• SENTINEL
• Announcement
• Trial Information
• Fact Sheet
• Q & A
• Training
• Questionnaire

• Contact Us
• Technical Support
• Print This Page
• Image Gallery
• Downloads

Fact Sheet

SENTINEL: Real-time FTP Management

Most companies have insufficient control over and knowledge of the FTP activity taking place on their network, what data is moving in and out of the enterprise and who (or what) is initiating the FTP activity. Knowing where FTP servers are, what they are being used for and stopping unwanted FTP activity enables you to address concerns and exposures to sensitive (privacy) data before they harm your organization. You can't make FTP go away but you can get it under control.

SENTINEL enables companies to police z/OS FTP server usage using existing security facilities (RACF, etc.), stopping all unwanted FTP activity before it results in a problem or exposure. It also reduces the complexity of managing FTP by merging and reporting on all of the FTP servers in an enterprise (distributed systems, Windows, OS/390 and z/OS). It provides real-time monitoring of FTP usage, ISPF and Windows-based interactive analysis and consolidated reporting of FTP activity, failures, exceptions, etc. throughout the entire enterprise. With SENTINEL, compliance comes through controlling access and managing exceptions.

SENTINEL

• Polices FTP usage on z/OS FTP servers
• Enforces compliance
• Prevents expensive and embarrassing data breaches
• Monitors cross-platform and cross-application FTP
• Helps perform FTP Audits in minutes
• Helps ensure Service Level Agreements are met
• Answers auditor's questions
• Integrates FTP activity into automation efforts
• Provides on-line reporting for problem resolution
• Helps improve network utilization with on-line analysis of FTP usage
• Invokes corrective action when FTP transmissions fail
• Provides exception reporting for Managers and Auditors

SENTINEL is the only product to:

• Monitor FTP usage in the entire Enterprise
• Integrate FTP activity into Enterprise-wide automation efforts
• Provide sophisticated, Windows-based interactive auditing of historical FTP usage
• Provide comprehensive, user-defined escalation of FTP exceptions to existing automation solutions

SENTINEL Overview

SENTINEL is a z/OS-based software product that enables companies to actively manage and monitor Enterprise-wide FTP activity. It enables companies to regulate z/OS FTP server usage and block unauthorized and unwanted activity. SENTINEL also enables companies to monitor FTP usage real-time throughout the Enterprise and enhance Data Center automation efforts by integrating FTP usage into the automation plan.

SENTINEL Components:

SENTINEL consists of the following components:

• A SAF security interface (supports RACF, ACF2 and TopSecret) for the z/OS FTP server
• A Real-Time FTP usage monitor
• A Remote Agent for collecting FTP usage on distributed systems (Windows, Linux, UNIX, etc.)
• Interactive FTP Audits performed in Windows and/or ISPF
• An ISPF interface for administering SENTINEL and performing FTP usage audits
• A Windows-GUI tools for auditing FTP usage
• A custom-reporting capability
• A Windows-GUI tool for assessing the FTP exposure that a company faces.

SAF Security Interface

IBM's z/OS FTP server provides few internal controls for managing FTP usage and protecting sensitive data. SENTINEL's SAF interface enables you to write SAF rules (RACF, ACF2, TopSecret) to inspect every FTP server connection request and command and determine whether there is sufficient authorization to permit the request. Connections to the FTP server can be restricted to authorized locations. File transmission requests can be approved or denied based on who is making the request, where the data is coming from (inside or outside the firewall), where the data is going (inside or outside the firewall) and what data is involved (file name). All FTP activity can be under SENTINEL control, including file transmissions, file deletion/renaming, allocations, batch job submission, job output retrieval and HFS file access. No longer will read-access to a file be all that is necessary to send it anywhere in the world.

Real-Time Monitor

The Real-Time Monitor runs as a started task and monitors FTP usage throughout the Enterprise. It works directly with z/OS TCP/IP to monitor z/OS FTP usage. It works with SENTINEL remote agents installed on distributed system servers to monitor FTP usage on distributed platforms. All FTP usage activity is archived into the SENTINEL History File to meet regulatory compliance requirements.

