Log in
Products
Our Products
Pitch Avatar
Create an avatar for the event
IT catalogs
Find IT product
Bonus4Reference
Get reference from user
IT catalogs
it_our_it_catalogs
Find and compare IT products
Learn implementation reviews
Find vendor and company-supplier
Explore IT products by category
About Us
Blog
Sign Up
Sign In
Home
/
Deployments
/
vmware-vsphere-metro-storage-cluster-vmsc-for-virtualization-of-compute-resources
Deployment date: undefined
-
Anonymous
Anonymous
{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"implementationDetail":{"description":{"ru":"Описание","_type":"localeString","en":"Description"},"status":{"en":"Status","ru":"Статус","_type":"localeString"},"show":{"_type":"localeString","en":"Show more","ru":"Показать ещё"},"hide":{"_type":"localeString","en":"Hide","ru":"Скрыть"},"details":{"_type":"localeString","en":"Details","ru":"Подробности"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"additional-info":{"ru":"Дополнительная информация","_type":"localeString","en":"Additional information"},"project-was-put":{"en":"The project has been delivered on schedule","ru":"Проект был сдан в срок","_type":"localeString"},"budget-not-exceeded":{"ru":"Бюджет не был превышен","_type":"localeString","en":"The budget has not been exceeded"},"functionally-task-assignment":{"en":"Functionality complies with task","ru":"Функциональность соответствует задаче","_type":"localeString"},"similar-implementations":{"ru":"Схожие внедрения","_type":"localeString","en":"Similar deployments"},"source":{"ru":"Источник:","_type":"localeString","en":"Source:"},"price":{"ru":"Цена:","_type":"localeString","en":"Price: "},"pluses":{"_type":"localeString","en":"Advantages","ru":"Плюсы"},"raiting":{"en":"Raiting","ru":"Общая оценка","_type":"localeString"},"user":{"en":"User","ru":"Пользователь","_type":"localeString"},"vendor":{"_type":"localeString","en":"Vendor","ru":"Производитель"},"supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"product":{"en":"Product","ru":"Продукт","_type":"localeString"},"canceled":{"_type":"localeString","en":"Canceled","ru":"Отменено"},"deal-canceled":{"ru":"Сделка отменена","_type":"localeString","en":"Deal canceled"},"deal-closed":{"_type":"localeString","en":"Deal closed","ru":"Сделка закрыта"},"deal-in-progress":{"ru":"Сделка в процессе","_type":"localeString","en":"Deal in progress"},"deal-is-planned":{"ru":"Сделка планируется","_type":"localeString","en":"Deal is planned"},"finished":{"ru":"Завершено","_type":"localeString","en":"Finished"},"in-process":{"_type":"localeString","en":"In Process","ru":"Ведется"},"planned":{"en":"Planned","ru":"Планируется","_type":"localeString"},"proof-of-concept":{"en":"Proof of concept","ru":"Пилотный проект","_type":"localeString"},"stopped":{"ru":"Остановлено","_type":"localeString","en":"Stopped"},"date":{"_type":"localeString","en":"Deployment date","ru":"Дата внедрения"},"roi":{"en":"ROI","ru":"ROI","_type":"localeString"},"not-yet-converted":{"en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString"}},"header":{"help":{"ru":"Помощь","_type":"localeString","en":"Help","de":"Hilfe"},"how":{"de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString","en":"How does it works"},"login":{"en":"Log in","de":"Einloggen","ru":"Вход","_type":"localeString"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"ru":"FAQ","_type":"localeString","en":"FAQ","de":"FAQ"},"references":{"ru":"Мои запросы","_type":"localeString","en":"Requests","de":"References"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find-it-product":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"autoconfigurator":{"_type":"localeString","en":" Price calculator","ru":"Калькулятор цены"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"en":"Business boosting","ru":"Развитие бизнеса","_type":"localeString"},"catalogs":{"en":"Catalogs","ru":"Каталоги","_type":"localeString"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"categories":{"en":"Categories","ru":"Категории","_type":"localeString"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"en":"Are you sure you want to delete","ru":"Подтвердите удаление","_type":"localeString"},"search-placeholder":{"en":"Enter your search term","ru":"Введите поисковый запрос","_type":"localeString"},"my-profile":{"en":"My profile","ru":"Мои данные","_type":"localeString"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"en":"Create an avatar for the event","_type":"localeString"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"_type":"localeString","en":"My Company","de":"Über die Firma","ru":"О компании"},"about":{"de":"Über uns","ru":"О нас","_type":"localeString","en":"About us"},"infocenter":{"en":"Infocenter","de":"Infocenter","ru":"Инфоцентр","_type":"localeString"},"tariffs":{"en":"Subscriptions","de":"Tarife","ru":"Тарифы","_type":"localeString"},"contact":{"de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString","en":"Contact us"},"marketplace":{"ru":"Marketplace","_type":"localeString","en":"Marketplace","de":"Marketplace"},"products":{"en":"Products","de":"Produkte","ru":"Продукты","_type":"localeString"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost"},"get_bonus":{"de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"en":"ROI calculators","de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString","en":"Our social networks"},"subscribe":{"en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString"},"subscribe_info":{"_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"en":"Price calculator","ru":"Калькулятор цены","_type":"localeString"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"_type":"localeString","en":"4 vendors","ru":"поставщикам"},"blog":{"_type":"localeString","en":"blog","ru":"блог"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"en":"categories","ru":"категории","_type":"localeString"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!"},"subscribe__email-label":{"_type":"localeString","en":"Email","ru":"Email"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"en":"This field is required","ru":"Это поле обязательное","_type":"localeString"},"subscribe__notify-label":{"_type":"localeString","en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."},"roi4presenter":{"en":"Roi4Presenter","de":"roi4presenter","ru":"roi4presenter","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"en":"Position","ru":"Должность","_type":"localeString"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"en":"Received ROI","ru":"Полученный ROI","_type":"localeString"},"saving-type":{"en":"Saving type","ru":"Тип экономии","_type":"localeString"},"comment":{"en":"Comment","ru":"Комментарий","_type":"localeString"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"_type":"localeString","en":"I agree","ru":"Я согласен"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"_type":"localeString","en":"{NAME} is required filed","ru":"{NAME} - это обязательное поле"}},"maintenance":{"title":{"en":"Site under maintenance","ru":"На сайте проводятся технические работы","_type":"localeString"},"message":{"ru":"Спасибо за ваше понимание","_type":"localeString","en":"Thank you for your understanding"}},"filters":{"from":{"en":"from","ru":"от","_type":"localeString"},"to":{"ru":"до","_type":"localeString","en":"to"},"filter-price-title":{"ru":"Фильтр по цене","_type":"localeString","en":"Filter by price"},"view-type-label":{"ru":"Вид","_type":"localeString","en":"View"},"sort-type-label":{"en":"Sorting","ru":"Сортировка","_type":"localeString"},"category":{"_type":"localeString","en":"Category","ru":"Категория"},"follow":{"en":"Follow","ru":"Следить","_type":"localeString"},"add-product":{"_type":"localeString","en":"Add Product","ru":"Добавить продукт"},"show-all":{"en":"Show all","ru":"Показать все","_type":"localeString"},"filter-toggle":{"ru":"Фильтр","_type":"localeString","en":"Filter"},"clear-button":{"ru":"Очистить","_type":"localeString","en":"Сlear"},"delivery-type-field":{"_type":"localeString","en":"Delivery type","ru":"Тип поставки"},"product-categories-field":{"en":"product categories","ru":"категориz продуктаhjle","_type":"localeString"},"providers-field":{"ru":"Поставщик, производитель","_type":"localeString","en":"Providers"},"business-tasks-field":{"en":"Business tasks","ru":"Бизнес задачи","_type":"localeString"},"problems-field":{"ru":"Проблемы","_type":"localeString","en":"Problems"},"with-discounts-checkbox":{"ru":"Со скидками","_type":"localeString","en":"With discounts"},"expert-price-checkbox":{"_type":"localeString","en":"Configurator","ru":"Конфигуратор"},"roi-calculator-checkbox":{"ru":"ROI-калькулятор","_type":"localeString","en":"ROI-calculator"},"apply-filter-button":{"en":"Apply filter","ru":"Применить фильтр","_type":"localeString"},"sorting-toggle":{"ru":"Сортировка","_type":"localeString","en":"Sorting"},"show-all-button":{"ru":"Показать все","_type":"localeString","en":"Show all"},"suggest-product-button":{"ru":"Предложить продукт","_type":"localeString","en":"Suggest product"},"with-projects-label":{"ru":"С внедрениями","_type":"localeString","en":"With deployments"},"bonus-4-reference":{"en":"Bonus 4 Reference","ru":"Бонус за референс","_type":"localeString"},"product-categories":{"ru":"Категории продуктов","_type":"localeString","en":"Product Categories"},"countries":{"en":"Countries","ru":"Страны","_type":"localeString"},"seller":{"_type":"localeString","en":"Seller","ru":"Продавец"},"vendors":{"en":"User products vendors","ru":"Производители продуктов пользователя","_type":"localeString"},"suppliers":{"_type":"localeString","en":"User suppliers","ru":"Поставщики пользователя"},"business-process":{"en":"Problems","ru":"Проблемы","_type":"localeString"},"business-objectives":{"ru":"Бизнес задачи","_type":"localeString","en":"Business tasks"},"branch":{"en":" Branch","ru":"Отрасль","_type":"localeString"},"users":{"ru":"Пользователи","_type":"localeString","en":"Users"},"status":{"_type":"localeString","en":"Status","ru":"Статус"},"info-source":{"en":"Info source","ru":"Информационный ресурс","_type":"localeString"},"with-reference-checkbox":{"_type":"localeString","en":"With reference","ru":"С референсами"},"show-deal-checkbox":{"en":"Show deal with noname","ru":"Показывать сделки с noname","_type":"localeString"},"roi-checkbox":{"en":"ROI","ru":"ROI","_type":"localeString"},"problems":{"ru":"Проблемы","_type":"localeString","en":"Problems"},"find":{"en":"Find","ru":"Выполнить поиск","_type":"localeString"},"deal-date":{"ru":"Дата","_type":"localeString","en":"Date"},"try-button":{"_type":"localeString","en":"Try AI (Beta)","ru":"Попробовать AI (Beta)"},"hide":{"en":"Hide","ru":"Скрыть","_type":"localeString"},"company-size":{"_type":"localeString","en":"Company size","ru":"Размер компании"},"add-company":{"ru":"Добавить компанию","_type":"localeString","en":"Add company"},"add-implementation":{"ru":"Добавить внедрение","_type":"localeString","en":"Add deployment"},"sort-title-asc":{"ru":"От А до Я","_type":"localeString","en":"From A to Z"},"sort-title-desc":{"ru":"От Я до А","_type":"localeString","en":"From Z to A"},"sellers-field":{"_type":"localeString","en":"Sellers","ru":"Поставщики, Производители"},"supply-types":{"en":"Supply type","ru":"Тип поставки","_type":"localeString"},"with-comments-checkbox":{"ru":"С комментариями","_type":"localeString","en":"With comments"},"supplier":{"ru":"Поставщик","_type":"localeString","en":"Supplier"},"vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"user":{"en":"User","ru":"Пользователь","_type":"localeString"},"company-type":{"ru":"Тип компании","_type":"localeString","en":"Company type"},"partners-field":{"_type":"localeString","en":"Partners","ru":" Партнеры"},"customers":{"en":"Customers","ru":"Покупатели","_type":"localeString"},"product-supplier":{"en":"Product supplier","ru":"Поставщик продукта","_type":"localeString"},"product-vendor":{"ru":"Производитель продукта","_type":"localeString","en":"Product vendor"},"implementation-date":{"ru":"Дата внедрения","_type":"localeString","en":"Deployment date"},"canceled":{"ru":"Отменено","_type":"localeString","en":"Canceled"},"deal-canceled":{"ru":"Сделка отменена","_type":"localeString","en":"Deal canceled"},"deal-closed":{"ru":"Сделка закрыта","_type":"localeString","en":"Deal closed"},"deal-in-progress":{"_type":"localeString","en":"Deal in progress","ru":"Сделка в процессе"},"deal-is-planned":{"en":"Deal is planned","ru":"Сделка планируется","_type":"localeString"},"finished":{"_type":"localeString","en":"Finished","ru":"Завершено"},"in-process":{"_type":"localeString","en":"In Process","ru":"Ведется"},"planned":{"en":"Planned","ru":"Планируется","_type":"localeString"},"proof-of-concept":{"_type":"localeString","en":"Proof of concept","ru":"Пилотный проект"},"stopped":{"ru":"Остановлено","_type":"localeString","en":"Stopped"},"competencies":{"en":"Competencies","ru":"Компетенции","_type":"localeString"}}},"translationsStatus":{"implementationDetail":"success","filters":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"implementationDetail":{}},"pageMetaDataStatus":{"implementationDetail":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{"imperva-securesphere-database-firewall-for-global-computer-technology-company":{"id":664,"title":"Imperva SecureSphere Database Firewall for Global Computer Technology Company","description":"One of the largest computer technology companies in the world replaced their IBM Guardium deployment with Imperva SecureSphere, to audit and protect their database environment. Switching to SecureSphere reduced operational costs by over 70%, saving the company $1.9M a year in recurring labor and support costs.\r\nThis level of ongoing cost savings was a huge win for the company that operates with razor-thin margins, in a price-competitive industry. In addition to operating margin pressure, this Fortune 500 company had to address SOX and PCI-DSS regulations, on a global scale. The company’s over 100,000 employees developed, manufactured, and serviced the company’s products worldwide. For years, the company tried to expand their IBM Guardium deployment beyond the 500 databases it covered, but was hindered by the overwhelming amount of labor required. This meant that some critical databases could not be monitored, which introduced compliance and security risks the company deemed unacceptable.\r\nThe high labor cost was mainly due to Guardium’s architecture deficiencies, which required a large number of virtual appliances, to cover the company’s 500 databases. The volume of virtual appliances made the deployment complicated and costly to operate. Furthermore, Guardium’s integration with the company’s Remedy change ticketing and workflow system was cumbersome, and presented many challenges.\r\nA huge amount of manual labor was associated with vetting false positives around Remedy change tickets; copying and pasting ticket events into emails to database administrators; and reconciling administrator responses with the events in question. The Guardium deficiencies ultimately required the company to employ a large number of full time staff, to manage the Guardium virtual server farm, and to compensate for the awkward Remedy integration. These factors, combined with Guardium’s support renewal costs, forced the company to evaluate other vendor","alias":"imperva-securesphere-database-firewall-for-global-computer-technology-company","roi":0,"seo":{"title":"Imperva SecureSphere Database Firewall for Global Computer Technology Company","keywords":"","description":"One of the largest computer technology companies in the world replaced their IBM Guardium deployment with Imperva SecureSphere, to audit and protect their database environment. Switching to SecureSphere reduced operational costs by over 70%, saving the company","og:title":"Imperva SecureSphere Database Firewall for Global Computer Technology Company","og:description":"One of the largest computer technology companies in the world replaced their IBM Guardium deployment with Imperva SecureSphere, to audit and protect their database environment. Switching to SecureSphere reduced operational costs by over 70%, saving the company"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":207,"title":"Imperva","logoURL":"https://old.roi4cio.com/uploads/roi/company/imperva_logo.png","alias":"imperva","address":"","roles":[],"description":"Imperva provides cyber security software and services to protect companies’ sensitive data and application software from both external attacks and internal threats, and to ensure regulatory compliance. Headquartered in Redwood Shores, California, Imperva has more than 4,500 customers and 500 partners in over 90 countries.","companyTypes":[],"products":{},"vendoredProductsCount":5,"suppliedProductsCount":5,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":6,"vendorImplementationsCount":7,"vendorPartnersCount":0,"supplierPartnersCount":2,"b4r":0,"categories":{},"companyUrl":"www.imperva.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Imperva","keywords":"Imperva, software, Shores, California, Redwood, Headquartered, over, countries","description":"Imperva provides cyber security software and services to protect companies’ sensitive data and application software from both external attacks and internal threats, and to ensure regulatory compliance. Headquartered in Redwood Shores, California, Imperva has m","og:title":"Imperva","og:description":"Imperva provides cyber security software and services to protect companies’ sensitive data and application software from both external attacks and internal threats, and to ensure regulatory compliance. Headquartered in Redwood Shores, California, Imperva has m","og:image":"https://old.roi4cio.com/uploads/roi/company/imperva_logo.png"},"eventUrl":""},"vendors":[{"id":207,"title":"Imperva","logoURL":"https://old.roi4cio.com/uploads/roi/company/imperva_logo.png","alias":"imperva","address":"","roles":[],"description":"Imperva provides cyber security software and services to protect companies’ sensitive data and application software from both external attacks and internal threats, and to ensure regulatory compliance. Headquartered in Redwood Shores, California, Imperva has more than 4,500 customers and 500 partners in over 90 countries.","companyTypes":[],"products":{},"vendoredProductsCount":5,"suppliedProductsCount":5,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":6,"vendorImplementationsCount":7,"vendorPartnersCount":0,"supplierPartnersCount":2,"b4r":0,"categories":{},"companyUrl":"www.imperva.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Imperva","keywords":"Imperva, software, Shores, California, Redwood, Headquartered, over, countries","description":"Imperva provides cyber security software and services to protect companies’ sensitive data and application software from both external attacks and internal threats, and to ensure regulatory compliance. Headquartered in Redwood Shores, California, Imperva has m","og:title":"Imperva","og:description":"Imperva provides cyber security software and services to protect companies’ sensitive data and application software from both external attacks and internal threats, and to ensure regulatory compliance. Headquartered in Redwood Shores, California, Imperva has m","og:image":"https://old.roi4cio.com/uploads/roi/company/imperva_logo.png"},"eventUrl":""}],"products":[{"id":1601,"logo":false,"scheme":false,"title":"Imperva SecureSphere Database Firewall","vendorVerified":0,"rating":"1.70","implementationsCount":1,"suppliersCount":0,"alias":"imperva-securesphere-database-firewall","companyTypes":[],"description":"SecureSphere use two monitoring channels – one for security policies and one for audit policies. The independence enables resource and task optimization that is not possible with a single channel.