0333 123 1240 info@pro2colgroup.com

Security hole in Facebook’s secure file transfer platform

As a brand Facebook is up there with the biggest of them, with over a billion users each month according to company reports .  This makes them a big target for the cybercrime community. As a countermeasure their ‘Bug Bounty Program’ encourages friendly hackers to report vulnerabilities in their systems and it was one such researcher that noted the security hole in their Accellion private cloud deployment. Writing on his blog on this Monday, Nir Goldshalger announced that he had previously uncovered a hole affecting Accellion Secure File Transfer appliance that would allow an attacker to gain control of a users account with little more than their email address account. A closer look at the date on the video at the bottom of his blog article (19th March 2012) and when the problem was patched (patch 9_1_166 released on 20th March 2012) would suggest that Nir did in fact identify this vulnerability, meaning that Facebook Bug Bounty Program is a worthwhile exercise.  It also demonstrates that Accellion took the issue seriously, quickly and efficiently addressing the problem when it came to light. Software is rarely ever without flaws but all vendors do their best to ensure products don’t reach the market with problems and when they do, responding quickly is the key to maintaining brand integrity.  This also goes to highlight how important it is for customers to update the software patches released by vendors in a timely manner.  Nir was likely paid for his research and held off releasing this information for nine months, whilst I expect Accellion made a concerted effort to ensure all customers were running the...

Socitm 2012: Managed File Transfer for Councils

We’ve been working closely with councils throughout the UK to simplify, secure and streamline their file transfer, so we couldn’t miss the opportunity to attend Socitm 2012; the No. 1 UK ICT event for councils.  The conference has kicked off today (here’s a breakdown of the programme) and the Pro2col team are ready and waiting to share the knowledge and experience that we have gained from working with councils to secure person-to-person file transfers and automate the movement of sensitive data into and out of the organisation. On a similar note, this is the ideal moment to publically release our lastest e-book: The Council’s Guide to Secure Managed File Transfer, which is now available for download.  It covers a range of issues surrounding the secure movement within councils including: How to eliminate the problems caused when employees resort to insecure, non-compliant file transfer methods such as email. Ensuring you meet with UK data security and compliance legislation including The Data Protection Act and PCI DSS. Providing your employees with a quick and simple way to send and receive sensitive files both internally and with third parties. Automating the transfer of files, saving time and money. How to regain control over file transfer processes and user access. If you’re at the conference and would like to speak to one of our managed file transfer experts, drop by stand 8 (piccy attached) – we’re always happy to help.  If you’ve not been able to make it this year and you’d like to talk to us, please don’t hesitate to get in touch with the office on 0333 123...

Managed File Transfer in Action

A well known utilities company in Yorkshire were using multiple legacy systems and 2 disparate FTP solutions to move data into, out of and around their organisation.  These systems had grown organically over time to tackle isolated file sharing issues when they arose.  As it transpired, this approach left the company with an ungovernable mix of system to system and FTP solutions that required manual interventions and the ongoing revision of batch scripts. The mounting costs generated by work duplication and management overheads, accompanied by the risk associated with the absence of failover was becoming a genuine concern.  Bearing in mind that these systems were executing business critical processes such as billing, debt management, banking and delivering mission dependent data to employees in the field – recreating these undocumented workflows in the event of a disaster would be costly.  Considering the sensitive nature of certain pieces of data moving through these workflows, securing data was also a priority. Pro2col worked alongside the customer to develop an understanding of their processes and document their key requirements.  Armed with this information, we were able to identify the technologies that would meet these requirements, and help them through the selection and evaluation process.  Specifically, the company were looking to: Secure the sending and receipt of confidential business and customer data To further automate the retrieval of time sensitive data from remote systems to provide realtime updates of vital information to their workforce at regular intervals throughout the day. In terms of features, the company were looking for: A solution that would support FTP, SFTP/FTPS, HTTP/HTTPS. A user-friendly GUI for administration and configuration as apposed...

Managed File Transfer is for SMB’s too

Recent research suggests that the SMB sector is coming under an increasing number of cyber attacks from hackers and cyber criminals.  Figures published by Symantec revealed that the number of attacks on companies with fewer than 250 staff had doubled in the six months to June 2012.  Similarly AVG reported that it was predicting an increase on the £3.37 million of damage inflicted on UK SMB’s last year.  Verizon confirmed that the majority of 855 data breaches analysed in their Data Breach Investigation Report had been inflicted upon SMB’s. The question is; why are SMB’s being targeted?  It would appear that the modest budgets available to small companies make them easier targets, given the lower level of expenditure on information security technologies.  Especially since SMB’s frequently work as suppliers for larger organisations, making them a more attractive proposition to hackers than the more conventional direct attack on the corporate target. What does this have to do with managed file transfer I hear you ask?  MFT has generally been considered a technology more appropriate to corporate organisation’s – with its big price tag and grand title.  Times are changing for the MFT marketplace and there are now some very comprehensive solutions available at really competitive prices.  For those SMB’s considering how they should secure data transfers with their larger corporate customers, technologies exist at around the £4,000 mark which provide an equal amount of functionality as many corporate companies have. To discuss your file transfer requirements, whether you’re an SMB or multi-national organisation, get in touch with Pro2col or give us a call on 0333 123...

Globalscape Hosted FTP Offering Goes Live in the UK

We’re very pleased to announce that Pro2col has been selected by GlobalSCAPE as their key partner to launch their secure hosted FTP solution – Hosted EFT Server here in the UK.  Over the past couple of weeks we’ve been finalising the offering, so I thought we would give you a quick insight into what’s available. Hosted EFT provides you with your own hosted version of Globalscape’s award winning EFT Server.  Deployed at Peer1’s world class UK data centers, we have multiple hosted FTP instances set up and ready to go.  There are various options on disk space and bandwidth, along with a range of additional modules available including High Security, Auditing & Reporting and Web Transfer Clients for multi Gigabyte uploads.  This means your company can benefit from the features of EFT Server, without the upfront costs of infrastructure and licence costs.  We’ll provide you with your own dedicated IP address and help you to take advantage of the numerous branding options – all with an unlimited number of users. If you’d like to take advantage of Globalscape’s Hosted EFT Server provided by Pro2col, then get in touch for a no obligation demonstration or free 30-day evaluation.  We’ll show you just how easy it is to be up and running in a couple of minutes so you can start simply and securely exchanging files with your trading partners and...

Managed File Transfer – Remote Access Removed or Remote File Termination?

Managed file transfer solutions are the ideal technology to share files securely with remote trading partners and customers.  This is what they were designed to do and in the most part, they all provide a simple interface to achieve this.  Some provide a web browser facility, whilst others offer additional plugins such as a Microsoft Outlook Plugin or less conventionally, a Lotus Notes Plugin.  However the one common way in which the majority of these technologies work is for the file to remain on a web server, to be collected by the intended recipient.  This then provides the system with an audit trail of when the file was downloaded and in most cases, to which IP address – confirming the users location. This is great in most instances but imagine a situation where you’ve sent an email using the plugin within your email client of choice, only to later find that you’ve attached the wrong document.  Worse than that, it contains sensitive customer or financial data – what then?  You make a frantic call to your IT Help Desk asking them to delete the file or remove access to it.  You then get confirmation from the kind Support Desk person to say that they’ve action your request.  Great, you’re in the clear…. but upon returning to your email you see that your customer has already downloaded the file and you have the email notification to prove it.  Where you usually greet the notification with a shrug of the shoulders in the knowledge that the managed file transfer solution has once again done its job, this time it leaves you cold!...