Secure and Streamline Your File Transfers with the New Goanywhere 5.4 Release

Secure and Streamline your File Transfers with the new GoAnywhere 5.4 Release

Presented by

Linoma Software Introductions

Bob Luebbe, CISSP Steve Luebbe Chief Architect Director of Engineering Agenda

. File Transfer Challenges . What is Managed File Transfer (MFT) and its benefits: . Protects file transfers (e.g. SFTP, FTPS, AS2, HTTPS, PGP, etc.) . Automates batch transfers without scripting . Allows sharing files between users with end-to-end encryption . Guarantees delivery with auto-resume and integrity checks . Sends alerts on failures or success . Generates detailed audit trails on all file transfer activity . Meets compliance requirements for HIPAA, PCI DSS, SOX and GLBA . Introduction to GoAnywhere MFT 5.4 . Live demo . Existing customers can learn in-depth details on the new features in 5.4 at: https://www.goanywhere.com/resource-center/webcasts/webinar-20170119-1200 . Q&A Linoma Software Background

. Founded in 1994 - based in Nebraska . Growing and financially stable

. Active R&D with focus on Data Automation and Security . Responsive technical support – Phone, Web, Email . Almost 99% of customers renew their product maintenance each year . Division of with 10,000 customers and over 500 employees around the world . Member of PCI Security Standards Council

www.LinomaSoftware.com • Workload Automation • Enterprise Data • Risk Assessment • Process & Workflow Access Management • Business Process • Anti-virus Automation • Executive Dashboards & • Document & Image • Security Event Monitoring Reporting Management • Network Monitoring • Identity & Access • Mobile Data Access • Forms Management • Message & Event Management Monitoring • Data Warehousing • Electronic Forms • Compliance Reporting • Performance Monitoring • Document Distribution • Professional Security • Data Backup Management Services • Signature Capture

• Remote Monitoring & • Managed File Transfers Management • Database Encryption

www.HelpSystems.com File Transfer Challenges

HOST=‘192.168.1.54’ PORT=‘10021’ USER=‘user1’ PASSWD=‘s3cr3t’ FILE=‘user_log.log’ LDIR=‘/home/test’

echo “Running FTP transfer from $HOST” ftp –n $HOST $PORT <

Legacy Scripts

????

No Audit Trails USB Unsecure PC Tools

Decentralized – Unsecured – No Alerts – Limited Controls PC Tools Problems (1 of 2)

. PC transfers are often manual, consuming valuable employee time

. Manual processes are prone to errors: o Employee may accidently download/upload the wrong file o Forgot to encrypt the file o Sent the file to wrong place!

Internet PC Tools Problems (2 of 2)

. What happens if the user is gone for the day? PC tools save money… …or do they? . Sensitive files are more vulnerable on PCs and laptops

. Limited (or no) audit trails

. Compliance issues…

Internet FTP Scripts

. Programmers have traditionally written scripts to perform file transfers HOST=‘192.168.1.54’ PORT=‘10021’ . Passwords are often stored in the scripts USER=‘user1’ (in the clear) PASSWD=‘s3cr3t’ FILE=‘user_log.log’ LDIR=‘/home/test’ . Scripts need to be maintained by Programmers: - When host names and IP addresses change echo “Running FTP transfer from $HOST” - When user ids and passwords change ftp –n $HOST $PORT <

Things to look for when evaluating a MFT solution…

Easy To Use

Centralized Security and Control

Auditing and Alerts GoAnywhere MFT GoAnywhere MFT GoAnywhere MFT Advantages (1 of 2)

Multiplatform - Installs to most operating systems including IBM i, Windows, Linux, AIX, UNIX, Amazon and Azure.

Batch and Ad Hoc - Allows organizations to perform both scheduled batch transfers and user-to-user file sharing.

Auditing - Generates detailed audit logs of all file activity including batch, ad hoc, inbound and outbound transfers.