\r\nSecureSphere Database Firewall\r\n<ul> <li>Logs only what activity is necessary while monitoring all activity for security violations</li> <li>Monitors and protects high-transaction databases</li> <li>Blocks suspicious behavior when it happens – investigate in-context</li> <li>Executes multi-action security alerts, eliminating bottlenecks and delays</li> <li>Interlocks database protection with the SecureSphere Web Application Firewall, CounterBreach Insider threat protection, and malware protection, providing multifactored data security</li> </ul>\r\nSecureSphere helps organizations address compliance regulations including GDPR, PCI DSS, SOX, POPI, and HIPAA.","shortDescription":"SecureSphere Database Firewall effectively protects databases from attacks, data loss and theft.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Imperva SecureSphere Database Firewall","keywords":"SecureSphere, security, Firewall, protection, with, activity, policies, Database","description":"SecureSphere use two monitoring channels – one for security policies and one for audit policies. The independence enables resource and task optimization that is not possible with a single channel.\r\nSecureSphere Database Firewall\r\n<ul> <li>Logs only w","og:title":"Imperva SecureSphere Database Firewall","og:description":"SecureSphere use two monitoring channels – one for security policies and one for audit policies. The independence enables resource and task optimization that is not possible with a single channel.\r\nSecureSphere Database Firewall\r\n<ul> <li>Logs only w"},"eventUrl":"","translationId":1572,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":336,"title":"Risk or Leaks of confidential information"},{"id":385,"title":"Risk of data loss or damage"}]}},"categories":[{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.imperva.com/resources/customers/case-studies/tech-giant-secures-data-and-saves-2-million-annually/","title":"Web-site of vendor"}},"comments":[],"references":[],"referencesCount":0,"similarImplementations":[{"id":645,"title":"Barracuda Web Application Firewall for automobile industry","description":"Challenges:\r\n<ul><li>Protect against sophisticated attacks</li><li>Ensure uninterrupted online access</li><li>Support a multi-application environment</li><li>Prevent loss of personal/sensitive data</li><li>Scale easily</li><li>Easy to install and manage</li></ul>\r\nThe Barracuda CloudGen WAF provides an extra layer of fine-grained security, which allows the engineers to closely monitor traffic profiles and automatically mitigate unusual behavior and attacks. Hyundai was impressed with how easy it was to install and manage, and how well it performed.\r\nThe experts at Barracuda Central work 24x7 to monitor and block the latest Internet threats. Data from more than 150,000 collection points is analyzed to create and deliver protection against previously unknown threats within minutes of their discovery via Energize Updates. As new types of threats emerge, the Barracuda Web Application Firewall will acquire new capabilities to block them.\r\nHyundai found that Barracuda Networks was the right security and application delivery partner to protect it from sophisticated attacks, optimize its network, and keep IT resource needs low with its ease of installation and use. Barracuda Networks provided a complete, affordable, scalable solution that filled the application delivery and network security needs of this company.\r\nResults:\r\n<ul><li>Network is always up and running</li><li>Confidential data is safe</li><li>Easy to manage and monitor web applications across the network</li></ul>","alias":"barracuda-web-application-firewall-for-automobile-industry","roi":0,"seo":{"title":"Barracuda Web Application Firewall for automobile industry","keywords":"","description":"Challenges:\r\n<ul><li>Protect against sophisticated attacks</li><li>Ensure uninterrupted online access</li><li>Support a multi-application environment</li><li>Prevent loss of personal/sensitive data</li><li>Scale easily</li><li>Easy to install and manage</li></","og:title":"Barracuda Web Application Firewall for automobile industry","og:description":"Challenges:\r\n<ul><li>Protect against sophisticated attacks</li><li>Ensure uninterrupted online access</li><li>Support a multi-application environment</li><li>Prevent loss of personal/sensitive data</li><li>Scale easily</li><li>Easy to install and manage</li></"},"deal_info":"","user":{"id":5058,"title":"Hyundai","logoURL":"https://old.roi4cio.com/uploads/roi/company/Hyundai_logo.png","alias":"hyundai","address":"","roles":[],"description":"The Hyundai Motor Company, commonly known as Hyundai Motors , is a South Korean multinational automotive manufacturer headquartered in Seoul. The company was founded in 1967 and, along with its 32.8% owned subsidiary, Kia Motors, and its 100% owned luxury subsidiary Genesis Motor, altogether comprise the Hyundai Motor Group. It is the third largest vehicle manufacturer in the world.\r\nHyundai operates the world's largest integrated automobile manufacturing facility in Ulsan, South Korea which has an annual production capacity of 1.6 million units. The company employs about 75,000 people worldwide. Hyundai vehicles are sold in 193 countries through some 5,000 dealerships and showrooms. ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.hyundai.com/worldwide/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hyundai","keywords":"","description":"The Hyundai Motor Company, commonly known as Hyundai Motors , is a South Korean multinational automotive manufacturer headquartered in Seoul. The company was founded in 1967 and, along with its 32.8% owned subsidiary, Kia Motors, and its 100% owned luxury subs","og:title":"Hyundai","og:description":"The Hyundai Motor Company, commonly known as Hyundai Motors , is a South Korean multinational automotive manufacturer headquartered in Seoul. The company was founded in 1967 and, along with its 32.8% owned subsidiary, Kia Motors, and its 100% owned luxury subs","og:image":"https://old.roi4cio.com/uploads/roi/company/Hyundai_logo.png"},"eventUrl":""},"supplier":{"id":262,"title":"Softprom (supplier)","logoURL":"https://old.roi4cio.com/uploads/roi/company/SOFTPROM_blue_on_white_01.png","alias":"softprom-supplier","address":"","roles":[],"description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<span style=\"font-weight: bold;\">Softprom</span> provides professional services for testing, training, installation, implementation and technical support of IT solutions in IT Security, IT Infrastructure, Cloud Services, CAD and Graphic Design, Video Security.\r\nRead more: softprom.com","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":66,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":21,"vendorImplementationsCount":0,"vendorPartnersCount":13,"supplierPartnersCount":1,"b4r":1,"categories":{},"companyUrl":"https://softprom.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Softprom (supplier)","keywords":"Softprom, trust, company, services, customers, vendors, solutions, software","description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<sp","og:title":"Softprom (supplier)","og:description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<sp","og:image":"https://old.roi4cio.com/uploads/roi/company/SOFTPROM_blue_on_white_01.png"},"eventUrl":""},"vendors":[{"id":183,"title":"Barracuda Networks","logoURL":"https://old.roi4cio.com/uploads/roi/company/barracuda_logo.png","alias":"barracuda-networks","address":"","roles":[],"description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and storage based on network devices and cloud services. Security products include solutions to protect against spam, web surfing, hackers and threats from instant messaging services. The platform also successfully combats such threats as spam, spyware, Trojans and other malware. Barracuda solutions provide web traffic filtering, load balancing, message archiving, backup services, data protection, and more.<br /><br />Today, more than 50,000 companies and security organizations around the world use Barracuda Networks solutions. The main product list includes solutions such as Barracuda Spam Firewall, Barracuda Web Filter, Barracuda IM Firewall. ","companyTypes":[],"products":{},"vendoredProductsCount":11,"suppliedProductsCount":11,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":15,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":1,"categories":{},"companyUrl":"www.barracuda.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Barracuda Networks","keywords":"products, company, Barracuda, include, protection, services, storage, security","description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and stor","og:title":"Barracuda Networks","og:description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and stor","og:image":"https://old.roi4cio.com/uploads/roi/company/barracuda_logo.png"},"eventUrl":""}],"products":[{"id":1309,"logo":false,"scheme":false,"title":"Barracuda Web Application Firewall","vendorVerified":0,"rating":"2.00","implementationsCount":2,"suppliersCount":0,"alias":"barracuda-web-application-firewall","companyTypes":[],"description":"The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access. Constant Protection from Evolving Threats The Barracuda Web Application Firewall provides superior protection against data loss, DDoS, and all known applicationlayer attack modalities. Automatic updates provide defense against new threats as they apear. As new types of threats emerge, it will acquire new capabilities to block them. Identity and Access Management The Barracuda Web Application Firewall has strong authentication and access control capabilities that ensure security and privacy by restricting access to sensitive applications or data to authorized users. Affordable and Easy to Use Pre-built security templates and intuitive web interface provide immediate security without the need for time-consuming tuning or application learning. Integration with security vulnerability scanners and SIEM tools automates the assessment, monitoring, and mitigation process","shortDescription":"Barracuda Web Application Firewall - protect websites and apps from cyber threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":5,"seo":{"title":"Barracuda Web Application Firewall","keywords":"Barracuda, Application, Firewall, security, data, access, capabilities, they","description":"The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access. Constant Protection","og:title":"Barracuda Web Application Firewall","og:description":"The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access. Constant Protection"},"eventUrl":"","translationId":1391,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\"> </p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1582,"logo":false,"scheme":false,"title":"Barracuda WAF-as-a-Service","vendorVerified":0,"rating":"2.00","implementationsCount":2,"suppliersCount":0,"alias":"barracuda-waf-as-a-service","companyTypes":[],"description":"Complete application security does not have to be complicated. Web applications are connected directly to your business and customer data. Attackers know this and have become increasingly clever with their attempts to bring down or compromise websites and apps. These attacks can be prevented, but organizations often struggle to implement a robust web application security posture due to several challenges:\r\n<ul> <li>Application security is complicated to deploy and manage without specialized resources.</li> <li>Continuous updates to applications can lead to new vulnerabilities.</li> <li>Legacy applications were developed without secure coding practices.</li> </ul>\r\n<span style=\"font-weight: bold;\">Why Barracuda WAF-as-a-Service?</span>\r\n<ul> <li>Built on a proven security platform. Enterprise-proven technology that provides comprehensive protection from all OWASP recognized security risks, DDoS attacks, and even the most advanced zero-day threats. Proactive bot defense ensures always-on protection from automated attacks, web scraping, and brute force attacks.</li> <li>Simplified application security for everyone. Remove the complexity of setting up and configuring your application security solution. Barracuda WAF-as-a-Service delivers protection for your web apps in minutes thanks to a simple 5-step setup wizard, and numerous pre-built security policy templates.</li> <li>Complete control. Unlimited rulesets. For more advanced users, Barracuda WAF-as-a-Service offers a level of control traditionally reserved only for on-premises and public cloud solutions. Fine-tune specific policies for each component of every application's security profile.</li> <li>Automated vulnerability discovery and remediation. Barracuda Vulnerability Remediation Service is built-in and provides automatic vulnerability detection and remediation which can be scheduled, ensuring ongoing protection without any administrative overhead.</li> <li>Granular visibility with detailed logs and reports. Gain rich insight into all web traffic events and users. Detailed compliance reports help you easily understand your security status at any given time by having complete visibility into all HTTP/S traffic.</li> <li>Unmetered DDoS protection included. DDoS attacks disrupt the service availability of your web apps which can have a significant impact on your business. Barracuda WAF-as-a-Service defends against the full spectrum of L3-L7 DDoS attacks ensuring the availability of your web apps.</li> </ul>","shortDescription":"Barracuda WAF-as-a-Service - Protect every web app, hosted anywhere, in minutes.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":5,"seo":{"title":"Barracuda WAF-as-a-Service","keywords":"","description":"Complete application security does not have to be complicated. Web applications are connected directly to your business and customer data. Attackers know this and have become increasingly clever with their attempts to bring down or compromise websites and apps","og:title":"Barracuda WAF-as-a-Service","og:description":"Complete application security does not have to be complicated. Web applications are connected directly to your business and customer data. Attackers know this and have become increasingly clever with their attempts to bring down or compromise websites and apps"},"eventUrl":"","translationId":1583,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\"> </p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":387,"title":"Non-compliant with IT security requirements"}]}},"categories":[{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\"> </p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":643,"title":"Barracuda Web Application Firewall for bank","description":"Challenges\r\n<ul><li>Unreliability of environment</li><li>Uneven levels of demand throughout the year</li><li>Highly sensitive data</li><li>Current solution meant waiting for weeks to receive additional web encoding servers</li><li>New solution required the additional security needed to keep customer data safe and maintain levels of customer experience</li></ul>\r\nPlatinum Bank was already familiar with Barracuda, having utilized the Barracuda Email Security Gateway for cyber threat prevention. The company came to the conclusion that it needed an additional firewall solution to protect their data center. The goal was to log more information on the subnets’ inbound and outbound traffic. Platinum Bank determined that the Barracuda WAF was the right choice.\r\nSince deploying the Barracuda WAF, Platinum Bank has warded off many cyberattacks. In addition, Platinum Bank is now able to fix their own issues within five minutes, whereas their outsourced provider solution took weeks, saving a significant amount of time and money.\r\nResults\r\n<ul><li>Increased uptime</li><li>Better security and more comprehensive compliance</li><li>Automation of new threat blockers</li><li>Little additional training required</li><li>Engineer time saved, so can be spent on improving customer experience</li><li>Cost effective solution</li></ul>","alias":"barracuda-web-application-firewall-for-bank","roi":0,"seo":{"title":"Barracuda Web Application Firewall for bank","keywords":"","description":"Challenges\r\n<ul><li>Unreliability of environment</li><li>Uneven levels of demand throughout the year</li><li>Highly sensitive data</li><li>Current solution meant waiting for weeks to receive additional web encoding servers</li><li>New solution required the add","og:title":"Barracuda Web Application Firewall for bank","og:description":"Challenges\r\n<ul><li>Unreliability of environment</li><li>Uneven levels of demand throughout the year</li><li>Highly sensitive data</li><li>Current solution meant waiting for weeks to receive additional web encoding servers</li><li>New solution required the add"},"deal_info":"","user":{"id":533,"title":"Platinum Bank","logoURL":"https://old.roi4cio.com/uploads/roi/company/Platinum_Bank.png","alias":"platinum-bank","address":"","roles":[],"description":"Platinum Bank - specialized retail bank, which since 2005 provides deposit and loan products to individuals through a network of offices and service points throughout Ukraine. The main shareholders of Platinum Bank is a group of financial shareholders, including the direct investment fund European Infrastructure Investment Company (“EIIC”, Luxembourg).\r\nInternational investors and shareholders contribute to the development of Platinum Bank and the introduction of Western management standards that allow bank customers to feel the comfort of cooperation and peace of mind for their investments.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":6,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.platinumbank.com.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Platinum Bank","keywords":"through, network, offices, service, shareholders, Plat, Ukraine, points","description":"Platinum Bank - specialized retail bank, which since 2005 provides deposit and loan products to individuals through a network of offices and service points throughout Ukraine. The main shareholders of Platinum Bank is a group of financial shareholders, includi","og:title":"Platinum Bank","og:description":"Platinum Bank - specialized retail bank, which since 2005 provides deposit and loan products to individuals through a network of offices and service points throughout Ukraine. The main shareholders of Platinum Bank is a group of financial shareholders, includi","og:image":"https://old.roi4cio.com/uploads/roi/company/Platinum_Bank.png"},"eventUrl":""},"supplier":{"id":262,"title":"Softprom (supplier)","logoURL":"https://old.roi4cio.com/uploads/roi/company/SOFTPROM_blue_on_white_01.png","alias":"softprom-supplier","address":"","roles":[],"description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<span style=\"font-weight: bold;\">Softprom</span> provides professional services for testing, training, installation, implementation and technical support of IT solutions in IT Security, IT Infrastructure, Cloud Services, CAD and Graphic Design, Video Security.\r\nRead more: softprom.com","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":66,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":21,"vendorImplementationsCount":0,"vendorPartnersCount":13,"supplierPartnersCount":1,"b4r":1,"categories":{},"companyUrl":"https://softprom.