Introduction

 

If your organization uses an SFTP server, you should be using SFTP monitoring to ensure your data remains secure. But “SFTP monitoring” is a catchall term that can cover everything from authentication to network access to compliance requirements. So today, we’re going to break down different types of SFTP monitoring and how you can implement them in your organization. 

SFTP resources

If you’re just learning about SFTP transfer and SFTP servers, the resources below will provide a good background for you:

 

Why do you need SFTP monitoring?

 

SFTP monitoring protects against two data security scenarios:

  1. Compromise during file transfer protection: SFTP server monitoring while your data is in motion ensures that your files arrive at their intended location without being accessed by a third party as it’s routed across multiple networks and servers.
  2. Network access compromise: Most data breaches happen within an organization’s network. SFTP monitoring can help you identify and mitigate any data intrusions that may occur from compromises, such as a successful phishing attack that results in a malicious actor gaining a valid password or transfers initiated by a stolen device.

SFTP monitoring also helps ensure compliance with data safety regulations that require certain policies like data access restrictions and logging of all administrator activity. 

 

Where should you implement SFTP monitoring?

 

We recommend monitoring four areas of data activity related to your SFTP transfers. 

  • Data encryption and integrity
  • Authentication and access control
  • Network monitoring
  • Logging and auditing 

It’s important to note that depending on your infrastructure, not all four monitoring areas above may directly involve or be controlled by your SFTP server. Below, we have listed a few examples of where SFTP monitoring could take place depending on your organization’s architecture:

  • Data encryption and integrity: SFTP server tools like Cerberus often include built-in data transfer security tools to verify that your files were fully encrypted before transfer and properly decrypted upon arrival. However, a number of server utilities can verify file encryption at rest or in motion, and you can also use dedicated encryption tools to perform the same task.     
  • Authentication and access control: SFTP monitoring should include notifications of which clients accessed which servers, along with their authentication methods, and keep track of administrator network and directory access activity. Cerberus FTP Server uses logging and auditing to monitor client and administrator access while providing a number of authentication options ranging from passwords to key pairs to integration with popular director tools like Active Directory and LDAP. Your organization may choose to have a web-facing SFTP server that requires public key pairs, or you may only allow users or agents that authenticate through a different means to access your stored data. Monitoring in these cases can be accomplished by your firewall, your directory system and numerous other tools. 
  • Network monitoring: Network monitoring is commonly handled by tools like your security suite and firewall to prevent malicious intrusions. However, it also applies to SFTP servers that must access the internet through their ports. SFTP network monitoring tools often include firewall tools, like automations based on port access rules and IP autoblocking. More advanced servers, such as Cerberus FTP Server’s Enterprise Plus edition, will also include automated network monitoring tools that serve as a second line of defense for your firewall.
  • Logging and auditing: Logging and auditing backstop the other monitoring areas above by keeping a reviewable record of all related activity. Ideally, your SFTP server maintains an accessible record of encryption, transfer, access and network activity. Cerberus FTP Server’s Report Manager tracks all of this activity through the Cerberus interface or an SQL database of your choice. Other tools may do so from tools like a security policy center, firewall logs, server utility or other locations. 

 

What are the benefits of SFTP monitoring?

 

In addition to the peace of mind you’ll receive from knowing that you’ll receive alerts for any suspicious activity, SFTP monitoring will also provide you with:

  • Easy policy tools like logging and auditing that can help demonstrate regulatory compliance with data access and protection requirements, such as those outlined in the GDPR or HIPAA. 
  • Backups for your other security tools that help ensure that even if your firewall or directory system is compromised, your file server will still provide an additional level of security that must be overcome.
  • Automated alerts that can halt malicious transfers before they occur. Imagine a scenario where an old account suddenly springs to life and wants to download whole directories. Your SFTP monitor can send alerts that require administrator authorization to proceed with the transfer. 
  • Improved endpoint security that monitors the credentials, encryption levels, IP addresses and access history of a particular client to ensure that your files only reach secure endpoints.

What SFTP monitoring tools exist?

SFTP monitoring tools generally fall into four buckets:

  1. SFTP Servers: Applications such as Cerberus FTP Server and JSCAPE are dedicated file transfer tools that generally offer strong levels of security monitoring for areas like access credentials, encryption, port access, administrator authentication and more. A dedicated SFTP server will provide everything you need to know about your data and access, but may not always look outside its own application. 
  2. Network security tools: Included with a purchased firewall or from your network management software provider, these tools will provide solid protection against intrusion and network access. However, they are often limited when reviewing file transfers, as they may require additional configuration steps to allow data transfers. 
  3. Server security applications: On-premise and cloud servers will provide their own independent security tools and logs that can generally be configured to monitor directory access and client requests.
  4. Dedicated security suites: Your organization’s security monitoring software should closely monitor inbound and outbound traffic for anomalies, as well as directory and administrator access to sensitive locations. 

 

Cerberus FTP Server: Your solution for SFTP monitoring

 

Cerberus FTP Server is designed to offer secure file transfer via SFTP and provides advanced monitoring capabilities. Whether you’re operating in an AWS environment, using Microsoft solutions or needing SSH SFTP public key authentication, Cerberus has got you covered.