Interface - Provides a browser-based interface for all administration and monitoring. No desktop client is needed.

Inbound Services - Allows inbound connections from trading partners over SFTP, FTP/S, HTTPS and AS2 (Drummond Certified).

Key Management - Provides integrated tools for creating and managing Open PGP keys, SSH keys and SSL certificates.

Encryption - Protects files “at rest” and “in-motion” with FIPS 140-2 validated AES-256 encryption.

Admin Controls – Implements role-based administration, security domains and granular permission controls. GoAnywhere MFT Advantages (2 of 2)

Private Cloud – Eliminates the need for public file sharing services like Dropbox, Box, Google Drive and OneDrive.

Customer Portal – Allows organizations to provide a custom branded web interface for secure file transfers over HTTPS.

Secure Mail – Allows employees to send large or confidential files through secure email links. Includes an Outlook plugin.

Two-Factor - Authenticates with user credentials and RSA SecurID, RADIUS, SSH keys or X.509 certificates.

DMZ Gateway - Keeps services and files in the private network (out of the DMZ) without requiring inbound ports.

Job Control - Provides extensive job management features including job queues, run priorities and clustering.

File Transfer Acceleration - Enables high speed transmission of large files between systems using UDP channels.

Clustering - Provides high availability and load balancing by connecting two or more instances together in a cluster GoAnywhere MFT 5.4 New Features

• Web Services integration with both SOAP and REST support

• Secure Forms enhancements – Six new screen components

• Enhanced Project Designer to create workflows. More drag-n-drop features. Includes 10 new functions.

• JSON format Read & Write tasks

• Several new Reports including a Custom Report task

• More Administrator features including AD and LDAP synchronization

• Web Client enhancements including custom branding per port Security Features

. Helps meet compliance for PCI-DSS, . AES encryption (key lengths of HIPAA, FIPS 140-2, Sarbanes Oxley, 128, 192, 256) – NIST standard GLBA and State Privacy Laws . Secure Protocols • SFTP – FTP over SSH • FTPS – FTP over SSL/TLS . Two-factor Authentication • SCP – Secure Copy • SAML • HTTPS – HTTP over SSL • RADIUS (RSA SecurID) • Open PGP / GPG • SSH Keys • ZIP with password protection • X.509 Certificates • Encrypted email (SMIME) . Key Management tools for • AS2 Open PGP Keys, SSL X.509 certificates and SSH Keys . SSL protected console Automated Workflow Examples - Outgoing Automated Workflow Examples - Incoming GoAnywhere Administrator

• Browser-based Dashboard • Intelligent Gadgets • Drag-n-Drop • Latest HTML5 Technology Integrated Scheduler

. Flexible scheduling: • One Time • Daily • Minutely • Weekly • Hourly • Monthly

. Set job priorities, job queue, etc. . Custom holiday calendars – Skip holidays or run the business day before or after . Auto-retry on failures . Email notifications for success and failures . Pass in variables to Projects

Optionally, use your own scheduler Commands and APIs

. Run workflows in GoAnywhere using the provided commands and APIs . Available for Windows, Linux, IBM i (iSeries) and UNIX . SOAP and REST enabled . Requests sent over HTTP/s . Override variables . Run interactive or batch . Trap for errors . Commands and APIs are provided at no additional charge Examples to Run a Project from CL

. Monitor for message IDs . Any errors are placed in Job Log RPG procedures are also available to run a Project . Retrieve any errors with RCVMSG command Command Line Examples to Run a Project

Windows Example: gacmd.exe –server http://192.168.1.20:8000/goanywhere/ -user projectManager -password ******** -command runProject -Project /Payroll/SendDirectDeposit -variables fileName “deposit.csv” folderPath “/inbound/deposit”

Linux Example: sh gacmd -server http://192.168.1.20:8000/goanywhere/ -user projectManager -password ******** -command runProject -Project /Orders/SendPurchaseOrders -variables VendorNumber “423231” Status “Open”