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Softprom (supplier)","keywords":"Softprom, trust, company, services, customers, vendors, solutions, software","description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<sp","og:title":"Softprom (supplier)","og:description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<sp","og:image":"https://old.roi4cio.com/uploads/roi/company/SOFTPROM_blue_on_white_01.png"},"eventUrl":""},"vendors":[{"id":183,"title":"Barracuda Networks","logoURL":"https://old.roi4cio.com/uploads/roi/company/barracuda_logo.png","alias":"barracuda-networks","address":"","roles":[],"description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and storage based on network devices and cloud services. Security products include solutions to protect against spam, web surfing, hackers and threats from instant messaging services. The platform also successfully combats such threats as spam, spyware, Trojans and other malware. Barracuda solutions provide web traffic filtering, load balancing, message archiving, backup services, data protection, and more.<br /><br />Today, more than 50,000 companies and security organizations around the world use Barracuda Networks solutions. The main product list includes solutions such as Barracuda Spam Firewall, Barracuda Web Filter, Barracuda IM Firewall. ","companyTypes":[],"products":{},"vendoredProductsCount":11,"suppliedProductsCount":11,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":15,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":1,"categories":{},"companyUrl":"www.barracuda.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Barracuda Networks","keywords":"products, company, Barracuda, include, protection, services, storage, security","description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and stor","og:title":"Barracuda Networks","og:description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and stor","og:image":"https://old.roi4cio.com/uploads/roi/company/barracuda_logo.png"},"eventUrl":""}],"products":[{"id":1309,"logo":false,"scheme":false,"title":"Barracuda Web Application Firewall","vendorVerified":0,"rating":"2.00","implementationsCount":2,"suppliersCount":0,"alias":"barracuda-web-application-firewall","companyTypes":[],"description":"The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access. Constant Protection from Evolving Threats The Barracuda Web Application Firewall provides superior protection against data loss, DDoS, and all known applicationlayer attack modalities. Automatic updates provide defense against new threats as they apear. As new types of threats emerge, it will acquire new capabilities to block them. Identity and Access Management The Barracuda Web Application Firewall has strong authentication and access control capabilities that ensure security and privacy by restricting access to sensitive applications or data to authorized users. Affordable and Easy to Use Pre-built security templates and intuitive web interface provide immediate security without the need for time-consuming tuning or application learning. Integration with security vulnerability scanners and SIEM tools automates the assessment, monitoring, and mitigation process","shortDescription":"Barracuda Web Application Firewall - protect websites and apps from cyber threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":5,"seo":{"title":"Barracuda Web Application Firewall","keywords":"Barracuda, Application, Firewall, security, data, access, capabilities, they","description":"The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access. Constant Protection","og:title":"Barracuda Web Application Firewall","og:description":"The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access. Constant Protection"},"eventUrl":"","translationId":1391,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\"> </p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1582,"logo":false,"scheme":false,"title":"Barracuda WAF-as-a-Service","vendorVerified":0,"rating":"2.00","implementationsCount":2,"suppliersCount":0,"alias":"barracuda-waf-as-a-service","companyTypes":[],"description":"Complete application security does not have to be complicated. Web applications are connected directly to your business and customer data. Attackers know this and have become increasingly clever with their attempts to bring down or compromise websites and apps. These attacks can be prevented, but organizations often struggle to implement a robust web application security posture due to several challenges:\r\n<ul> <li>Application security is complicated to deploy and manage without specialized resources.</li> <li>Continuous updates to applications can lead to new vulnerabilities.</li> <li>Legacy applications were developed without secure coding practices.</li> </ul>\r\n<span style=\"font-weight: bold;\">Why Barracuda WAF-as-a-Service?</span>\r\n<ul> <li>Built on a proven security platform. Enterprise-proven technology that provides comprehensive protection from all OWASP recognized security risks, DDoS attacks, and even the most advanced zero-day threats. Proactive bot defense ensures always-on protection from automated attacks, web scraping, and brute force attacks.</li> <li>Simplified application security for everyone. Remove the complexity of setting up and configuring your application security solution. Barracuda WAF-as-a-Service delivers protection for your web apps in minutes thanks to a simple 5-step setup wizard, and numerous pre-built security policy templates.</li> <li>Complete control. Unlimited rulesets. For more advanced users, Barracuda WAF-as-a-Service offers a level of control traditionally reserved only for on-premises and public cloud solutions. Fine-tune specific policies for each component of every application's security profile.</li> <li>Automated vulnerability discovery and remediation. Barracuda Vulnerability Remediation Service is built-in and provides automatic vulnerability detection and remediation which can be scheduled, ensuring ongoing protection without any administrative overhead.</li> <li>Granular visibility with detailed logs and reports. Gain rich insight into all web traffic events and users. Detailed compliance reports help you easily understand your security status at any given time by having complete visibility into all HTTP/S traffic.</li> <li>Unmetered DDoS protection included. DDoS attacks disrupt the service availability of your web apps which can have a significant impact on your business. Barracuda WAF-as-a-Service defends against the full spectrum of L3-L7 DDoS attacks ensuring the availability of your web apps.</li> </ul>","shortDescription":"Barracuda WAF-as-a-Service - Protect every web app, hosted anywhere, in minutes.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":5,"seo":{"title":"Barracuda WAF-as-a-Service","keywords":"","description":"Complete application security does not have to be complicated. Web applications are connected directly to your business and customer data. Attackers know this and have become increasingly clever with their attempts to bring down or compromise websites and apps","og:title":"Barracuda WAF-as-a-Service","og:description":"Complete application security does not have to be complicated. Web applications are connected directly to your business and customer data. Attackers know this and have become increasingly clever with their attempts to bring down or compromise websites and apps"},"eventUrl":"","translationId":1583,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\"> </p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":387,"title":"Non-compliant with IT security requirements"}]}},"categories":[{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\"> </p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":933,"title":"Check Point Security Gateway Virtual Edition for Eurogasbank","description":"Description is not ready yet","alias":"check-point-security-gateway-virtual-edition-for-eurogasbank","roi":0,"seo":{"title":"Check Point Security Gateway Virtual Edition for Eurogasbank","keywords":"","description":"Description is not ready yet","og:title":"Check Point Security Gateway Virtual Edition for Eurogasbank","og:description":"Description is not ready yet"},"deal_info":"","user":{"id":7273,"title":"Yevrohazbank","logoURL":"https://old.roi4cio.com/uploads/roi/company/Evrogazbank.jpg","alias":"evropeiskii-gazovyi-bank-ao-evrogazbank","address":"","roles":[],"description":" EUROPEAN GAS BANK was founded in 2006 and provides services to individuals and legal entities. According to the data of the National Bank of Ukraine, and today it occupies 54th place among existing Ukrainian banks. EUROPEAN GAS BANK is also a member of the Independent Association of Banks of Ukraine (NABU), the Deposit Guarantee Fund for Individuals, PJSC Ukrainian Exchange, PJSC Ukrainian Stock Exchange, PJSC Stock Exchange PFTS, PJSC Stock Exchange Perspective, National Depository of Ukraine PJSC, Kiev International Stock Exchange PJSC, All-Ukrainian Securities Depository PrJSC, Ukrainian Stock Traders Association, Stock Partnership Association, Professional Association of Registrars and Depositories (PARD), Plat UkrKart hedgehog system, Society for Worldwide Interbank Financial Telecommunications (SWIFT), Ukrainian National Group of Members and Users of SWIFT “UKRSWIFT”. NBU License No. 233 dated November 7, 2011. All types of banking services. The main goal of the team of EUROGASBANK JSC is to build strong partnerships with its customers, by maximally satisfying the financial needs of the population and business. Constantly improving its services, the Bank expands the scope of its activities and grows with its customers.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.egb.kiev.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Yevrohazbank","keywords":"","description":" EUROPEAN GAS BANK was founded in 2006 and provides services to individuals and legal entities. According to the data of the National Bank of Ukraine, and today it occupies 54th place among existing Ukrainian banks. EUROPEAN GAS BANK is also a member of the In","og:title":"Yevrohazbank","og:description":" EUROPEAN GAS BANK was founded in 2006 and provides services to individuals and legal entities. According to the data of the National Bank of Ukraine, and today it occupies 54th place among existing Ukrainian banks. EUROPEAN GAS BANK is also a member of the In","og:image":"https://old.roi4cio.com/uploads/roi/company/Evrogazbank.jpg"},"eventUrl":""},"supplier":{"id":249,"title":"Integrity Systems","logoURL":"https://old.roi4cio.com/uploads/roi/company/integrity_systems.png","alias":"integrity-systems","address":"Київ 01032 вул. Саксаганського, 119, оф. 26","roles":[],"description":"Integrity Systems is a young company, system integrator dynamic. Integrity Systems specializes in the design and implementation of IT solutions for medium and large enterprises. The company "Systems Integration" was founded in 2007 and focuses its activities on solutions using various technologies IT business objectives corporate customers in Ukraine. The main asset is our team of qualified consultants, project managers and engineers, allowing us to offer our clients services that cover the full life cycle of IT solutions - from analyzing business objectives, design, implementation and further maintenance and support.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":197,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":0,"vendorPartnersCount":9,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://integritysys.com.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Integrity Systems","keywords":"Systems, solutions, Integrity, implementation, design, company, business, objectives","description":"Integrity Systems is a young company, system integrator dynamic. Integrity Systems specializes in the design and implementation of IT solutions for medium and large enterprises. The company "Systems Integration" was founded in 2007 and focuses its ac","og:title":"Integrity Systems","og:description":"Integrity Systems is a young company, system integrator dynamic. Integrity Systems specializes in the design and implementation of IT solutions for medium and large enterprises. The company "Systems Integration" was founded in 2007 and focuses its ac","og:image":"https://old.roi4cio.com/uploads/roi/company/integrity_systems.png"},"eventUrl":""},"vendors":[{"id":171,"title":"Check Point","logoURL":"https://old.roi4cio.com/uploads/roi/company/checkpoint_logo.png","alias":"check-point","address":"","roles":[],"description":"Check Point Software Technologies Ltd. is an international provider of software and combined hardware and software products for IT security, including network security, endpoint security, data security and security management.\r\n\r\nAs of 2016 the company has approximately 3,400 employees worldwide. Headquartered in Tel Aviv, Israel, the company has development centers in Israel, California (ZoneAlarm), Sweden (Former Protect Data development centre), and Belarus. The company has main offices in the United States, in San Carlos, California, in Dallas, Texas, in Ottawa, Ontario, Canada, and Sydney Australia.\r\n\r\nCheck Point competes in the antivirus industry against AVG, Avira, ESET, F-Secure, Kaspersky, McAfee, Panda Security, Sophos and Symantec among others.","companyTypes":[],"products":{},"vendoredProductsCount":7,"suppliedProductsCount":7,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":2,"vendorPartnersCount":0,"supplierPartnersCount":38,"b4r":0,"categories":{},"companyUrl":"www.checkpoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Check Point","keywords":"security, company, Point, Check, California, Israel, development, software","description":"Check Point Software Technologies Ltd. is an international provider of software and combined hardware and software products for IT security, including network security, endpoint security, data security and security management.\r\n\r\nAs of 2016 the company has app","og:title":"Check Point","og:description":"Check Point Software Technologies Ltd. is an international provider of software and combined hardware and software products for IT security, including network security, endpoint security, data security and security management.\r\n\r\nAs of 2016 the company has app","og:image":"https://old.roi4cio.com/uploads/roi/company/checkpoint_logo.png"},"eventUrl":""}],"products":[{"id":473,"logo":false,"scheme":false,"title":"Check Point vSEC Virtual Edition","vendorVerified":0,"rating":"2.00","implementationsCount":1,"suppliersCount":0,"alias":"check-point-vsec-virtual-edition","companyTypes":[],"description":"Secure virtual environments\r\n\r\nMulti-layered security protections for virtual environments including next-generation firewall and advanced threat prevention\r\nInspect all traffic—from inter-VM to perimeter—in the virtual network\r\nPermit secure access to remote systems and networks\r\nUnified management of virtual and physical environments\r\n\r\nConsistent security policy and uniform security management across both physical and virtual infrastructures\r\nVisibility into virtualization configuration and security changes\r\nSeparation of duties between virtualization and security teams\r\nLicensing is based on virtual cores used and supports dynamic allocation ideal for elastic workloads\r\nThanks to Check Point vSEC Virtual Edition (VE), we have a virtual security solution that fully integrates into our dynamic virtualized environment with all the performance, security and functionality we’ve expected from our physical Check Point gateways for years.\r\n\r\nFeatures\r\n\r\nFull protections with Check Point Software Blades\r\nCheck Point vSEC Virtual Edition provides the full protections of the Check Point Software Blade architecture.\r\n\r\nFirewall, IPS, Antivirus, Anti-Bot Software Blades protect services in the public cloud from unauthorized access and attacks.\r\nApplication Control Software Blade helps prevent application layer denial of service attacks and protects your cloud services.\r\nIPsec VPN Software Blade allows secure communication into cloud resources.\r\nMobile Access Software Blade allows mobile users to connect to the cloud using an SSL encrypted connection with two factor authentication and device pairing.\r\nData Loss Prevention Software Blade protects sensitive data from theft or unintentional loss.\r\nSandBlast Zero-Day Protection Blades provide the most comprehensive protection against malware and zero-day attacks.\r\nConsolidated logs and reporting for hybrid cloud environments\r\nGet visibility and enforcement across your virtual infrastructures using the Next Generation SmartEvent Software Blade. Simplify compliance and audits with unified logs and reporting.\r\nCentralized management for virtual and physical infrastructures\r\nManage vSEC VE using your existing on-premise Check Point Unified Security Management Solution. Enforce a consistent security policy for corporate assets across both virtual and physical infrastructures from a single console.\r\n","shortDescription":"The Check Point vSEC Virtual Edition gateway protects dynamic virtualized environments from internal and external threats by securing virtual machines (VMs) and applications with the full range of protections of the Check Point Software Blade architecture. Check Point’s virtualization security supports multiple hypervisors including VMware ESX, Microsoft Hyper-V and KVM.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Check Point vSEC Virtual Edition","keywords":"virtual, security, Software, Point, Check, Blade, cloud, physical","description":"Secure virtual environments\r\n\r\nMulti-layered security protections for virtual environments including next-generation firewall and advanced threat prevention\r\nInspect all traffic—from inter-VM to perimeter—in the virtual network\r\nPermit secure access to remote ","og:title":"Check Point vSEC Virtual Edition","og:description":"Secure virtual environments\r\n\r\nMulti-layered security protections for virtual environments including next-generation firewall and advanced threat prevention\r\nInspect all traffic—from inter-VM to perimeter—in the virtual network\r\nPermit secure access to remote "},"eventUrl":"","translationId":474,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":560,"title":"IPC - Information Protection and Control - Appliance","alias":"ipc-information-protection-and-control-appliance","description":" Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC class hardware solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information.\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":" <span style=\"font-weight: bold;\">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC apparel solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold;\">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold;\">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold;\">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IPC_Information_Protection_and_Control_Appliance.png"},{"id":556,"title":"Antispam - Appliance","alias":"antispam-appliance","description":"Anti-spam appliances are software or hardware devices integrated with on-board software that implement spam filtering and/or anti-spam for instant messaging (also called "spim") and are deployed at the gateway or in front of the mail server. They are normally driven by an operating system optimized for spam filtering. They are generally used in larger networks such as companies and corporations, ISPs, universities, etc.\r\nThe reasons hardware anti-spam appliances might be selected instead of software could include:\r\n<ul><li>The customer prefers to buy hardware rather than software</li><li>Ease of installation</li><li>Operating system requirements</li><li>Independence of existing hardware</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">How does an Antispam Appliance Work?</span>\r\nSince an antispam appliance is hardware, it can be placed at the entry point of the email server to inspect and filter every message that enters the email server. An antispam appliance is capable of evaluating IP addresses that are included in the email messages from the sender. The appliance can also examine the message content and then compare it against the criteria and parameters that have been set for receiving email messages.