NEW

2024 True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Arrow pointing leftBlog

FTP Dashboard: Detect and Mitigate FTP Data Leaks

Ken Pickles

February 5, 2015

Most administrators rarely understand their FTP traffic profile until it's too late. The following are some basic questions every administrator should know when trying to secure their data:

  • How many systems are running the FTP service?
  • What are the most active FTP nodes?
  • Who are the most active users?
  • How much throughput does FTP consume?
  • What are the most requested files?

My kneejerk reaction was to turn to the ExtraHop community. It's a burgeoning ecosystem of users collaborating and sharing to solve similar problems. I found a number of users with similar needs but no published solution, so I thought, "OK, let's do it!"

Identifying FTP Nodes

The Most Active FTP widget shown below tracks internal and external FTP requests and responders in real time. This provides a simple interface that quickly recognizes FTP talkers and list them by volume. If you see unusual communication with an unauthorized node you can promptly take action. If you believe there is a data leak this would be a great starting point to investigate further.

FTP most active requesters
FTP most active responders

Identifying FTP Users

FTP requests by users

Identifying Files Sent Over FTP

FTP requests by file 2

FTP Server Resources

FTP RTT vs processing time

FTP Status Codes

FTP status codes

Summary

Experience RevealX NDR for Yourself

Schedule a demo