APIs are also provided for Java and .NET Project Logging (Audit Trails)

. Job Log per execution of Project . Log Level can be defined on a project, module or a task . Log Level controls what should be logged: • SILENT • INFO • VERBOSE • DEBUG . Search Completed Jobs • Date/time range • User • Project Name • Job Number • Status Example Job Log

1/21/15 9:38:07AM INFO Start Date and Time: 1/21/15 9:38:07 AM 1/21/15 9:38:07AM INFO Job Number: 1200325835858 1/21/15 9:38:07AM INFO Project Name: /Demo/DB to Excel to Zip and FTP 1/21/15 9:38:07AM INFO Submitted By: administrator

1/21/15 9:38:07AM INFO Executing task 'Retrieve Records‘ 1/21/15 9:38:07AM INFO Executing statement select * from LIBRARY.EMP 1/21/15 9:38:08AM INFO Query execution produced a rowset 1/21/15 9:38:08AM INFO Finished task 'Retrieve Records‘

1/21/15 9:38:08AM INFO Executing task 'Create Excel File‘ 1/21/15 9:38:09AM INFO 8 record(s) were written 1/21/15 9:38:09AM INFO Finished task 'Create Excel File'

1/21/15 9:38:09AM INFO Executing task 'Create ZIP File‘ 1/21/15 9:38:09AM INFO Compressing file '/files/employees.xls‘ 1/21/15 9:38:09AM INFO Number of files compressed: 1 1/21/15 9:38:09AM INFO Finished task 'Create ZIP File‘

1/21/15 9:38:09AM INFO Executing task 'FTP the ZIP File‘ 1/21/15 9:38:09AM INFO Connecting to '192.168.1.2' at port '21' 1/21/15 9:38:10AM INFO Executing sub-task 'put‘ 1/21/15 9:38:10AM INFO Setting the data type to AUTO 1/21/15 9:38:10AM INFO Uploading ‘/files/employees.zip’ 1/21/15 9:38:12AM INFO 1 file(s) were uploaded successfully 1/21/15 9:38:12AM INFO Finished sub-task 'put‘ 1/21/15 9:38:12AM INFO Closed the FTP connection 1/21/15 9:38:12AM INFO Finished task 'FTP the ZIP File'

1/21/15 9:38:12AM INFO Finished module 'main‘ 1/21/15 9:38:12AM INFO Finished project 'DB to Excel to Zip and FTP‘ 1/21/15 9:38:12AM INFO End Date and Time: 1/21/15 9:38:12 AM Inbound Services

. Allows your trading partners and employees to securely connect to your organization and easily retrieve or upload files. . Supports transfer protocols of FTP, SFTP, SCP, FTPS, HTTPS and AS2 . Provides a browser-based web client for simple file transfers . Includes event triggers based on user-defined conditions . Generates detailed audit logs and alert messages Trading Partner Management

. Create Trading Partner accounts using Wizards, APIs, batch load or self- registration . Authenticate users against AD, LDAP, IBM i or database. SAML for Single Signon . Grant individual permissions or adopt permissions from groups . Restrict to FTP, SFTP, FTPS, HTTP/s, AS2 . Restrict access to certain folders and permissions (e.g. upload, download, delete, rename, etc.) . Restrict to certain IPs . Set Time Limits Web Client for Ad-Hoc File Transfers

. Provides your trading partners with browser-based access to your system for uploading and downloading files . Rebrand with your company logo and privacy policy . Full audit trails and event triggers Audit Logs

. Audit logs are stored for every transaction (login, upload, download, rename, etc.) for all services . Search using a wide variety of filter criteria . View on-line or export to CSV Development and Promotion

. Promote Project Workflows from Development to Production

. Also Promote Resources (connection properties), Trigger Definitions, Scheduler entries, Job Monitors and Web Users . Projects/Resources can also be exported and imported Reports Available

