How linking MFT and DLP can power pack your business' cyber securityMaximise the power of MFT by pairing it with a DLP solution
An MFT DLP pairing allows businesses to scan all the data coming into and going out of your managed file transfer server. This mitigates the risk of a user accidentally exposing the wrong information, or malware being sent from a trusted partner. Without it files transferred via MFT may bypass security policies.
On paper, combining two robust software products to form a more complete solution is a no-brainer. But how does it actually work? First, let’s take a look at what the two solutions – adaptive data loss protection (A-DLP) and managed file transfer (MFT) – each offer users. Then, we’ll highlight a few specific use cases where the combination of DLP and MFT elevates an organisation’s cybersecurity position, better than each solution could alone.
DLP offers content inspection:
- Replacing sensitive text – including PII, PCI, and HIPAA – with asterisks.
- Detecting and redacting text contained in images, even scanned ones.
- Redacting text but allowing for files to still be delivered, minus offending content.
MFT delivers secure file transfers:
- Dashboard-friendly, centralised control
- Auditing and reporting
- Advanced workflow automation
- Document collaboration
- File transfer security
What level of data security does the DLP MFT pairing provide?
With MFT in place, the movement of files inside and outside of your organisation is secure and automated, with the collaboration and data tracking functionality not available with DLP alone.
- MFT securely transfers attachments between organisations and trading partners
- The ICAP Gateway intercepts content when threat protection and DLP requirements exist
- ICAP runs rule sets (keyword search, executable renaming, script removal, etc.).
- If the content can be sanitised the transmission is allowed and continues
- If content cannot be sanitised the transmission is blocked
Together, HelpSystems’ Clearswift A-DLP solution and MFT provide a layered, unified, and web-based solution – from the content contained, to the secure data transfer of the content. Both solutions are trusted worldwide for their ability to provide enterprise-level protection against data breaches. When software is paired from a single provider, it provides stability and superior customer service.
MFT DLP Use Cases: Combined for End-to-End Security
Use Case #1: Defence sector vendor needs to transfer attachments between employees and trading partners.
Originally, this vendor used MFT to securely transfer the attachments sent between its employees and partners. They decided to also add deep content inspection to these file transfers by integrating their MFT with Secure ICAP Gateway, adding Structural Sanitisation and Anti-Virus for additional layers of security. With both solutions in place, the vendor can:
- Intercept content when threat protection and DLP requirements exit.
- Run the proper rule sets (keyword search, executable renaming, script removal, etc.).
- Control whether content is allowed or blocked. If content can be sanitised, then transmission continues. However, if content cannot be sanitised then the transmission is blocked.
Use Case #2: A credit card vendor needed insight into when customer, employee and/or patient records in a file were being uploaded to MFT.
This credit card vendor needed to detect when records contained in files (for employees and/or patients) were being uploaded to MFT. They also needed to be able to count the records and maintain an audit log showing what data was being shared and with whom, and to have the ability to corroborate files from a single record. The vendor was able to do all of this by integrating the secure ICAP Gateway with MFT. In addition, with this combination of solutions, they can take advantage of Lexical Expression Qualifiers and trigger different actions based on the number of records detected – actions such as an audit, refer to sender, redaction or block).
Use Case #3: Government agency needed same level of security from uploads received as they got from their MFT transactions.
This government agency regularly needs to accept file uploads from partners and the public. However, because this action can be exploited to deliver active content or even viruses and malware, they knew they needed to achieve comparable threat protection to what they had in place with their MFT file transfers. The agency integrated the Secure ICAP Gateway with their MFT for a combined, secure solution. Now, any file can be scanned before it is either passed or accepted and infected content is then destroyed or redacted. They also have the choice of triple-AV (Kaspersky/Sophos/Avira) and constant Active Content Protection in place.
Not all MFT products support this integration. If you would like to discuss whether yours does, please get in touch.