms of public APIs. So these public APIs are typically built using web services, and those web services often are very easy to work with, but sometimes they are extremely complex to work with. And so some of our customers who are trying to integrate with things like a SharePoint and Salesforce, and they were kind of struggling with having to build out those connections from scratch inside of GoAnywhere. So we built these cloud connectors as kind of a shortcut to those public API interactions. And Votiro is one of our more recent cloud connectors, and that's what we're here to talk about today.

Lastly, GoAnywhere, it is a server-based instance. You can connect to it via GoAnywhere APIs, and we also have the agents that I discussed earlier. Now, one thing I want to talk about here is we were kind of mentioning that we cover the number five file transfer security, but Votiro kind of encompasses more in terms of risks to your organization from a security standpoint. So with that I'm going to let Nadav kind of discuss some things that he'd like to talk about.

Nadav: Hey, thanks so much Chris. Thanks a lot for everyone for being here. I'm really happy to talk a little bit about what we do with you guys today. And as a quick intro, I just wanted to let you guys know a little bit more about Votiro and why you would want to work with us to secure your files, that are being shared via GoAnywhere.

So just as a quick background, we've been around since 2010. Our technology is U.S. patented. We're a Gartner Cool Vendor in security for 2017, and we're also in the Cybersecurity 500 World's Hottest Security Companies, we're really proud of. We're certified tech partners with HP, VMware, Box, Symantec, Microsoft, just to name a few. We're common criteria certified on the government level in 27 different countries. And most importantly, we've sanitized over five billion files without a successful exploit to date, and we've actually captured 100% of zero-day attacks so far as well. So extremely proud of those numbers and they're really unheard of numbers in the space.

But let's go ahead and move on to the problem that Votiro solves. And I'm sure as you guys already know, over 90% of targeted attacks today are carried into companies via weaponized files. Now, whether the file is coming into the company through FTP, email, a custom application, where documents are uploaded, whether it's web downloads, files, shared via Box, etc, there's a huge risk in those files carrying malicious malware and ransomware. We all know that.

Now you may say, "hey, I have an antivirus or a sandbox solution", which is great, but the following statistics are worrying to say the least. Now malware is more and more advanced every single day. And NextGen malware is engineered to bypass and evade the traditional solutions like antivirus and sandboxes. Actually, 98% of malware uses at least one evasive tactic, and 32% of malware is hyper evasive, meaning at least six evasive tactics or more are used, which is totally crazy. So all the companies that have been attacked in the past year and even before that, they have antivirus and sandbox solutions obviously. So what happened there? Well, NextGen malware, again, is easily bypassing these traditional solutions. So NextGen malware demands a next gen solution and that's exactly what Votiro is.

Now, whether you're being sent a file via GoAnywhere, FTP or any other data channel, like email box, web downloads or a custom application portal, Votiro scans, sanitizes and reconstructs a new clean, safe to use, and most importantly fully functional version of the original file. And it's the only surefire way to completely eliminate the malware that is in the file. The file is then reconstructed according to the structure and format of the file type, and it's completely sanitized after this process. Now the file is deconstructed into basic components, down to the metadata. And because Votiro has analyzed, literally millions of file types and knows their formats and structures inside and out, the solution is going to leave out components that are not in line with the file structure when it's reconstructing the new version of the file. So if and when there is any malware present, it's going to be left out of the new reconstructed version of the file, 100% of the time. And that's really how the technology works.

So what are the major benefits of using Votiro together with GoAnywhere, and any other solution in which your company is sharing or receiving files? Well, the first thing is we're taking the human element out of security. So no matter the file, your employees will be able to open each and every file they receive without giving it a second thought about whether it's even safe to do so. So we're completely eliminating the threat of weaponized documents. Now secondly, the content and functionality of the file, post sanitization, is completely guaranteed. So the look, feel and functionality are totally intact. We also provide a secure data flow regardless of the data channel. So we integrate with all major existing solutions as an additional layer that's going to integrate easily and it requires no training whatsoever. It's completely transparent to the end user. There's no latency. It takes less than a second to sanitize a typical file. Deployment is super easy, it's flexible and we already have existing plug and play integrations with GoAnywhere, Symantec, Office 365, Box and tons of other solutions. And we are also supporting this sanitization process for over 133 different file types.

So the bottom line here is again, over 90% of cyber attacks are being carried into companies via weaponized files. And GoAnywhere is going to provide an excellent solution to share files between yourself and your partners with a really secure architecture. And when you couple that with Votiro, you're guaranteed that the files themselves are also going to be completely threat free. And this is going to ensure a complete and secure MFT security. So at the end of this presentation, we're also going to provide all the contact details to get in touch and so on, if you guys want some more information. But you can also visit our website at Votiro.com, which will be at the end, but I'll go ahead and pass it back over to Chris.