. Blacklisted IP Addresses . Secure Mail Activity . Completed Jobs . Secure Mail Package Sizes . Completed Job Statistics . Security Settings Audit . Database Statistics . Service Activity Summary . Expiring Open PGP Keys . Trigger Activity . Expiring SSL Certificates . Web User Logins . GoDrive Disk Usage . Web User Transfer Count Activity . Job Count Summary . Web User Transfer Size Activity Report Example Security Audit Report

. Analyze your GoAnywhere product’s security settings and determine if they comply with the Payment Card Industry Data Security Standards (PCI-DSS). . For each security setting, the report will indicate if the setting meets the PCI-DSS standard using one of the following statuses:

• Pass - The setting meets the PCI-DSS requirement • Fail - The setting does not meet the PCI-DSS requirement. • Warning - Further research is required to ensure your system meets the specified requirement. Security Audit Report Example Secure Mail

. Files and messages are transferred over a secure HTTPS connection . Your system keeps possession of the files (in encrypted form) until the recipient retrieves them (not hosted) . No file size limits . Recipients don’t have to deal with keys or certificates (just click on the URL) . Customizable email templates (use your own logo, color schemes, fonts) . Licensed as an add-on module for GoAnywhere MFT Send Secure Mail from Outlook Secure Mail Download

Recipient downloads the file attachments securely

Full Audit Trails… every step is recorded GoDrive Diagram GoDrive Overview (1 of 2)

. Person-to-Person file sharing and collaboration . On-premise storage of files . Files are encrypted with AES-256 . Set user disk quotas . Assign roles/permissions at the folder and file level . Full audit trails of all activity (uploads, downloads, sharing, etc.) . No subscription fees GoDrive Overview (2 of 2)

. File revisions and Trash bin . Image thumbnails and media viewer . Add and View Comments . Synchronize with Windows and Mac desktops and laptops . iOS app for iPads and iPhones . Device management - Administrator can approve or reject devices, remote wipe GoDrive Screen Example GoDrive Mobile Apps

. iPad and iPhone . Android . Selective Sync . Intelligent caching . File preview . Offline access . Encrypted at rest Gateway Overview (1 of 2)

. No incoming ports are opened into the private (internal) network . No sensitive files are stored in the DMZ . User credentials are maintained/stored in the private network Gateway Overview (2 of 2)

. Supports FTP/s, SFTP, SCP and HTTP/s file transfer protocols . No special hardware components; software-only solution . Installs to Windows, Linux, AIX, UNIX and Solaris operating systems Clustering

. Two or more installations of GoAnywhere MFT can be in a cluster . GoAnywhere Gateway can load balance inbound connections . Project workloads are distributed “horizontally” across multiple systems . Active-Active = Better high availability for mission critical environments . All systems can be managed from a central interface . No 3rd party tools or software are needed GoAnywhere Managed File Transfer Installation Requirements

Linux (32-bit and 64-bit): - Distributions Red Hat, SUSE, Ubuntu, CentOS (not inclusive) - Disk space 375 MB per product (not including user data) - Memory 512 MB minimum per product

Windows (32-bit and 64-bit): - Operating System Windows 2000, 2003, 2008 R2, 2012 R2, XP, Vista, 7, 10 - Disk space 375 MB per product (not including user data) - Memory 512 MB minimum per product

Virtualized Environments:

IBM i (iSeries): - Operating System V7R1 or higher - Disk space requirements 275 MB per product (not including user data) - Memory requirements 512 MB minimum per product - JRE 1.7 or later

UNIX / AIX / Solaris / HP-UX: - Disk space requirements 250 MB per product (not including user data) - Memory requirements 512 MB minimum per product - JRE 1.7 or later Contact Information

Web site: www.GoAnywhere.com E-mail: [email protected]

Toll-free: 1-800-949-4696 Direct: (402) 944-4242 Fax: (402) 944-4243

Address: 103 South 14th Street Ashland, NE 68003 USA