Defense contractor secures data with MFT server and MFT gateway

Customer Profile

The customer, located in North America, is an international provider of advanced information processing systems for the surveillance, intelligence, space and defense industries. Given the sensitive nature of their business the customer has opted to withhold their organization name from this case study.

Challenge

Prior to engaging with JSCAPE the customer had developed a home-grown software solution to securely exchange large volumes of data with their trading partners. Over the period of nearly a decade of use their requirements evolved, particularly in the area of security. Rather than update their existing codebase, the customer wanted a commercial managed file transfer solution that offered similar features with added support for DMZ streaming, FIPS-140-2 cryptography compliance and the ability to proactively mitigate service attacks.

Solution

JSCAPE MFT Server and JSCAPE MFT Gateway products offered several key capabilities that met their requirements and provided the best value when compared to competing solutions. These core requirements included the following:

1. DMZ Streaming – MFT Gateway effectively streams data between trading partners, DMZ edge locations and network services without any data physically landing in the DMZ. This is of particular importance for organizations that are subject to government compliance requirements (PCI, HIPAA, SOX) that restrict storage of sensitive data in the DMZ.
2. FIPS-140-2 Compliance – Organizations exchanging sensitive data in the government, healthcare and financial sectors are often subject to FIPS-140-2 compliance which requires that cryptographic modules used by software vendors are certified to meet certain security requirements. MFT Server and MFT Gateway both include support for FIPS-140-2 compliance using certified cryptographic libraries.
3. SFTP Service – MFT Server includes a fully managed SFTP daemon supporting the latest key exchange, encryption and message authentication algorithms such as Diffie-Hellman, Elliptical Curve and SHA2.
4. Authentication – MFT Server enables various authentication methods in its file transfer services including password, public key, client certificate and multi-factor authentication. MFT Server services also integrates with existing user credential repositories such as LDAP, Active Directory and SSO to streamline user onboarding.

Results

The customer deployed both MFT Server and MFT Gateway and was able to take advantage of several benefits that these products offer.

Using MFT Gateway the customer was able to exchange sensitive data with its trading partners without any data landing in the DMZ meeting a core requirement. Furthermore, this was achieved without making any changes to internal firewall policies thus satisfying the stringent requirements of their security team.

Using MFT Server the customer was able to provide a reliable SFTP service to its trading partners that met FIPS-140-2 compliance requirements and was configured to automatically detect and respond to brute force password and DOS attacks. Additionally, the various authentication services in MFT Server allowed the customer to support both internal and external users using a mix of public key, Active Directory and SSO credentials. Using the open authentication API in MFT Server the customer was also able to easily integrate with one of their existing authentication services.

As of this writing the customer has been successfully running both MFT Server and MFT Gateway for approximately one year, processing thousands of files and approximately 35TB of data per month for the last six months.