Chris: Great, thanks Nadav. So you might be curious about how do you actually add the Votiro Disarmer, cloud connector to GoAnywhere. So in the system menu of our GoAnywhere console, you can click to add a cloud connector, pretty simple process. It's there amongst the list of cloud connectors. You install it in the marketplace. And once the cloud connector is installed, it will be available as a resource inside of GoAnywhere. So I'm going to switch over here, to GoAnywhere, and go to our admin interface. And if I go, and this is where all those resource types are stored, that we were talking about in that slide. So this is where you would interact with other SFTP servers, mail servers, you can create connections to different databases.

But in this case, we're going to create a cloud connector. I've already created one here called Votiro. If we go in and look at the cloud connector, it's very simple to set up and use. All you're doing really is connecting over a subscription key, to Votiro's cloud, and that's all you really have to enter here in order to validate and make sure that this works. So I've done that, it works. We're good to go. We know the API within GoAnywhere works for Votiro.

So now that we've got the cloud connector working, let's take a look at a couple of use cases, where this might apply to you. So, maybe the first one to look at would be using GoAnywhere as a client. We are doing an SFTP put, using Votiro. So what does that look like? So if we go into this project, the project is a workflow automation if you want to think of it that way. The project follows an outline that you might be familiar with. Within the project, we have modules, this is the main module. And within each module, we have different tasks. We have over 80 different tasks in the component library, you see on the left hand side. And this case, we have included the Votiro cloud connector, in which case we can use several features that allow us to interact with their cloud.

So in this case we are simply, before we do anything, we want to scan and download a file. So we are downloading this file, called ticket. We are putting it into a destination file, called ticket-san, meaning it's been sanitized. We are doing a loop. And so what this loop does, this is just an extension of the Votiro cloud connector where we're actually looping through the events from their console, the Votiro management console, so we can actually print off and see any events that happen when this scan is done. That's another feature you have.

But after that scan and download takes place, then you're simply going to connect out to an SFTP server. In this case, we're connecting to a local SFTP server. We've already created that as a resource, in our resource section. And we're just doing a put, and the put that we're doing is we're taking that sanitized file that we created after we did the Votiro scan and download and sending it to that destination SFTP server. We can also build in error handling into the GoAnywhere project. Many of our customers find this useful. You can, of course, get error handling through things like folder and event monitors. But for our customers, many of them find it's more useful to be able to, especially when you're using GoAnywhere as a client, to build your error handling right into the project itself, because if there's ever a problem, you can actually run this thing in debug mode and make sure that it's working okay or troubleshoot problems that way.

So that's a good way, a good example, of how you might use GoAnywhere as a client. Now, if we think about GoAnywhere and inbound services, maybe that's the more common use case because you might already have, maybe you're using Votiro or some kind of virus scanning solution already on premise, and your assumption is that before you actually do the SFTP put, it's already been scanned. That's a big assumption, especially if it's a file that just arrived from a trading partner. But it's possible. But maybe the bigger and more common use case is a file that's arrived from a trading partner or from a user, and you're concerned about that file security and integrity. And in which case, you want to probably enable this type of process for those inbound file transfers.

So if I can back up just a moment here, as far as GoAnywhere is concerned, any inbound services like that, whether it be an SFTP client or a web user who's actually physically coming in and logging into the GoAnywhere portal and dropping something off manually on an ad hoc basis, those are considered web users by GoAnywhere. So in this case, this is my web user, and I can see how I'm authenticated. There's many different types of authentication for this particular web user, but in this case, we're just using active directory. But the main thing I want to point out is this could be any type of user. It could be an FTP client, could be an HTTPS end-user who's logging into a secure portal. So once GoAnywhere figures out what kind of web user that is, we can decide what features they have available to them. And you can define what folders they're restricted to and what kind of authorities they have, whether it's read, write, share, that type of information.

So a good example would be here, this is our web client. If I wanted to drag a file from my desktop, I can go into my documents folder for example, and just drag a file over here into, I got logged out there, sorry. I'll do that again. I can drag that over here and it drags it into the folder structure. Now I have the root directory exposed so I can drag anything in here, anywhere I want. But for many of your users, you'd probably want to set up like an inbound and outbound folder that restricts them to whatever kind of folder structure you want to give them access to. So that's a good example of a user dropping something off at a secure resource within GoAnywhere.

So, if we think about it in those terms and we go back to workflows, I have a separate workflow project set up and before I take you into that scan inbound file with Votiro, I want to talk about folder monitoring because this project is really kind of just the tasks that you want GoAnywhere to perform. But there's nothing inside of the project that's going to kind of proactively look through your system, finding these files once they arrive. To do that, you need to do something called a folder monitor. So if I go in here and I add a folder monitor, you can give it any name you want, you can give it a description, you're going to probably choose a folder that you want to loop through. We can go in here, in documents, and we can choose my folder. And we can select that, and that will be where GoAnywhere looks, in terms of waiting for files to be created or modified. We can then determine how often we want to loop through that folder on a scheduled basis.