\r\n<span style=\"font-weight: bold;\">Advantages of an Antispam Appliance</span>\r\nAntispam appliances are capable of providing more email security to large networks because it is hardware that is specifically designed to handle email security on larger networks. Also, since an antispam appliance is hardware, it is much easier to install and configure on a network, as opposed to software that may require a specific operating system infrastructure. For example, if the organization is running the Linux operating system, this type of system will not support antispam filtering software.\r\nAnother advantage of using an antispam appliance is its ability to protect a large network from codes that are designed to destroy the individual computers on the network. These are malicious codes that can enter the email server and then transmit to the email client via spam. When the individual computers get infected, it slows the productivity of the organization and interrupts the network processes.\r\nAlthough many large networks deploy a vulnerability assessment program that can protect the network against criminals with malicious intent, sometimes vulnerability assessment is not enough to protect the massive amounts of email that enter an email server on a large network. This is why it is important to deploy an antispam appliance to provide added security for your email server and the email clients on the individual computers that are connected to the network.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam_Appliance.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":217,"title":"Ukraine","name":"UKR"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":254,"title":"Centralize management"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":373,"title":"IT infrastructure does not meet business tasks"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":387,"title":"Non-compliant with IT security requirements"},{"id":393,"title":"Complex and non-transparent business processes"},{"id":395,"title":"Decentralization of management"}]}},"categories":[{"id":560,"title":"IPC - Information Protection and Control - Appliance","alias":"ipc-information-protection-and-control-appliance","description":" Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC class hardware solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information.\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":" <span style=\"font-weight: bold;\">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC apparel solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold;\">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold;\">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold;\">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IPC_Information_Protection_and_Control_Appliance.png"},{"id":556,"title":"Antispam - Appliance","alias":"antispam-appliance","description":"Anti-spam appliances are software or hardware devices integrated with on-board software that implement spam filtering and/or anti-spam for instant messaging (also called "spim") and are deployed at the gateway or in front of the mail server. They are normally driven by an operating system optimized for spam filtering. They are generally used in larger networks such as companies and corporations, ISPs, universities, etc.\r\nThe reasons hardware anti-spam appliances might be selected instead of software could include:\r\n<ul><li>The customer prefers to buy hardware rather than software</li><li>Ease of installation</li><li>Operating system requirements</li><li>Independence of existing hardware</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">How does an Antispam Appliance Work?</span>\r\nSince an antispam appliance is hardware, it can be placed at the entry point of the email server to inspect and filter every message that enters the email server. An antispam appliance is capable of evaluating IP addresses that are included in the email messages from the sender. The appliance can also examine the message content and then compare it against the criteria and parameters that have been set for receiving email messages.\r\n<span style=\"font-weight: bold;\">Advantages of an Antispam Appliance</span>\r\nAntispam appliances are capable of providing more email security to large networks because it is hardware that is specifically designed to handle email security on larger networks. Also, since an antispam appliance is hardware, it is much easier to install and configure on a network, as opposed to software that may require a specific operating system infrastructure. For example, if the organization is running the Linux operating system, this type of system will not support antispam filtering software.\r\nAnother advantage of using an antispam appliance is its ability to protect a large network from codes that are designed to destroy the individual computers on the network. These are malicious codes that can enter the email server and then transmit to the email client via spam. When the individual computers get infected, it slows the productivity of the organization and interrupts the network processes.\r\nAlthough many large networks deploy a vulnerability assessment program that can protect the network against criminals with malicious intent, sometimes vulnerability assessment is not enough to protect the massive amounts of email that enter an email server on a large network. This is why it is important to deploy an antispam appliance to provide added security for your email server and the email clients on the individual computers that are connected to the network.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam_Appliance.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://ko.com.ua/bezopasnaya_virtualizaciya_evrogazbanka_75981","title":"Media"}},"comments":[],"referencesCount":0},{"id":311,"title":"Dr.Web Desktop Security Suite for insurance company","description":"Description is not ready yet","alias":"drweb-desktop-security-suite-for-insurance-company","roi":0,"seo":{"title":"Dr.Web Desktop Security Suite for insurance company","keywords":"","description":"Description is not ready yet","og:title":"Dr.Web Desktop Security Suite for insurance company","og:description":"Description is not ready yet"},"deal_info":"","user":{"id":3909,"title":"GARANT-AUTO","logoURL":"https://old.roi4cio.com/uploads/roi/company/GARANT-AVTO.gif","alias":"garant-avto","address":"","roles":[],"description":" "GARANT-AVTO" is one of the leading companies in the insurance industry in Ukraine, providing insurance for businesses and individuals.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.garant-auto.com.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"GARANT-AUTO","keywords":"GARANT-AUTO","description":" "GARANT-AVTO" is one of the leading companies in the insurance industry in Ukraine, providing insurance for businesses and individuals.","og:title":"GARANT-AUTO","og:description":" "GARANT-AVTO" is one of the leading companies in the insurance industry in Ukraine, providing insurance for businesses and individuals.","og:image":"https://old.roi4cio.com/uploads/roi/company/GARANT-AVTO.gif"},"eventUrl":""},"supplier":{"id":193,"title":"Yursoft","logoURL":"https://old.roi4cio.com/uploads/roi/company/Screen_Shot_2017-06-28_at_74101_PM.png","alias":"jursoft","address":"","roles":[],"description":"Yursoft is an experienced software reseller","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":42,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":1,"vendorImplementationsCount":0,"vendorPartnersCount":3,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.yursoft.com.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Yursoft","keywords":"Yursoft, reseller, software, experienced","description":"Yursoft is an experienced software reseller","og:title":"Yursoft","og:description":"Yursoft is an experienced software reseller","og:image":"https://old.roi4cio.com/uploads/roi/company/Screen_Shot_2017-06-28_at_74101_PM.png"},"eventUrl":""},"vendors":[{"id":2794,"title":"Dr.Web","logoURL":"https://old.roi4cio.com/uploads/roi/company/Dr.Web.png","alias":"drweb","address":"","roles":[],"description":"Dr.Web is a Russian anti-malware company and the name of its flagship software suite. First released in 1992, it became the first anti-virus service in Russia.\r\n\r\nThe company also offers anti-spam solutions and is used by Yandex, Russia's biggest search provider, to scan e-mail attachments. There is also an add-on for all major browsers which checks links with the online version of Dr Web.\r\n\r\nDr.Web has withdrawn from AV tests such as Virus Bulletin VB100% around 2008 stating that they no longer represent the ability to counteract contemporary malware threats.\r\n\r\nSource: https://en.wikipedia.org/wiki/Dr._Web","companyTypes":[],"products":{},"vendoredProductsCount":3,"suppliedProductsCount":3,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":1,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":0,"categories":{},"companyUrl":"http://www.drweb.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Dr.Web","keywords":"Russia, company, also, such, around, VB100, Virus, Bulletin","description":"Dr.Web is a Russian anti-malware company and the name of its flagship software suite. First released in 1992, it became the first anti-virus service in Russia.\r\n\r\nThe company also offers anti-spam solutions and is used by Yandex, Russia's biggest search provid","og:title":"Dr.Web","og:description":"Dr.Web is a Russian anti-malware company and the name of its flagship software suite. First released in 1992, it became the first anti-virus service in Russia.\r\n\r\nThe company also offers anti-spam solutions and is used by Yandex, Russia's biggest search provid","og:image":"https://old.roi4cio.com/uploads/roi/company/Dr.Web.png"},"eventUrl":""}],"products":[{"id":1005,"logo":false,"scheme":false,"title":"Dr.Web Desktop Security Suite","vendorVerified":0,"rating":"2.40","implementationsCount":1,"suppliersCount":0,"alias":"drweb-desktop-security-suite","companyTypes":[],"description":"Dr.Web products:\r\n\r\n Dr.Web for Windows (32&64 bit versions)\r\n Dr.Web KATANA (32&64 bit versions)\r\n Dr.Web for Linux (32&64 bit versions)\r\n Dr.Web for OS X (32&64 bit versions)\r\n Dr.Web Console scanners\r\n Dr.Web Control Center","shortDescription":"Dr.Web Desktop Security Suite - Protection of workstations, embedded system clients, clients of terminal and virtual servers.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Dr.Web Desktop Security Suite","keywords":"versions, 3264, Console, scanners, Control, Center, KATANA, Suite","description":"Dr.Web products:\r\n\r\n Dr.Web for Windows (32&64 bit versions)\r\n Dr.Web KATANA (32&64 bit versions)\r\n Dr.Web for Linux (32&64 bit versions)\r\n Dr.Web for OS X (32&64 bit versions)\r\n ","og:title":"Dr.Web Desktop Security Suite","og:description":"Dr.Web products:\r\n\r\n Dr.Web for Windows (32&64 bit versions)\r\n Dr.Web KATANA (32&64 bit versions)\r\n Dr.Web for Linux (32&64 bit versions)\r\n Dr.Web for OS X (32&64 bit versions)\r\n "},"eventUrl":"","translationId":1006,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":217,"title":"Ukraine","name":"UKR"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":336,"title":"Risk or Leaks of confidential information"}]}},"categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"","title":"Media"}},"comments":[],"referencesCount":0},{"id":278,"title":"Forcepoint Advanced Malware Detection, Forcepoint Email Security Cloud, Forcepoint Web Security Cloud for a food and beverage company","description":"OVERVIEW\r\nCrediton Dairy, based in the heart of Devon in southern England, is a food and beverage company that produces a variety of milk drinks. The company is best known for its “Moo Milk” and “Dairy Pride” brands and has products in 13,500 food retail stores nationwide, making it one of the UK’s leading dairy beverage companies. Its chairman, Neil Kennedy, was presented with the prestigious SW Dairy Industry Award for his outstanding contribution towards the development of the British dairy market.\r\nIn 2012, dairy companies Arla Foods UK and Milk Link were given approval to merge by the European Commission (EC). A condition for the approval of the merger was that Crediton Dairy operate as a separate business. Benjamin Evans, formerly with Milk Link, became IT Manager for Crediton Dairy. \r\nCHALLENGE\r\nEvans’ initial task was to implement a web security solution that addressed both security and business challenges Crediton Dairy had been struggling with at the time. Its network had seen continuous attacks from external threats masking as an insider in order to in ltrate and steal sensitive data. These threats would often be in the form of sophisticated ransomware and other advanced threats, with delivery methods that shifted between web and email channels in search of a weakness. Suspicious URLs sent to employees from Director-level positions and phony invitations to download a PDF instructing users to “please pay invoice” are just a few examples Evans saw rsthand within a few weeks of joining the company.\r\nSome attacks were being successfully filtered by the Office 365 Outlook client, but only to the extent of being redirected into a “junk” folder. Nothing was in place to effectively identify or classify information. Crediton Dairy also lacked a solution that delivered real- time security ratings to web or email traffic. \r\nAfter determining the security included in Office 365 was not up to the task, the challenge was to build a security posture from the ground-up— starting with web—that wouldn’t break the budget. With only a small team to work with, Evans began searching for cloud-based security solutions. On-premises appliances were out of the question —he simply didn’t have the resources to install and manage additional hardware. \r\nSOLUTION\r\nCrediton Dairy assessed multiple web security providers, including Barracuda Networks. But according to Evans, Barracuda Networks couldn’t meet their strict functionality or budgetary requirements.\r\n“There were a few let downs on the way the Barracuda URL filtering worked. It just didn’t feel like home.”\r\n— Evans\r\nAs a former Milk Link employee, Evans was familiar with the virtualized classification capabilities and hassle-free maintenance of the Forcepoint Web Security Cloud solution; it was the company’s primary solution for web security.\r\nFollowing Evans’ recommendation, Forcepoint Web Security Cloud went through a Proof of Concept (POC) at Crediton Dairy. It exceeded all expectations. Evans noted that other cloud versions on the market were too “light” in functionality, compared to the high level of protection with Forcepoint.\r\n“The Forcepoint solution offered more options around the Cloud. Rather than just black-listing or white-listing URLs and email addresses, Forcepoint ticked all of our boxes for functionality.”\r\n— Evans\r\nDeployment was straightforward and simple and the Forcepoint support team was there for Evans whenever needed.\r\n“The Forcepoint support team was very good. When we were originally getting set up, my account manager and the support team took control, had a look where any issues might be, configured the solution, and got it up and running while taking me through some of the new features.”\r\n— Evans\r\nCrediton Dairy’s IT department has always embraced innovation and new technologies. It was one of the first to adopt Office 365 when it became available in the UK. However, because Office 365 comes with only basic security features, it doesn’t properly secure the average working email environment. This was, unfortunately, the case for Crediton Dairy.\r\n“We were starting to see a bit more spam coming through Office 365, compared to where it was when it first came out. We started to look at the email side of Forcepoint, for sure.”\r\n— Evans\r\nEvans and Crediton Dairy chose to implement Forcepoint Email Security Cloud as well as Forcepoint Advanced Malware Detection for Email, incorporating cloud-hosted protection that surpasses the capability of on-premises sandboxes. Evans admits, it was a “no- brainer” for his organization.\r\n“Forcepoint Email Security Cloud has stopped anything suspicious from coming in and I can visibly see what is being stopped and what we’re being protected from. We’re protected and it’s one of those insurance policies that every company needs.”\r\n— Evans\r\nThe Crediton Dairy team took advantage of an easy cloud deployment by simply adding the Forcepoint Email Security Cloud to an already deployed Forcepoint Web Security Cloud for coordinated defenses against advanced threats. The deployment of Forcepoint Email Security Cloud was accomplished overnight. Evans and his team began the process on a Friday evening and nished Saturday. \r\nRESULTS\r\nForcepoint Web Security Cloud solutions met all of Crediton Dairy’s functionality and quality requirements without them having to purchase additional hardware. Staying within budget has freed up resources for other projects. At the same time, Forcepoint Email Security Cloud solution has empowered Crediton Dairy to safely embrace new technologies such as Office 365 and enjoy all of its ef ciencies and cost savings.\r\nEvans recalls how well Forcepoint Cloud solutions integrate well with Active Directory and enhance and complement the Office 365 solution already in place.\r\n“Forcepoint is able to work seamlessly with Office 365. We don’t see any problems at all when we run the two together.”\r\n— Evans\r\nAn easy deployment of Forcepoint Web Security Cloud and Forcepoint Email Security Cloud solutions have paved the way for Crediton Dairy to continue to evolve and innovate with safety and con dence.\r\nCrediton Dairy has relied on Forcepoint security solutions since 2015. ","alias":"forcepoint-advanced-malware-detection-forcepoint-email-security-cloud-forcepoint-web-security-cloud-for-a-food-and-beverage-company","roi":0,"seo":{"title":"Forcepoint Advanced Malware Detection, Forcepoint Email Security Cloud, Forcepoint Web Security Cloud for a food and beverage company","keywords":"Forcepoint, Evans, Crediton, Dairy, Cloud, Security, with, security","description":"OVERVIEW\r\nCrediton Dairy, based in the heart of Devon in southern England, is a food and beverage company that produces a variety of milk drinks. The company is best known for its “Moo Milk” and “Dairy Pride” brands and has products in 13,500 food retail store","og:title":"Forcepoint Advanced Malware Detection, Forcepoint Email Security Cloud, Forcepoint Web Security Cloud for a food and beverage company","og:description":"OVERVIEW\r\nCrediton Dairy, based in the heart of Devon in southern England, is a food and beverage company that produces a variety of milk drinks. The company is best known for its “Moo Milk” and “Dairy Pride” brands and has products in 13,500 food retail store"},"deal_info":"","user":{"id":3869,"title":"Crediton Dairy","logoURL":"https://old.roi4cio.com/uploads/roi/company/Crediton_Dairy.jpg","alias":"crediton-dairy","address":"","roles":[],"description":"Crediton Dairy is one of the UK’s leading dairy drinks businesses producing a comprehensive range of fresh flavoured and functional chilled milk drinks, as well as long life milks & creams. Located in the heart of Devon, we are dedicated to producing great tasting dairy products made from British milk supplied by our group of local, family-run, dairy farms.