All FTP activity is analyzed by the Real-Time Monitor and alerts to existing Data Center automation tools can be generated based on criteria that are meaningful to you. The alert information can be used to further automate processes dependant on FTP usage, such as triggering production jobs, etc.

The Real-Time Monitor started task also maintains active reports showing all FTP activity, sensitive data transmissions, exceptions, failed FTP transactions and FTP security checking results. Anyone with access to the started task output can see everything they need to know about what FTP activity has been taking place.

Remote Agent

SENTINEL's Remote Agent is a java program that runs on distributed system platforms (Windows, UNIX, Linux, etc.), monitors FTP usage and feeds it back to the SENTINEL Real-Time Monitor. The Remote Agent currently supports FTP servers that log in IIS, W3C, SFTP and XFERLOG formats. Most third-party FTP servers support one of these log formats. Remote Agents enable SENTINEL to consolidate Enterprise-wide FTP activity into a single location for monitoring, automation and exception handling.

Interactive FTP Usage Audits

In many companies, the volume of daily FTP activity is too large to effectively monitor using manual processes, especially where FTP servers reside on disparate platforms and log activity in different formats. z/OS FTP activity, in binary format in SMF, is difficult to review without writing custom programs to format the data.

SENTINEL makes quick work of analyzing FTP usage by presenting both summary and detail information in an interactive analysis application (Windows and ISPF). Drill-down capabilities from summary to detail data enable you to focus your attention on the FTP activity that requires further attention and skip over the rest. A built-in custom Exceptions view highlights FTP activity that you determine needs further attention. Built in views make it quick and easy to see:

• How much FTP activity is there and where is it happening?
• Who is using FTP and what are they doing with it?
• What data is going in and out of the Enterprise?
• Is sensitive data going anywhere it shouldn't be?
• Are all transmissions of sensitive data properly secured?
• Where are people connecting to our FTP servers from?
• What transactions failed to complete successfully?
• When are our peak FTP usage periods?
• Are our service level agreements being impacted by FTP issues?

ISPF Interface

SENTINEL comes with a comprehensive ISPF interface for maintaining the SENTINEL software environment, submitting batch reporting and analysis jobs and performing interactive FTP usage audits. Reusable analysis specifications are stored for quick access to repeatable batch reporting and interactive analysis. All batch JCL is generated automatically from specifications made in ISPF panels. SENTINEL's ISPF interface dramatically increases the productivity of personnel responsible for auditing FTP usage to ensure compliance with company policy and external regulations.

Windows Interface

SENTINEL's Windows interface brings FTP usage data to a platform that is well suited to interactive analysis. Summary and detail information can easily be filtered, sorted, interactively analyzed and printed. SENTINEL's Windows interface dramatically increases the productivity of personnel responsible for auditing FTP usage to ensure compliance with company policy and external regulations.

Custom Reporting

SENTINEL enables you to create custom report formats, focusing on FTP activity of particular interest to you. Custom reports can select and display filtered FTP activity in detail and summary format.

FTP Auditor - Network Discovery Tool

SENTINEL's FTP Auditor is a Windows “discovery” tool that scans the network looking for active FTP servers. It identifies and assesses all of the FTP servers that it locates on the network. It reports on where the FTP servers are and whether they accept anonymous logon (not recommended). Double-clicking an FTP server enables you to log onto the server and display the list of files that are accessible to the server users.

The first step toward managing FTP usage is to identify what FTP servers are running on your network so you can start the process of auditing their usage. Running FTP Auditor regularly makes it possible to identify when new FTP servers are added to the network and keep abreast of what they are being used for.

Why Manage FTP?

Secure z/OS FTP Server Usage

SENTINEL integrates with the z/OS FTP server and authorizes every request to the z/OS FTP server. SENTINEL interfaces with SAF (RACF, TopSecret and ACF2) facilities to determine whether or not each request should be allowed. You can set up SAF rules to control FTP usage at a very granular level; allowing some activities and blocking others.