And if we go over here to project, this is kind of where the magic happens. So if I wanted to, for example, go into my folder and say scan an inbound file with Votiro, we can use that as a project. We can put in my credentials here, and what we're doing is we're passing a variable called files, back to the GoAnywhere project, and it's really as simple as that. So I can save this. It's successfully saved. Now I can go back to our projects and I'll step you through this inbound scan.

So this one is a little bit more complicated. The way it works is we're just kind of creating a workspace within this project, just to do some temporary housekeeping because we don't want to leave stuff lying around. So when we do this looping process, we want to be able to delete this workspace after we kind of do that necessary grunt work. So after we create the workspace, we're doing something called a for-each loop. So again, this is where we are looping through the site, the Votiro site, their cloud, to loop through and organize these files into a grouping.

So as you recall, we had a variable out in the folder monitor called file. But it's possible of course, that the trading partner or end user, whoever it is, might be dropping off multiple files. So we want the ability to capture multiple files, not just one file at a time. So this is kind of encapsulating all that activity into one items variable, called files. We're still using that loop to loop through the events, log out on the Votiro cloud. And then after we do all that, we're creating a file list from all those scanned files that we just downloaded. And then we are moving them to a location on our network somewhere. Now, I hard coded this in here. You don't have to hard code these parameters, you can use resources to do that. But I thought it'd just be more useful to show it to you spelled out here.

And then of course we can delete this workspace, so all that process is kind of just disappears after we're done with this project. And again, we have an email handling feature inside of GoAnywhere, to notify us if there's a problem with the project. Many of you are probably interested in knowing what kind of audit logging there is in the product. So of course, beyond just doing this scan through Votiro, you might want to know what happened with HTTPS jobs, have there been any errors? We can kind of go through all these service logs based on the protocol and look for errors and problems that way as well. So this is just a kind of a glimpse of the Votiro management console. And I thought it'd be great if Nadav could just talk us through what we're looking at here.

Nadav: Yeah, sure. Thanks Chris. So basically this is the dashboard that is going to summarize and give you insight into exactly what is happening with the files that are being shared, through GoAnywhere. You'll be able to see all the incoming requests, the number of files that you've sanitized to date, but most importantly is the insight that you're going to get about the files. And what we're able to show you are the different threats that Votiro has detected for you, the number of files that were blocked that were essentially blocked according to policy that you set within your organization, so nothing dangerous gets in. What's really cool is we'll also give you notifications on the number of zero-day attacks that we've prevented, which is extremely powerful. You can take this to your CECO or your CIO and say, "hey, this solution, it just saved us from X amount of zero-day attacks", which is just totally huge.

Additionally, you can see the top file types there as well. You can see the top threats, the number of fake files that we caught, if there were any executable in there, a threatening file, whatever it might be, we're going to be able to catch and report it for you. And on the right hand side, you'll be able to actually see the latest and greatest of threats that we've managed to catch and prevent within your organization. You're able to drill down on each of these files if you'd like, and explore the incident. You can release files, original files as well if you wanted. Again, you can go in and set whatever policy you'd like as well. And you're also able to have reports sent to you on a weekly, biweekly, or a monthly basis, however you'd like, that will give you a summary of the value that Votiro has actually brought for the company. And then you can present that to whoever you need to internally, which is also extremely powerful.

Chris: Awesome.

Navad: That's basically it on the console side. Yeah, go for it.

Chris: Great. So I thought it'd might be a good idea just to do a brief poll here, if you have just a second here. So we're distributing a poll. We're just kind of asking what's really of most concern? What is the biggest challenge to your organization today? And I see some people are responding, we'd love to get your feedback. So please take a moment and complete that poll.

Okay, good. I'm seeing some results here. It seems to be all across the board. It's about half are concerned with, well 40%, concerned with file transfers. Content-based threats are right around 20%, and then we have a category of equal challenges and that's about 40% too. So kind of what I would have expected. So that's great.

So what are the next steps we can take here? So GoAnywhere is a perpetual license. It's modular. So you deploy this to a server, either on-prem or on a private cloud, in a virtualized environment, you can deploy it to AWS or Azure, pretty much deploy it any way you want. There are different modules that you can deploy. So if you only want to use GoAnywhere as a client, advanced workflows is perfect for you. If you want to enable any of these inbound services, like secure folders or secure mail, those are all options to you as well.

We didn't discuss, but we also have a separate item called the GoAnywhere Gateway, that works as a reverse proxy and load balancer for clustered instances of GoAnywhere. And that's a great option for securing your network so that you don't have to open any inbound ports for file transfers. We do have professional services in the way of product training services related to building projects. So if you ever needed any assistance in any of those areas, including building out cloud connectors, we can help you with that.

So we have 30 day trials of GoAnywhere and Votiro, you can take advantage of, and I think it'd probably be great if we could take a few questions. What do you say Nadav?

See Full Transcript Close Full Transcript

Ready to See GoAnywhere in Action?

Schedule a live demo. Choose from our 15-, 30-, or 60-minute options to pick the level of detail that works best for you! Plus, check out the Azure and Amazon GoAnywhere pages.

SCHEDULE MY DEMO