\r\n We’re independently owned, financially strong and professionally run and focused on adding value to everything we do. To this end we constantly challenge ourselves:\r\nto do better;\r\nto listen to and meet the needs of our customers and consumers;\r\nto value and build strong relationships with our people, partners and farmer suppliers; and\r\nto act responsibly, ethically and treat others as we would want to be treated.\r\nOur great tasting milk drinks are for everyone from growing families to fitness fanatics. Our products are consumed in homes, restaurants and on-the-go across the country. From retailer own-label to our fast-growing Moo brand you’ll find Crediton Dairy products in over 13,500 food retail stores nationwide. We’re also a leading supplier of milks and creams across the foodservice and wholesale sectors. But we aren’t stopping there and we’re working on exciting new product innovations and formats to move the dairy drinks category forward.\r\nAll of this comes out of our well invested dairy situated in the middle of Devon, a county which is of course synonymous with dairy farming and great tasting dairy products and at Crediton Dairy we’re incredibly proud to be continuing this tradition.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.creditondairy.co.uk/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Crediton Dairy","keywords":"Dairy, Crediton","description":"Crediton Dairy is one of the UK’s leading dairy drinks businesses producing a comprehensive range of fresh flavoured and functional chilled milk drinks, as well as long life milks & creams. Located in the heart of Devon, we are dedicated to producing great ta","og:title":"Crediton Dairy","og:description":"Crediton Dairy is one of the UK’s leading dairy drinks businesses producing a comprehensive range of fresh flavoured and functional chilled milk drinks, as well as long life milks & creams. Located in the heart of Devon, we are dedicated to producing great ta","og:image":"https://old.roi4cio.com/uploads/roi/company/Crediton_Dairy.jpg"},"eventUrl":""},"supplier":{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""},"vendors":[{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""}],"products":[{"id":938,"logo":false,"scheme":false,"title":"Forcepoint Email Security","vendorVerified":0,"rating":"2.00","implementationsCount":4,"suppliersCount":0,"alias":"forcepoint-email-security","companyTypes":[],"description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Security integrates powerful analytics and advanced malware sandboxing for inbound protection, content filtering for outbound data control and email encryption for secure communications.<br />Forcepoint Email Security Cloud’s proactive URL Wrapping and Phishing Education secure email wherever users need access, even on mobile devices. Our unrivaled cloud infrastructure delivers phishing, malware and DLP protection for Microsoft Office 365™ and other popular email systems.<br /><br /><span style=\"font-weight: bold;\">The Forcepoint Email Security advantage</span><br />\r\n<span style=\"font-style: italic;\">Real-time threat protection</span><br />\r\nReal-time threat protection uses a unique blend of detection technologies, including machine learning, sandboxing, and predictive analytics to effectively stop advanced threats such as ransomware.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Protection against highly evasive zero-day threats</span><br />\r\nGet advanced malware detection (sandboxing) with our full system emulation sandbox. Deep content inspection reveals highly evasive zero-day threat with no false positives.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Powerful encryption for additional protection</span><br />\r\nEncrypt sensitive email conversations and enhance mobile security by controlling sensitive attachments access by device.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Incident risk ranking to find the greatest risks</span><br />\r\nIncidents are correlated across multiple events to identify true cumulative risk trends and activity. A risk score is included to help security teams identify the greatest risks based on real-time activity.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Integrated data loss prevention</span><br />\r\nIntegrated industry-leading data loss prevention stops data infiltration and exfiltration capabilities.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Unique phishing education feature</span><br />\r\nUse Forcepoint Email Security’s unique phishing education features to help users adopt best practices and identify those who need additional training to improve their security awareness.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Complete out-of-the-box solution</span><br />\r\nForcepoint Email Security includes DLP, URL wrapping, and other capabilities that are considered premium "add-ons" or upgrades by many competitors, delivering the most comprehensive inbound and outbound defenses out of the box.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Deployment flexibility</span><br />\r\nHow you deploy our email security solution is up to you. Choose from a range of physical and virtual appliances to leverage existing hardware, cloud deployment, or hybrid environments.","shortDescription":"Forcepoint Email Security identifies targeted attacks, high-risk users and insider threats, while empowering mobile workers and the safe adoption of new technologies like Office 365 and Box Enterprise","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Email Security","keywords":"Cloud, Forcepoint, Security, email, Email, attacks, threats, advanced","description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Se","og:title":"Forcepoint Email Security","og:description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Se"},"eventUrl":"","translationId":939,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"},{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":954,"logo":false,"scheme":false,"title":"Forcepoint Advanced Malware Detection","vendorVerified":0,"rating":"2.00","implementationsCount":1,"suppliersCount":0,"alias":"forcepoint-advanced-malware-detection","companyTypes":[],"description":"<strong>DETECT EVASIVE MALWARE OTHERS CANNOT SEE</strong>\r\nIt’s become increasingly difficult to identify the malware components of advanced threats, mostly due to the evolution of evasion tactics and technology by criminal and nation-state threat actors.\r\n<strong>Unmatched Accuracy</strong>\r\nForcepoint Advanced Malware Detection technology is unmatched in security efficacy. Even highly evasive threats are revealed through Deep Content Inspection of activity at multiple levels, dormant code, and other indicators often overlooked by traditional sandbox technologies.\r\n<strong>Zero-False Positives</strong>\r\nEliminate the distraction of False Positive results with AMD. This means your incident response team can spend its limited time responding to actual threats, not chasing down false positives and searching for indicators of compromise (IOCs).\r\n<strong>Global Threat Intelligence</strong>\r\nForcepoint sends threat intelligence updates containing the characteristics, behaviors and associated IOCs of every malicious object curated and analyzed within the global service. This allows for faster identification of previously-seen threats, new threats that reuse objects, and streamlines the analysis, detection and response to previously unseen threats.\r\n<strong>DEEP CONTENT INSPECTION – A STEP BEYOND SANDBOXING</strong>\r\nAs with sandboxing, Forcepoint Advanced Malware Detection provides a simulated environment for malware execution; that is where any similarity ends.\r\n<strong>A Complete Environment</strong>\r\nTraditional sandboxes have visibility down to the operating system level only. Forcepoint offers a unique isolation and inspection environment that simulates an entire host including the CPU, system memory and all devices. Deep Content Inspection interacts with malware to observe all the actions it might take within this complete environment, and even identifies ‘dormant code’ for special analysis.\r\n<strong>Malware Interaction</strong>\r\nSandbox-only solutions provide a relatively static environment, limiting the malicious ‘behavior’ they may uncover. Because Forcepoint Advanced Malware Detection interacts with malware, it observes every action that it might take, even when those actions are delegated to the operating system or other programs. In addition, this tool identifies potentially malicious ‘dormant code’ that the malware does not execute.\r\n<strong>Extensive Malware Detail Exposure</strong>\r\nA comprehensive solution must do more than just stop advanced malware. Correlated incident information prioritizes the most significant threats in your network without combing through massive log files. Full attack chain visibility enables your incident response team to quickly understand the nature of the attack, making your scarce security resources more efficient.\r\n<strong>MALWARE DETECTION ACROSS CHANNELS</strong>\r\nThreat actors will find and exploit any available point of entry. Forcepoint Advanced Malware Detection integrates with other defenses, complimenting their own security capabilities to frustrate attacker efforts across multiple channels. The resulting shared intelligence improves overall visibility and strengthens each point of defense.\r\nForcepoint Web Security is a (cloud or hybrid deployed) Secure Web Gateway that stops advanced threats from getting in and sensitive data from getting out – whether an organization’s users are in the office, working from home or on the road. Forcepoint Advanced Malware Detection integrates with Web Security as an additional defense against zero-day and other advanced, evasive malware.\r\nIts cutting-edge classification engine, global threat intelligence, advanced malware detection and enterprise-class DLP work together to make strong security easy to deploy. It delivers real-time web protection for increasingly mobile workforces and can share policies and context with Email Security to thwart advanced, coordinated web and email attacks with complete inbound and outbound defenses.\r\nForcepoint Email Security stops spam and phishing emails that introduce ransomware and other advanced threats before they can infect systems with malware. Forcepoint Advanced Malware Detection integrates with Email Security as an additional defense against zero-day and other advanced, evasive malware.\r\nThe comprehensive defenses of Forcepoint Email Security integrate: highly effective analytics, URL Wrapping, Phishing education, and advanced malware detection for inbound protection—as well as integrated DLP as an outbound control and email encryption for secure communications.\r\nOperating on the security industry’s most secure cloud infrastructure, Forcepoint Email Security delivers unparalleled phishing, malware and DLP protection for Microsoft Office 365 and other popular email systems.\r\nForcepoint Next Generation Firewall (NGFW) connects and protects people and their data throughout offices, branches, and the cloud – all with the greatest efficiency, availability and security. It applies multiple scanning techniques to files found in network traffic, allowing administrators to tailor granular levels of security to the specific needs of each connection. Forcepoint Advanced Malware Detection integrates with Forcepoint NGFW as an additional defense against zero-day and other advanced, evasive malware.\r\nForcepoint NGFW can deploy, monitor, and update thousands of firewalls, VPNs and IPSs from a single console – cutting network operating expenses up to 50%. It eliminates downtime with high-availability clustering and Multi-Link networking, block attacks, and manages encrypted traffic without hurting performance. As the pioneer in Advanced Evasion Technique (AET) defenses and proxy technologies for mission-critical applications, Forcepoint NGFW gives you security without compromise.\r\nForcepoint CASB delivers visibility and control over cloud applications and helps eliminate the security and compliance blind spots created in a cloud-first world. It quickly discovers unsanctioned cloud applications and assesses their associated risks, as well as the ability to control how sanctioned cloud applications such as Office 365, Google Suite, Salesforce, Box, Dropbox and others are used in order to prevent the loss of critical intellectual property.\r\nWith Forcepoint CASB, organizations can truly embrace the Cloud by ensuring that their users are not engaging in risky behaviors - without slowing them down.\r\n ","shortDescription":"Forcepoint Advanced Malware Detection - detecting and stoping the most evasive, Advanced Malware Threats","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Advanced Malware Detection","keywords":"Forcepoint, malware, with, Malware, advanced, security, threats, Advanced","description":"<strong>DETECT EVASIVE MALWARE OTHERS CANNOT SEE</strong>\r\nIt’s become increasingly difficult to identify the malware components of advanced threats, mostly due to the evolution of evasion tactics and technology by criminal and nation-state threat actors","og:title":"Forcepoint Advanced Malware Detection","og:description":"<strong>DETECT EVASIVE MALWARE OTHERS CANNOT SEE</strong>\r\nIt’s become increasingly difficult to identify the malware components of advanced threats, mostly due to the evolution of evasion tactics and technology by criminal and nation-state threat actors"},"eventUrl":"","translationId":955,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1473,"logo":false,"scheme":false,"title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud","vendorVerified":0,"rating":"2.40","implementationsCount":2,"suppliersCount":0,"alias":"forcepoint-email-security-cloud-forcepoint-web-security-cloud","companyTypes":[],"description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Today’s attempts to compromise email channels have evolved from simple spam and phishing attempts to more advanced threats like ransomware. Forcepoint Email Security gives you the security you need by protecting you against multi-stage advanced threats that exploit email to penetrate your IT environment.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Forcepoint Email Security applies real-time behavioral sandboxing, enterprise-grade DLP and other advanced defense technologies to prevent leaks of sensitive information, empowering your workers — in the office or on the road — as you safely adopt technologies like Microsoft Office 365. In addition, detect phishing and secure email wherever users need access, even on mobile devices, through features like Phishing Education and URL Wrapping.</span>\r\nYour business and data are under constant attack. Traditional filtering and antivirus products no longer provide sufficient protection, and many web security solutions can’t address advanced threats as they occur.\r\n\r\nForcepoint Web Security provides advanced, real-time threat defense to stop advanced threats and prevent data loss. It provides robust protection through context- and content-aware defenses, coupled with integrated Cloud Access Security Broker (CASB) functionality, to provide control and visibility for cloud applications on both on-premises and roaming users. The combination of industry-leading web protection, CASB functionality and enterprise DLP delivers protection at a value no other vendor can match.","shortDescription":"Forcepoint Email Security Cloud (formerly TRITON AP-EMAIL Cloud) - Protecting from spam, phishing & ransomware attacks wherever email is accessed","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud","keywords":"Security, advanced, Forcepoint, protection, threats, like, Email, Cloud","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Today’s attempts to compromise email channels have evolved from simple spam and phishing attempts to more advanced threats like ransomware. Forcepoint Email Security gives y","og:title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Today’s attempts to compromise email channels have evolved from simple spam and phishing attempts to more advanced threats like ransomware. Forcepoint Email Security gives y"},"eventUrl":"","translationId":1473,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1630,"logo":false,"scheme":false,"title":"Forcepoint Web Security","vendorVerified":0,"rating":"2.00","implementationsCount":4,"suppliersCount":0,"alias":"forcepoint-web-security","companyTypes":[],"description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’t backhaul traffic or pay for appliances.\r\nForcepoint Web Security is built on a multi-tenant platform and deployed globally on the industry’s most secure cloud platform. And because every environment is different, Forcepoint Web Security can be deployed as a hybrid solution in combination with a Forcepoint Next Generation Firewall, providing protection for every user, everywhere.\r\n<span style=\"font-weight: bold;\">Highly secured and always available Forcepoint cloud</span>\r\nExtend web protection to roaming users with global coverage from the industry’s only certified global cloud infrastructure (ISO 27001, 27018, CSA STAR) for protecting every user from advanced threats.\r\n<span style=\"font-weight: bold;\">Empower the anytime, anywhere global workforce</span>\r\nForcepoint’s patent-pending Direct Connect Endpoint™ technology allows for unparalleled speed and connectivity for roaming users, eliminating latencies with a proxy-less endpoint.\r\n<span style=\"font-weight: bold;\">The features, API, and ports of a cloud security solution</span>\r\nForcepoint Web Security includes features typically found in as-a-service only cloud security product—but that’s just the start. Our enterprise-grade gateway appliance includes an SSL decryption mirror port and ingest API for additional threat feeds.\r\n<span style=\"font-weight: bold;\">Unrivaled threat protection with Forcepoint ACE</span>\r\nForcepoint’s Advanced Classification Engine (ACE) identifies threats with over 10,000 analytics, machine learning, behavioral baselines, and other advanced techniques maintained through real-time global threat intelligence.\r\n<span style=\"font-weight: bold;\">Superior real-time reporting—simplified</span>\r\nStreamline your workflow with easy-to-use drag-and-drop reporting, delivered in real-time through an interactive interface—all in a centralized system.\r\n<span style=\"font-weight: bold;\">Remove layers of latency</span>\r\nGo direct. Unlike other cloud solutions, Forcepoint has direct peering partners, critical to the security and productivity of a global workforce and its shared data.\r\n\r\n<span style=\"font-weight: bold;\">Key features:</span><span style=\"font-style: italic;\"></span>\r\n<span style=\"font-weight: bold;\">Integrated CASB functionality</span><br />Easily extend visibility and control to cloud applications, from shadow IT reporting to full control via inline (proxy) mode.\r\n<span style=\"font-weight: bold;\">Not just URL filtering</span>\r\nDon’t need your traffic forwarded to the cloud? Enable URL filtering in our leading Next Generation Firewall (NGFW), allowing for granular controls based on users and applications.\r\n<span style=\"font-weight: bold;\">Streamline compliance</span>\r\nMeet the highest certification standards across data privacy laws and residency requirements in different jurisdictions—while allowing users to keep doing good things.\r\n<span style=\"font-weight: bold;\">Expand internet access for roaming users</span>\r\nApply different policies when an employee connects from corporate and non-corporate locations with Forcepoint Web Security.\r\n<span style=\"font-weight: bold;\">Security and protection beyond the endpoint</span>\r\nExtend your existing policies to mobile devices and protect them from Advanced Threats, mobile malware, phishing attacks, spoofing, and more with Web Security.