FTP transmissions can be authorized or denied, based on who is initiating the transmission, the file name (identify sensitive data), where the data is coming from to (inside or outside the firewall) and where the data is going to (inside or outside the firewall). Unauthorized transmissions of Sensitive Data can easily be blocked, protecting your company from both internally and externally initiated threats of sensitive data breach.

Improve FTP Visibility through Real-Time Monitoring

SENTINEL gathers information about Enterprise-wide FTP usage as it is happening. Real-time FTP usage data is archived into the SENTINEL History File and provides an automated method for issuing alerts pertaining to various FTP transmission criteria. The alert information can be used to further automate processes dependant on FTP usage, such as triggering production jobs, etc. Triggers can come from both z/OS and Open System FTP usage and can be utilized to increase the efficiency of cross-platform and cross-application processes.

Expand Automation through Distributed Platform FTP Monitoring

SENTINEL includes a java agent to run on distributed system platforms (Windows, UNIX, Linux, etc.) to provide real-time FTP usage data to the Real-Time Monitor. The real-time monitor provides centralized management of the process of gathering FTP usage updates from the distributed platforms. Security controls are provided to ensure that update requests are honored only from authorized hosts and only for authorized FTP log files. Real-time FTP usage data from distributed platforms is archived into the SENTINEL History File and provides an automated method for issuing alerts pertaining to various FTP transmission criteria. The alert information can be used to further automate processes dependant on FTP usage, such as triggering production jobs, etc.

Generate FTP Alerts

FTP Alerts can be initiated by the real-time monitor in response to FTP transactions that meet criteria important to you. Alerts take the form of WTO messages which contain critical information about the FTP transaction, thereby enabling data center automation tools to apply sophisticated logic to determine whether further action is required.

Protect Sensitive Data/Alert Sensitive Transmissions

SENTINEL can protect your company from unwanted transmissions of sensitive data. Unauthorized transmissions can be blocked. Alerts can be generated for sensitive data transmissions that are not blocked. Sensitive data transmission alerts contain the information needed to make informed automation decisions. Sensitive data can be identified by dataset or file name, using pattern matching.

Alert Failed FTP Transmissions

Alerts can be generated for failed FTP transactions. The alert for failed transactions contains the information needed to make informed automation decisions, including a failure reason.

Implement Guaranteed Delivery

Combining SENTINEL's real-time monitoring with internal automation capabilities, you can guarantee the delivery of critical FTP transmissions. Failed FTP transmission alerts can be routed to data center automation software where automatic restart and/or human intervention can be initiated.

Generate Custom FTP Alerts

SENTINEL users can define any number of Alert Events which watch for specific FTP transactions (using selection criteria supplied) and generate alerts for the selected FTP transactions. The alert takes the form of a WTO message, the contents of which is specified by the user and is part of the Alert Event definition.

Enhance Data Center Automation

Data Center automation efforts can be enhanced with SENTINEL's real-time monitor. Many of today's business processes are multi-platform processes that depend on FTP to tie processing on the various platforms together. Successful completion of a file transmission is often a “trigger” to begin the next step in a business process.

The SENTINEL Real-Time Monitor sees FTP activity as it is happening and can be an effective tool in improving the automation of business processes. FTP automation can enable activities such as:

• Successful completion of a file transfer can trigger an automation event to start the next step in a business process.
• Repeated, failed logon attempts could trigger a security alert.
• A failed FTP transmission can trigger automation to retry the transfer or escalate for intervention (Guaranteed Delivery).
• Failure of a critical FTP transmission to complete by a certain time could trigger a notification to escalate for human intervention.
• Unusually slow running file transfers could trigger a network performance alert.
• File transmissions of sensitive data to unauthorized locations and/or by unauthorized users could trigger a security alert.
• Transmission of large files to a server could trigger a DASD space usage alert.
• Successful completion of a file transmission on one platform can trigger the start of another transmission, either on that platform or another. Doing so can reduce the time it takes to complete multi-step, multi-platform business processes.

Enhance FTP Visibility

FTP activity can easily be incorporated into Syslog, thereby making FTP usage information making available to a wide audience.