\r\n<span style=\"font-weight: bold;\">ThreatSeeker Intelligence</span>\r\nUnite over 900 million endpoints (including inputs from Facebook), and with Forcepoint ACE security defenses, analyze up to five billion requests per day. This is the core collective intelligence for all Forcepoint products—managed by Forcepoint Security Labs.\r\n<span style=\"font-weight: bold;\">Enterprise-grade DLP protection</span>\r\nForcepoint’s 9x Magic Quadrant leading DLP and integrated Incident Risk Ranking (IRR) can protect your data from people-based security incidents, including risk caused by accidental, compromised, and malicious insiders.\r\n<span style=\"font-weight: bold;\">Eliminate crippling false malware with AMD</span>\r\nCloud sandboxing allows you to optimize remediation efforts for incident response teams with comprehensive and actionable intelligence—providing 100% efficacy in malware detection.","shortDescription":"Forcepoint Web Security provides robust protection through content aware defenses and cloud app discovery and monitoring, reducing risks to sensitive data for both on premise and mobile users.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Web Security","keywords":"data, Forcepoint, theft, Security, your, content, within, include","description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’","og:title":"Forcepoint Web Security","og:description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’"},"eventUrl":"","translationId":1561,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":74,"title":"United Kingdom","name":"GBR"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":178,"title":"No control over data access"},{"id":281,"title":"No IT security guidelines"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":344,"title":"Malware infection via Internet, email, storage devices"}]}},"categories":[{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"},{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.forcepoint.com/resources/case-study/crediton-dairy","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":281,"title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud for a global food provider","description":"Our goal was to keep everything as simple as possible, not complicated. Forcepoint™, in comparison with other systems, clearly, offered the best solution. \r\nWolfgang Allgäuer\r\nIT Infrastructure Manager OSI Food Solutions\r\nHave similar needs?\r\nOVERVIEW\r\nOSI Group, LLC (OSI) provides products and supplies for the food industry, worldwide. It supplies beef, pork, poultry and seafood, as well as vegetable, dough, fruit and cheese-based products. OSI is a well-known supplier for global food chains such as Subway, Starbucks, Pizza Hut and McDonalds. The company is based in Aurora, Illinois with additional offices in the United Kingdom, Germany and China. \r\nCHALLENGE\r\nEmail is a high-priority service for OSI due to its extensive use across all international locations. OSI experienced a strong uptick in the volume of threatening inbound emails containing malicious links or fraudulent content. These attacks were becoming more sophisticated and equally catastrophic. Employee carelessness with regards to email protocol became an easy way for hackers to inflict damage and steal confidential information. Additionally, the basic anti-spam solution that OSI had initially installed was strictly limited to on-premises protection and was unable provide the scalability necessary to protect a growing workforce of remote employees.\r\nOSI needed a solution to thwart phishing attacks, provide web protection and enforce usage policies that would ensure the security of its roaming users operating in any network. Reducing downtime while delivering a superior performance was prioritized to increase employee productivity and protect OSI’s reputation.\r\n“Our network continued to be compromised, which was significantly frustrating our administration. Therefore, we looked into the market for a new solution which would get rid of these issues once and for all.“\r\n— Wolfgang Allgäuer, IT Infrastructure Manager, OSI \r\nSOLUTION\r\nWhile searching for a new solution, OSI strived to avoid the expense of future on-site installations. With that in mind, Allgäuer and his colleagues concentrated their purchasing criteria exclusively on cloud-based security. They turned to long-term, trusted partner, EyeT Secure Technologies, in Ottobrunn, located near Munich.\r\nEyeT, specializing in IT security consulting, training and licensing, recommended the use of cloud-based email security from Forcepoint. TRITON AP-EMAIL Cloud (now Forcepoint Cloud Email Security) secures the communication channel most often used in the early stages of an advanced attack, empowering mobile workers and the safe adoption of new technologies without the need for additional hardware.\r\n“Deployment was quite simple. We only had to adjust the channels of communication to the Cloud and customize the MX records. That took a maximum of half a day to complete.”\r\n— Allgäuer\r\nEmpowering mobile workers was a large part of the Forcepoint project—about 60% of OSI’s endpoints are laptops, which are constantly connecting to third-party networks. Convinced by the success of TRITON AP-EMAIL Cloud, OSI implemented TRITON AP-WEB Cloud (now Forcepoint Cloud Web Security), which works effortlessly to protect roaming users operating out of any network.\r\n“If our employees connect from outside the corporate network, they now go through the web security solution seamlessly, as if they never left the office.”\r\n— Allgäuer\r\nThe OSI security team in Germany is responsible for securing all of OSI’s European offices. In this critical role, OSI security has the responsibility of creating uniform standards for protecting the organization’s reputation and assets. It must, therefore, deploy solutions that maximize Content Security across an entire infrastructure. TRITON AP-EMAIL Cloud and TRITON AP-WEB Cloud share a common architecture that unifies management and provides visibility into real-time global activity.\r\n“Our goal was to keep everything as simple as possible, not complicated. Forcepoint, in comparison with other systems, clearly offered the best solution.”\r\n— Allgäuer\r\nRESULTS\r\nBy deploying Forcepoint’s Cloud security solutions, OSI has drastically decreased the administrative burden on its IT team. The TRITON architecture ensures full unified management and coordination of inbound and outbound defenses across OSI gateways.\r\n“Our employees no longer receive emails that might contain malicious content and the solution requires little attention which makes a considerable difference to our IT administrators. We are very pleased with the Forcepoint solution.”\r\n— Allgäuer\r\nOSI was so convinced of these benefits that, to date, approximately 75% of its European locations now have a deployed security solution from Forcepoint. In addition, Allgäuer has confirmed that Forcepoint will be used as a pan-European standard for OSI moving forward. OSI Food Solutions has relied on Forcepoint security solutions since 2010. ","alias":"forcepoint-email-security-cloud-forcepoint-web-security-cloud-for-a-global-food-provider","roi":0,"seo":{"title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud for a global food provider","keywords":"Forcepoint, Cloud, solution, security, Allgäuer, that, TRITON, Security","description":"Our goal was to keep everything as simple as possible, not complicated. Forcepoint™, in comparison with other systems, clearly, offered the best solution. \r\nWolfgang Allgäuer\r\nIT Infrastructure Manager OSI Food Solutions\r\nHave similar needs?\r\nOVERVIEW\r\nOSI Gr","og:title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud for a global food provider","og:description":"Our goal was to keep everything as simple as possible, not complicated. Forcepoint™, in comparison with other systems, clearly, offered the best solution. \r\nWolfgang Allgäuer\r\nIT Infrastructure Manager OSI Food Solutions\r\nHave similar needs?\r\nOVERVIEW\r\nOSI Gr"},"deal_info":"","user":{"id":3872,"title":"OSI Group","logoURL":"https://old.roi4cio.com/uploads/roi/company/OSI_Group.jpg","alias":"osi-group","address":"","roles":[],"description":" OSI is the premier global supplier of custom value-added food products to the world’s leading foodservice and retail food brands. As one of the largest privately held companies in the United States, we offer unparalleled resources and reach.\r\nThe extensive capabilities of OSI, including custom food product development and global food supply chain management from sourcing through processing and distribution, allow us to deliver custom food products that fit your operation and maximize your opportunity.\r\nWith more than 65 facilities and 20,000 employees in 17 countries focused on making high quality custom food products, OSI can support your operation’s global presence or future growth with responsiveness and consistency. We can help ensure that your customers have a quality experience nearly anywhere in the world.\r\nSource: https://www.linkedin.com/company/osi-industries/about/","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.osigroup.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"OSI Group","keywords":"Group","description":" OSI is the premier global supplier of custom value-added food products to the world’s leading foodservice and retail food brands. As one of the largest privately held companies in the United States, we offer unparalleled resources and reach.\r\nThe extensive ca","og:title":"OSI Group","og:description":" OSI is the premier global supplier of custom value-added food products to the world’s leading foodservice and retail food brands. As one of the largest privately held companies in the United States, we offer unparalleled resources and reach.\r\nThe extensive ca","og:image":"https://old.roi4cio.com/uploads/roi/company/OSI_Group.jpg"},"eventUrl":""},"supplier":{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""},"vendors":[{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""}],"products":[{"id":1473,"logo":false,"scheme":false,"title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud","vendorVerified":0,"rating":"2.40","implementationsCount":2,"suppliersCount":0,"alias":"forcepoint-email-security-cloud-forcepoint-web-security-cloud","companyTypes":[],"description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Today’s attempts to compromise email channels have evolved from simple spam and phishing attempts to more advanced threats like ransomware. Forcepoint Email Security gives you the security you need by protecting you against multi-stage advanced threats that exploit email to penetrate your IT environment.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Forcepoint Email Security applies real-time behavioral sandboxing, enterprise-grade DLP and other advanced defense technologies to prevent leaks of sensitive information, empowering your workers — in the office or on the road — as you safely adopt technologies like Microsoft Office 365. In addition, detect phishing and secure email wherever users need access, even on mobile devices, through features like Phishing Education and URL Wrapping.</span>\r\nYour business and data are under constant attack. Traditional filtering and antivirus products no longer provide sufficient protection, and many web security solutions can’t address advanced threats as they occur.\r\n\r\nForcepoint Web Security provides advanced, real-time threat defense to stop advanced threats and prevent data loss. It provides robust protection through context- and content-aware defenses, coupled with integrated Cloud Access Security Broker (CASB) functionality, to provide control and visibility for cloud applications on both on-premises and roaming users. The combination of industry-leading web protection, CASB functionality and enterprise DLP delivers protection at a value no other vendor can match.","shortDescription":"Forcepoint Email Security Cloud (formerly TRITON AP-EMAIL Cloud) - Protecting from spam, phishing & ransomware attacks wherever email is accessed","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud","keywords":"Security, advanced, Forcepoint, protection, threats, like, Email, Cloud","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Today’s attempts to compromise email channels have evolved from simple spam and phishing attempts to more advanced threats like ransomware. Forcepoint Email Security gives y","og:title":"Forcepoint Email Security Cloud, Forcepoint Web Security Cloud","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Today’s attempts to compromise email channels have evolved from simple spam and phishing attempts to more advanced threats like ransomware. Forcepoint Email Security gives y"},"eventUrl":"","translationId":1473,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":54,"title":"Germany","name":"DEU"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":178,"title":"No control over data access"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":344,"title":"Malware infection via Internet, email, storage devices"}]}},"categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.forcepoint.com/resources/case-study/osi-food-solutions","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":831,"title":"Forcepoint Email Security, Forcepoint Web Security for an agri-food leader Amadori’","description":"<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-style: italic;\">"We are able to control costs and plan more efficiently by using Forcepoint solutions”,</span> - Gianluca Giovannetti, Chief Information Officer Amadori Group<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Amadori Enhances Security by Consolidating on Forcepoint</span><br />Agri-food leader Amadori’s success is based on the way it manages the entire integrated production chain including farms, feed producers, hatcheries, and food processing plants. The company decided to take the same integrated approach to cybersecurity with Forcepoint.<br /><br /><span style=\"font-weight: bold;\">Challenges</span><br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">New channels for internal and external collaboration required a security upgrade</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Spam help desk support calls required too much time to handle</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Increasing number of users working off-site, sometimes in public areas, with little protection led to new security risks</span></li></ul>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Approach</span><br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Forcepoint Email Security Cloud to eliminate spam and malware before it reaches the company network</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Forcepoint Web Security to protect both office and remote workers from phishing sites, spyware, and malicious code</span></li></ul>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Results</span><br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Users and the company can take advantage of new external collaboration tools safely</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Eliminated need for help desk to manually check blocked emails; instead users receive a daily report of emails quarantined, freeing up help desk time to focus on more pressing priorities</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Consolidating on Forcepoint for all its key needs enabled the organization to reduce total cost of ownership and administrative overheads, while increasing planning efficiency.</span></li></ul>","alias":"forcepoint-email-security-forcepoint-web-security-for-an-agri-food-leader-amadori","roi":0,"seo":{"title":"Forcepoint Email Security, Forcepoint Web Security for an agri-food leader Amadori’","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-style: italic;\">"We are able to control costs and plan more efficiently by using Forcepoint solutions”,</span> - Gianluca Giovannetti, Chief Information Officer Amadori Group<br /></span>\r\n<sp","og:title":"Forcepoint Email Security, Forcepoint Web Security for an agri-food leader Amadori’","og:description":"<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-style: italic;\">"We are able to control costs and plan more efficiently by using Forcepoint solutions”,</span> - Gianluca Giovannetti, Chief Information Officer Amadori Group<br /></span>\r\n<sp"},"deal_info":"","user":{"id":5737,"title":"Amadori","logoURL":"https://old.roi4cio.com/uploads/roi/company/amadori-logo.png","alias":"amadori","address":"","roles":[],"description":" Amadori is one of the leading companies in the Italian agro-food sector, an innovative company and specialist in the poultry market. The turnover in 2014 was more than 1,2 billion euros. The Company, founded forty years ago in San Vittore di Cesena, relies on collaboration with over 7,200 workers and has industrial plants, subsidiaries and branches all over Italy.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.amadori.it/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Amadori","keywords":"","description":" Amadori is one of the leading companies in the Italian agro-food sector, an innovative company and specialist in the poultry market. The turnover in 2014 was more than 1,2 billion euros. The Company, founded forty years ago in San Vittore di Cesena, relies on","og:title":"Amadori","og:description":" Amadori is one of the leading companies in the Italian agro-food sector, an innovative company and specialist in the poultry market. The turnover in 2014 was more than 1,2 billion euros. The Company, founded forty years ago in San Vittore di Cesena, relies on","og:image":"https://old.roi4cio.com/uploads/roi/company/amadori-logo.png"},"eventUrl":""},"supplier":{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""},"vendors":[{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""}],"products":[{"id":938,"logo":false,"scheme":false,"title":"Forcepoint Email Security","vendorVerified":0,"rating":"2.00","implementationsCount":4,"suppliersCount":0,"alias":"forcepoint-email-security","companyTypes":[],"description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Security integrates powerful analytics and advanced malware sandboxing for inbound protection, content filtering for outbound data control and email encryption for secure communications.<br />Forcepoint Email Security Cloud’s proactive URL Wrapping and Phishing Education secure email wherever users need access, even on mobile devices. Our unrivaled cloud infrastructure delivers phishing, malware and DLP protection for Microsoft Office 365™ and other popular email systems.<br /><br /><span style=\"font-weight: bold;\">The Forcepoint Email Security advantage</span><br />\r\n<span style=\"font-style: italic;\">Real-time threat protection</span><br />\r\nReal-time threat protection uses a unique blend of detection technologies, including machine learning, sandboxing, and predictive analytics to effectively stop advanced threats such as ransomware.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Protection against highly evasive zero-day threats</span><br />\r\nGet advanced malware detection (sandboxing) with our full system emulation sandbox. Deep content inspection reveals highly evasive zero-day threat with no false positives.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Powerful encryption for additional protection</span><br />\r\nEncrypt sensitive email conversations and enhance mobile security by controlling sensitive attachments access by device.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Incident risk ranking to find the greatest risks</span><br />\r\nIncidents are correlated across multiple events to identify true cumulative risk trends and activity. A risk score is included to help security teams identify the greatest risks based on real-time activity.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Integrated data loss prevention</span><br />\r\nIntegrated industry-leading data loss prevention stops data infiltration and exfiltration capabilities.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Unique phishing education feature</span><br />\r\nUse Forcepoint Email Security’s unique phishing education features to help users adopt best practices and identify those who need additional training to improve their security awareness.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Complete out-of-the-box solution</span><br />\r\nForcepoint Email Security includes DLP, URL wrapping, and other capabilities that are considered premium "add-ons" or upgrades by many competitors, delivering the most comprehensive inbound and outbound defenses out of the box.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Deployment flexibility</span><br />\r\nHow you deploy our email security solution is up to you. Choose from a range of physical and virtual appliances to leverage existing hardware, cloud deployment, or hybrid environments.","shortDescription":"Forcepoint Email Security identifies targeted attacks, high-risk users and insider threats, while empowering mobile workers and the safe adoption of new technologies like Office 365 and Box Enterprise","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Email Security","keywords":"Cloud, Forcepoint, Security, email, Email, attacks, threats, advanced","description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Se","og:title":"Forcepoint Email Security","og:description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Se"},"eventUrl":"","translationId":939,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"},{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1630,"logo":false,"scheme":false,"title":"Forcepoint Web Security","vendorVerified":0,"rating":"2.00","implementationsCount":4,"suppliersCount":0,"alias":"forcepoint-web-security","companyTypes":[],"description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’t backhaul traffic or pay for appliances.\r\nForcepoint Web Security is built on a multi-tenant platform and deployed globally on the industry’s most secure cloud platform. And because every environment is different, Forcepoint Web Security can be deployed as a hybrid solution in combination with a Forcepoint Next Generation Firewall, providing protection for every user, everywhere.\r\n<span style=\"font-weight: bold;\">Highly secured and always available Forcepoint cloud</span>\r\nExtend web protection to roaming users with global coverage from the industry’s only certified global cloud infrastructure (ISO 27001, 27018, CSA STAR) for protecting every user from advanced threats.\r\n<span style=\"font-weight: bold;\">Empower the anytime, anywhere global workforce</span>\r\nForcepoint’s patent-pending Direct Connect Endpoint™ technology allows for unparalleled speed and connectivity for roaming users, eliminating latencies with a proxy-less endpoint.\r\n<span style=\"font-weight: bold;\">The features, API, and ports of a cloud security solution</span>\r\nForcepoint Web Security includes features typically found in as-a-service only cloud security product—but that’s just the start. Our enterprise-grade gateway appliance includes an SSL decryption mirror port and ingest API for additional threat feeds.\r\n<span style=\"font-weight: bold;\">Unrivaled threat protection with Forcepoint ACE</span>\r\nForcepoint’s Advanced Classification Engine (ACE) identifies threats with over 10,000 analytics, machine learning, behavioral baselines, and other advanced techniques maintained through real-time global threat intelligence.\r\n<span style=\"font-weight: bold;\">Superior real-time reporting—simplified</span>\r\nStreamline your workflow with easy-to-use drag-and-drop reporting, delivered in real-time through an interactive interface—all in a centralized system.\r\n<span style=\"font-weight: bold;\">Remove layers of latency</span>\r\nGo direct. Unlike other cloud solutions, Forcepoint has direct peering partners, critical to the security and productivity of a global workforce and its shared data.\r\n\r\n<span style=\"font-weight: bold;\">Key features:</span><span style=\"font-style: italic;\"></span>\r\n<span style=\"font-weight: bold;\">Integrated CASB functionality</span><br />Easily extend visibility and control to cloud applications, from shadow IT reporting to full control via inline (proxy) mode.\r\n<span style=\"font-weight: bold;\">Not just URL filtering</span>\r\nDon’t need your traffic forwarded to the cloud? Enable URL filtering in our leading Next Generation Firewall (NGFW), allowing for granular controls based on users and applications.\r\n<span style=\"font-weight: bold;\">Streamline compliance</span>\r\nMeet the highest certification standards across data privacy laws and residency requirements in different jurisdictions—while allowing users to keep doing good things.\r\n<span style=\"font-weight: bold;\">Expand internet access for roaming users</span>\r\nApply different policies when an employee connects from corporate and non-corporate locations with Forcepoint Web Security.\r\n<span style=\"font-weight: bold;\">Security and protection beyond the endpoint</span>\r\nExtend your existing policies to mobile devices and protect them from Advanced Threats, mobile malware, phishing attacks, spoofing, and more with Web Security.\r\n<span style=\"font-weight: bold;\">ThreatSeeker Intelligence</span>\r\nUnite over 900 million endpoints (including inputs from Facebook), and with Forcepoint ACE security defenses, analyze up to five billion requests per day. This is the core collective intelligence for all Forcepoint products—managed by Forcepoint Security Labs.\r\n<span style=\"font-weight: bold;\">Enterprise-grade DLP protection</span>\r\nForcepoint’s 9x Magic Quadrant leading DLP and integrated Incident Risk Ranking (IRR) can protect your data from people-based security incidents, including risk caused by accidental, compromised, and malicious insiders.\r\n<span style=\"font-weight: bold;\">Eliminate crippling false malware with AMD</span>\r\nCloud sandboxing allows you to optimize remediation efforts for incident response teams with comprehensive and actionable intelligence—providing 100% efficacy in malware detection.","shortDescription":"Forcepoint Web Security provides robust protection through content aware defenses and cloud app discovery and monitoring, reducing risks to sensitive data for both on premise and mobile users.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Web Security","keywords":"data, Forcepoint, theft, Security, your, content, within, include","description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’","og:title":"Forcepoint Web Security","og:description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’"},"eventUrl":"","translationId":1561,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":387,"title":"Non-compliant with IT security requirements"}]}},"categories":[{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"},{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.forcepoint.com/resources/case-study/amadori","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":614,"title":"Forcepoint Email Security, Forcepoint Web Security for IT company","description":"To meet the company’s stringent security needs, Alphawest has been using Forcepoint Web and Email Security since 2012. The solution supplements traditional reputation-based filtering needs with intelligent content inspection and advanced analytics.\r\n<blockquote>“Maintaining a separate solution is inefficient and, frankly, frustrating. Adopting a hybrid web and email security solution from Forcepoint has given us the best of both worlds. It delivers great IT management efficiencies because a single management console configures both the cloud services and our internal appliances. So you do everything once and you are protected twice. But at the same time, it ensures we maintain those multiple lines of defense. It is redundancy without replication.”</blockquote>\r\n— Watts","alias":"forcepoint-email-security-forcepoint-web-security-for-it-company","roi":0,"seo":{"title":"Forcepoint Email Security, Forcepoint Web Security for IT company","keywords":"","description":"To meet the company’s stringent security needs, Alphawest has been using Forcepoint Web and Email Security since 2012. The solution supplements traditional reputation-based filtering needs with intelligent content inspection and advanced analytics.\r\n<blockquot","og:title":"Forcepoint Email Security, Forcepoint Web Security for IT company","og:description":"To meet the company’s stringent security needs, Alphawest has been using Forcepoint Web and Email Security since 2012. The solution supplements traditional reputation-based filtering needs with intelligent content inspection and advanced analytics.\r\n<blockquot"},"deal_info":"","user":{"id":5041,"title":"Alphawest","logoURL":"https://old.roi4cio.com/uploads/roi/company/Alphawest.jpg","alias":"alphawest","address":"","roles":[],"description":"With a history dating back to the mid-1980s, a period of public listing on the Australian Stock Exchange and the 2005 high-profile acquisition by SingTel Optus, Alphawest is one of Australia’s best-known ICT support organizations. Headquartered in Sydney, it provides systems development and provisioning, managed and other support services to clients across Australia.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Alphawest","keywords":"","description":"With a history dating back to the mid-1980s, a period of public listing on the Australian Stock Exchange and the 2005 high-profile acquisition by SingTel Optus, Alphawest is one of Australia’s best-known ICT support organizations. Headquartered in Sydney, it p","og:title":"Alphawest","og:description":"With a history dating back to the mid-1980s, a period of public listing on the Australian Stock Exchange and the 2005 high-profile acquisition by SingTel Optus, Alphawest is one of Australia’s best-known ICT support organizations. Headquartered in Sydney, it p","og:image":"https://old.roi4cio.com/uploads/roi/company/Alphawest.jpg"},"eventUrl":""},"supplier":{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""},"vendors":[{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""}],"products":[{"id":938,"logo":false,"scheme":false,"title":"Forcepoint Email Security","vendorVerified":0,"rating":"2.00","implementationsCount":4,"suppliersCount":0,"alias":"forcepoint-email-security","companyTypes":[],"description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Security integrates powerful analytics and advanced malware sandboxing for inbound protection, content filtering for outbound data control and email encryption for secure communications.<br />Forcepoint Email Security Cloud’s proactive URL Wrapping and Phishing Education secure email wherever users need access, even on mobile devices. Our unrivaled cloud infrastructure delivers phishing, malware and DLP protection for Microsoft Office 365™ and other popular email systems.<br /><br /><span style=\"font-weight: bold;\">The Forcepoint Email Security advantage</span><br />\r\n<span style=\"font-style: italic;\">Real-time threat protection</span><br />\r\nReal-time threat protection uses a unique blend of detection technologies, including machine learning, sandboxing, and predictive analytics to effectively stop advanced threats such as ransomware.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Protection against highly evasive zero-day threats</span><br />\r\nGet advanced malware detection (sandboxing) with our full system emulation sandbox. Deep content inspection reveals highly evasive zero-day threat with no false positives.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Powerful encryption for additional protection</span><br />\r\nEncrypt sensitive email conversations and enhance mobile security by controlling sensitive attachments access by device.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Incident risk ranking to find the greatest risks</span><br />\r\nIncidents are correlated across multiple events to identify true cumulative risk trends and activity. A risk score is included to help security teams identify the greatest risks based on real-time activity.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Integrated data loss prevention</span><br />\r\nIntegrated industry-leading data loss prevention stops data infiltration and exfiltration capabilities.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Unique phishing education feature</span><br />\r\nUse Forcepoint Email Security’s unique phishing education features to help users adopt best practices and identify those who need additional training to improve their security awareness.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Complete out-of-the-box solution</span><br />\r\nForcepoint Email Security includes DLP, URL wrapping, and other capabilities that are considered premium "add-ons" or upgrades by many competitors, delivering the most comprehensive inbound and outbound defenses out of the box.<span style=\"font-style: italic;\"></span>\r\n<span style=\"font-style: italic;\">Deployment flexibility</span><br />\r\nHow you deploy our email security solution is up to you. Choose from a range of physical and virtual appliances to leverage existing hardware, cloud deployment, or hybrid environments.","shortDescription":"Forcepoint Email Security identifies targeted attacks, high-risk users and insider threats, while empowering mobile workers and the safe adoption of new technologies like Office 365 and Box Enterprise","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Email Security","keywords":"Cloud, Forcepoint, Security, email, Email, attacks, threats, advanced","description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Se","og:title":"Forcepoint Email Security","og:description":"Forcepoint Email Security is a protecting from spam, phishing & ransomware attacks wherever email is accessed.\r\nDetect spam, phishing and other APTs with comprehensive defenses to stop advanced threats like ransomware before they start. Forcepoint Email Se"},"eventUrl":"","translationId":939,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"},{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1630,"logo":false,"scheme":false,"title":"Forcepoint Web Security","vendorVerified":0,"rating":"2.00","implementationsCount":4,"suppliersCount":0,"alias":"forcepoint-web-security","companyTypes":[],"description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’t backhaul traffic or pay for appliances.\r\nForcepoint Web Security is built on a multi-tenant platform and deployed globally on the industry’s most secure cloud platform. And because every environment is different, Forcepoint Web Security can be deployed as a hybrid solution in combination with a Forcepoint Next Generation Firewall, providing protection for every user, everywhere.\r\n<span style=\"font-weight: bold;\">Highly secured and always available Forcepoint cloud</span>\r\nExtend web protection to roaming users with global coverage from the industry’s only certified global cloud infrastructure (ISO 27001, 27018, CSA STAR) for protecting every user from advanced threats.\r\n<span style=\"font-weight: bold;\">Empower the anytime, anywhere global workforce</span>\r\nForcepoint’s patent-pending Direct Connect Endpoint™ technology allows for unparalleled speed and connectivity for roaming users, eliminating latencies with a proxy-less endpoint.\r\n<span style=\"font-weight: bold;\">The features, API, and ports of a cloud security solution</span>\r\nForcepoint Web Security includes features typically found in as-a-service only cloud security product—but that’s just the start. Our enterprise-grade gateway appliance includes an SSL decryption mirror port and ingest API for additional threat feeds.\r\n<span style=\"font-weight: bold;\">Unrivaled threat protection with Forcepoint ACE</span>\r\nForcepoint’s Advanced Classification Engine (ACE) identifies threats with over 10,000 analytics, machine learning, behavioral baselines, and other advanced techniques maintained through real-time global threat intelligence.\r\n<span style=\"font-weight: bold;\">Superior real-time reporting—simplified</span>\r\nStreamline your workflow with easy-to-use drag-and-drop reporting, delivered in real-time through an interactive interface—all in a centralized system.\r\n<span style=\"font-weight: bold;\">Remove layers of latency</span>\r\nGo direct. Unlike other cloud solutions, Forcepoint has direct peering partners, critical to the security and productivity of a global workforce and its shared data.\r\n\r\n<span style=\"font-weight: bold;\">Key features:</span><span style=\"font-style: italic;\"></span>\r\n<span style=\"font-weight: bold;\">Integrated CASB functionality</span><br />Easily extend visibility and control to cloud applications, from shadow IT reporting to full control via inline (proxy) mode.\r\n<span style=\"font-weight: bold;\">Not just URL filtering</span>\r\nDon’t need your traffic forwarded to the cloud? Enable URL filtering in our leading Next Generation Firewall (NGFW), allowing for granular controls based on users and applications.\r\n<span style=\"font-weight: bold;\">Streamline compliance</span>\r\nMeet the highest certification standards across data privacy laws and residency requirements in different jurisdictions—while allowing users to keep doing good things.\r\n<span style=\"font-weight: bold;\">Expand internet access for roaming users</span>\r\nApply different policies when an employee connects from corporate and non-corporate locations with Forcepoint Web Security.\r\n<span style=\"font-weight: bold;\">Security and protection beyond the endpoint</span>\r\nExtend your existing policies to mobile devices and protect them from Advanced Threats, mobile malware, phishing attacks, spoofing, and more with Web Security.\r\n<span style=\"font-weight: bold;\">ThreatSeeker Intelligence</span>\r\nUnite over 900 million endpoints (including inputs from Facebook), and with Forcepoint ACE security defenses, analyze up to five billion requests per day. This is the core collective intelligence for all Forcepoint products—managed by Forcepoint Security Labs.\r\n<span style=\"font-weight: bold;\">Enterprise-grade DLP protection</span>\r\nForcepoint’s 9x Magic Quadrant leading DLP and integrated Incident Risk Ranking (IRR) can protect your data from people-based security incidents, including risk caused by accidental, compromised, and malicious insiders.\r\n<span style=\"font-weight: bold;\">Eliminate crippling false malware with AMD</span>\r\nCloud sandboxing allows you to optimize remediation efforts for incident response teams with comprehensive and actionable intelligence—providing 100% efficacy in malware detection.","shortDescription":"Forcepoint Web Security provides robust protection through content aware defenses and cloud app discovery and monitoring, reducing risks to sensitive data for both on premise and mobile users.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Web Security","keywords":"data, Forcepoint, theft, Security, your, content, within, include","description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’","og:title":"Forcepoint Web Security","og:description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’"},"eventUrl":"","translationId":1561,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":387,"title":"Non-compliant with IT security requirements"}]}},"categories":[{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"},{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.forcepoint.com/sites/default/files/case_study_downloads/casestudy_alphawest_en_0.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":618,"title":"Forcepoint URL Filtering, Forcepoint Web Security for logistics","description":"The need to define clearer roles and protocols pushed FERCAM to adopt the Forcepoint Web Security solution:\r\n<blockquote>“We analyzed various offers but our decision was based on the ease of use, the speed of implementation and, above all, the granularity of Forcepoint technology. Today we not only utilize effective and up to date blacklists, but we can determine which portions or services within a particular site to make available or which to block.”</blockquote>\r\n— Albiero\r\nFERCAM managed to define policies for specific user categories while appropriately filtering access to specific web sites or pages. Increased network restrictions will always cause blowback from its most frequent users. However, it did not take long for this staff to accept the increased security after appreciating an overall improved performance.","alias":"forcepoint-url-filtering-forcepoint-web-security-for-logistics","roi":0,"seo":{"title":"Forcepoint URL Filtering, Forcepoint Web Security for logistics","keywords":"","description":"The need to define clearer roles and protocols pushed FERCAM to adopt the Forcepoint Web Security solution:\r\n<blockquote>“We analyzed various offers but our decision was based on the ease of use, the speed of implementation and, above all, the granularity of F","og:title":"Forcepoint URL Filtering, Forcepoint Web Security for logistics","og:description":"The need to define clearer roles and protocols pushed FERCAM to adopt the Forcepoint Web Security solution:\r\n<blockquote>“We analyzed various offers but our decision was based on the ease of use, the speed of implementation and, above all, the granularity of F"},"deal_info":"","user":{"id":5044,"title":"FERCAM","logoURL":"https://old.roi4cio.com/uploads/roi/company/fercam_logo.jpg","alias":"fercam","address":"","roles":[],"description":"Fercam is a family-owned logistics operator with nearly $600 million in annual revenue. The company has 900,000 square meters of warehouses in 32 next generation centers and employs about 1,688 direct and 1,800 indirect personnel. FERCAM operates 50 branches in Italy, 22 in the European Union and 3 in the Mediterranean Basin (Morocco, Tunisia and Turkey), making use of an efficient worldwide network of correspondents and partners.<br />Additionally, FERCAM operates in multiple fields of transport and logistics with specialized services: FERCAM Transport for road and rail, FERCAM Air & Ocean, and FERCAM Logistics and Distribution dedicated to the management of the entire supply chain of its customers.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.fercam.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"FERCAM","keywords":"","description":"Fercam is a family-owned logistics operator with nearly $600 million in annual revenue. The company has 900,000 square meters of warehouses in 32 next generation centers and employs about 1,688 direct and 1,800 indirect personnel. FERCAM operates 50 branches i","og:title":"FERCAM","og:description":"Fercam is a family-owned logistics operator with nearly $600 million in annual revenue. The company has 900,000 square meters of warehouses in 32 next generation centers and employs about 1,688 direct and 1,800 indirect personnel. FERCAM operates 50 branches i","og:image":"https://old.roi4cio.com/uploads/roi/company/fercam_logo.jpg"},"eventUrl":""},"supplier":{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""},"vendors":[{"id":178,"title":"Forcepoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png","alias":"forcepoint","address":"Forcepoint Title","roles":[],"description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-domain solutions, the company is also known as Websense, Raytheon | Websense. </span>\r\n<span lang=\"en\"> Forcepoint solutions protect users, data and computing networks from attacks, as well as accidental and deliberate information leaks throughout the entire life cycle. Forcepoint protects data everywhere - in the office, on the road, in the cloud. This simplifies regulatory compliance and optimizes the cost of security solutions. Forcepoint allows you to focus on prioritization by automating day-to-day operations. </span>\r\n<span lang=\"en\">Forcepoint's clients include Fortune 500 and FTSE 100 leaders: AT&T, Deutsche Telecom, Canon, McDonanld's, UPS, Sheraton, Merill Lynch, Bank of America, PepsiCo Inc. and many others.</span> ","companyTypes":[],"products":{},"vendoredProductsCount":15,"suppliedProductsCount":15,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":15,"vendorImplementationsCount":16,"vendorPartnersCount":0,"supplierPartnersCount":8,"b4r":0,"categories":{},"companyUrl":"www.forcepoint.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Forcepoint","keywords":"Forcepoint, from, Websense, Raytheon, security, data, employees, browsing","description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:title":"Forcepoint","og:description":"<span lang=\"en\">Forcepoint is an American multinational software corporation headquartered in Austin, Texas USA. The company is a subsidiary of Raytheon Technologies, which currently develops computer security and privacy software, CASB, firewalls and cross-do","og:image":"https://old.roi4cio.com/uploads/roi/company/forcepoint_logo.png"},"eventUrl":""}],"products":[{"id":1630,"logo":false,"scheme":false,"title":"Forcepoint Web Security","vendorVerified":0,"rating":"2.00","implementationsCount":4,"suppliersCount":0,"alias":"forcepoint-web-security","companyTypes":[],"description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’t backhaul traffic or pay for appliances.\r\nForcepoint Web Security is built on a multi-tenant platform and deployed globally on the industry’s most secure cloud platform. And because every environment is different, Forcepoint Web Security can be deployed as a hybrid solution in combination with a Forcepoint Next Generation Firewall, providing protection for every user, everywhere.\r\n<span style=\"font-weight: bold;\">Highly secured and always available Forcepoint cloud</span>\r\nExtend web protection to roaming users with global coverage from the industry’s only certified global cloud infrastructure (ISO 27001, 27018, CSA STAR) for protecting every user from advanced threats.\r\n<span style=\"font-weight: bold;\">Empower the anytime, anywhere global workforce</span>\r\nForcepoint’s patent-pending Direct Connect Endpoint™ technology allows for unparalleled speed and connectivity for roaming users, eliminating latencies with a proxy-less endpoint.\r\n<span style=\"font-weight: bold;\">The features, API, and ports of a cloud security solution</span>\r\nForcepoint Web Security includes features typically found in as-a-service only cloud security product—but that’s just the start. Our enterprise-grade gateway appliance includes an SSL decryption mirror port and ingest API for additional threat feeds.\r\n<span style=\"font-weight: bold;\">Unrivaled threat protection with Forcepoint ACE</span>\r\nForcepoint’s Advanced Classification Engine (ACE) identifies threats with over 10,000 analytics, machine learning, behavioral baselines, and other advanced techniques maintained through real-time global threat intelligence.\r\n<span style=\"font-weight: bold;\">Superior real-time reporting—simplified</span>\r\nStreamline your workflow with easy-to-use drag-and-drop reporting, delivered in real-time through an interactive interface—all in a centralized system.\r\n<span style=\"font-weight: bold;\">Remove layers of latency</span>\r\nGo direct. Unlike other cloud solutions, Forcepoint has direct peering partners, critical to the security and productivity of a global workforce and its shared data.\r\n\r\n<span style=\"font-weight: bold;\">Key features:</span><span style=\"font-style: italic;\"></span>\r\n<span style=\"font-weight: bold;\">Integrated CASB functionality</span><br />Easily extend visibility and control to cloud applications, from shadow IT reporting to full control via inline (proxy) mode.\r\n<span style=\"font-weight: bold;\">Not just URL filtering</span>\r\nDon’t need your traffic forwarded to the cloud? Enable URL filtering in our leading Next Generation Firewall (NGFW), allowing for granular controls based on users and applications.\r\n<span style=\"font-weight: bold;\">Streamline compliance</span>\r\nMeet the highest certification standards across data privacy laws and residency requirements in different jurisdictions—while allowing users to keep doing good things.\r\n<span style=\"font-weight: bold;\">Expand internet access for roaming users</span>\r\nApply different policies when an employee connects from corporate and non-corporate locations with Forcepoint Web Security.\r\n<span style=\"font-weight: bold;\">Security and protection beyond the endpoint</span>\r\nExtend your existing policies to mobile devices and protect them from Advanced Threats, mobile malware, phishing attacks, spoofing, and more with Web Security.\r\n<span style=\"font-weight: bold;\">ThreatSeeker Intelligence</span>\r\nUnite over 900 million endpoints (including inputs from Facebook), and with Forcepoint ACE security defenses, analyze up to five billion requests per day. This is the core collective intelligence for all Forcepoint products—managed by Forcepoint Security Labs.\r\n<span style=\"font-weight: bold;\">Enterprise-grade DLP protection</span>\r\nForcepoint’s 9x Magic Quadrant leading DLP and integrated Incident Risk Ranking (IRR) can protect your data from people-based security incidents, including risk caused by accidental, compromised, and malicious insiders.\r\n<span style=\"font-weight: bold;\">Eliminate crippling false malware with AMD</span>\r\nCloud sandboxing allows you to optimize remediation efforts for incident response teams with comprehensive and actionable intelligence—providing 100% efficacy in malware detection.","shortDescription":"Forcepoint Web Security provides robust protection through content aware defenses and cloud app discovery and monitoring, reducing risks to sensitive data for both on premise and mobile users.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Web Security","keywords":"data, Forcepoint, theft, Security, your, content, within, include","description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’","og:title":"Forcepoint Web Security","og:description":"Forcepoint Web Security provides industry-leading reporting, sandboxing and DLP capabilities, and stops more advanced, non-signature threats to your data than any other solution – including Blue Coat, Cisco and Zscaler. And because it is cloud hosted, you won’"},"eventUrl":"","translationId":1561,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1614,"logo":false,"scheme":false,"title":"Forcepoint URL Filtering","vendorVerified":0,"rating":"3.00","implementationsCount":1,"suppliersCount":0,"alias":"forcepoint-url-filtering","companyTypes":[],"description":"Forcepoint URL Filtering is the industry’s most effective, continually up-to-date web filtering solution. Powered by our ThreatSeeker Intelligence, Forcepoint URL Filtering collects and analyzes up to 5 billion incidents every day (from over 155 countries), producing updated threat analytics for Forcepoint solutions at up to 3.2 updates per second.\r\nForcepoint URL Filtering blocks web threats to reduce malware infections, decrease help desk incidents and provide relief to valuable IT resources. Forcepoint URL Filtering is an easy-to-deploy, transparent filter and security solution that avoids the complexity of a proxy gateway. It’s equipped with more than 120 security and web filtering categories, hundreds of web application and protocol controls, and 60-plus reports with customization and role-based access.<br /><br /><span style=\"font-weight: bold;\">The Forcepoint Advantage</span><br />\r\n<span style=\"font-style: italic;\">Web filtering with ThreatSeeker threat intelligence</span><br />\r\nIdentify threats with over 10,000 analytics, machine learning and other advanced techniques maintained through real-time global threat intelligence with Forcepoint Web Security.<br />\r\n<span style=\"font-style: italic;\">Granular user behavior analysis and productivity reporting</span><br />\r\nMore than 60 reports with customization and role-based access.<br />\r\n<span style=\"font-style: italic;\">Customizable allowed/denied url filters</span><br />\r\nUtilize both timed and/or permanent web filters for managing access to websites.<br />\r\n<span style=\"font-style: italic;\">Industry-leading web security policy controls</span><br />\r\nMore than 120 security and content categories","shortDescription":"The Forcepoint URL Filtering solution blocks Web threats to reduce malware infections, decrease help desk incidents and free up valuable IT resources.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint URL Filtering","keywords":"Forcepoint, more, TRITON, security, than, role-based, unified, reporting","description":"Forcepoint URL Filtering is the industry’s most effective, continually up-to-date web filtering solution. Powered by our ThreatSeeker Intelligence, Forcepoint URL Filtering collects and analyzes up to 5 billion incidents every day (from over 155 countries), pr","og:title":"Forcepoint URL Filtering","og:description":"Forcepoint URL Filtering is the industry’s most effective, continually up-to-date web filtering solution. Powered by our ThreatSeeker Intelligence, Forcepoint URL Filtering collects and analyzes up to 5 billion incidents every day (from over 155 countries), pr"},"eventUrl":"","translationId":1588,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":336,"title":"Risk or Leaks of confidential information"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":385,"title":"Risk of data loss or damage"}]}},"categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.forcepoint.com/resources/case-study/fercam","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":1225,"title":"Indegy Device Integrity for Nesher Israel Cement Enterprises","description":"<span style=\"font-weight: bold;\">Company.</span> Nesher Israel Cement Enterprises is the largest cement producer in Israel. Owning large-scale production sites in Ramla and Haifa, Nesher produces about 60% of the cement used in the country's construction industry. <br /><br /><span style=\"font-weight: bold;\">Challenge.</span> Deciding to reduce risks and minimize downtime, Nesher’s management has made a strategic decision to invest in a specialized solution for industrial cybersecurity. The company realized that their SCADA network could potentially be subject to cyber threats that compromise the safety and productivity of their plants. \r\nSo, employees, contractors and integrators very often connect to control devices using a cable or via a USB port. Thus, an attacker who has physical access to the network can connect to the controllers. Changes made to the controller code, firmware, or configuration changes cannot be detected during normal network monitoring. It is also possible that an employee or contractor unknowingly exposes the controller to threats by connecting a programmer with malware. \r\nIt was necessary to take into account the working conditions of enterprises Nesher Cement. Since cement kilns operate around the clock at 1200 degrees Celsius, safety is the most important operational task of Nesher. Nesher furnaces and other critical facilities are controlled by industrial controllers, which, if compromised by cyber attacks, can lead to a serious explosion and even death.\r\nFrom a business point of view, an unforeseen cybersecurity event in the company's industrial network can completely stop cement production. Such an incident can cause a serious shortage of cement in the construction market of Israel, as well as the loss of millions of dollars in revenue and reputational damage to Nesher. <br />To avoid these scenarios, Nesher needed full visibility of their integrated network of process control systems in real time, with 24/7 notification of any changes to their controllers. \r\nEase of use and operational support from suppliers was also taken into account when considering various options: the company needed that the operational teams of Nesher and security specialists could examine the system as soon as possible. This would help to avoid hiring new cybersecurity and OT experts and reduce training efforts.<br /><br /><span style=\"font-weight: bold;\">Integration.</span> With these requirements in mind and after a thorough evaluation by a technical team from a number of other vendors, Nesher chose the Indegy Industrial - a cybersecurity hybrid package that can be customized, which includes the Device Integrity solution. The Nesher team was particularly impressed with the comprehensive situational awareness provided by the Indegy solution. Nesher deployed the Indegy solution at its cement plant and power plant — both located in Ramla.\r\nDuring the deployment process, the Indegy team of professionals worked closely with Nesher experts to develop an optimal deployment strategy.\r\n<span style=\"font-style: italic;\">“The Indegy team was very flexible and resourceful in solutions, helping us to speed up the introduction of the product into the system.” After just one day of work, I already felt confident with the user interface. ”<br />Niki Lukutin, Manager of Technology Development Department, Nesher</span><br /><br /><span style=\"font-weight: bold;\">Results. </span>The unrivaled visibility provided by Device Integrity allows Nesher to maximize network visibility. This is possible thanks to a patented technology that actively requests devices in the industrial Nesher environment, thereby ensuring that process control engineers know about every change in every asset in their network. This component provides unprecedented control over assets of process control, without affecting the speed or reliability of Nesher’s industrial operations. \r\n<span style=\"font-style: italic;\">“We maximize the use of Device Integrity, but at the same time our SCADA environment does not experience any additional load” <br />Roy Shalev, CISO at Nesher.</span>\r\nBy periodically taking snapshots of the device and comparing them with previous baselines, Device Integrity can detect changes and check if the integrity of the device is not compromised.\r\nAlso, this Indegy solution has reduced installation costs per switch of the network or node that need to be monitored, ensuring that all routed parts of the network are monitored with a single device.\r\nDevice Integrity allows Nesher to automatically discover all assets in its extensive industrial network, including inactive devices. Indegy collects and monitors all actions related to devices, creating up-to-date asset accounting in the company's automated process control system, including data stored on the devices themselves: Windows users, fix lists, firmware version and configuration of PLC modules. This detailed view of the state of each device allows Nesher to immediately detect incorrect configurations, identify potential security breaches and eliminate threats.<br /><br /><span style=\"font-weight: bold;\">Light bulb pitch</span>\r\nDevice Integrity is the optimal solution for the most complete monitoring of all assets within complex SCADA environments.<br /><br />","alias":"indegy-device-integrity-for-nesher-israel-cement-enterprises","roi":0,"seo":{"title":"Indegy Device Integrity for Nesher Israel Cement Enterprises","keywords":"","description":"<span style=\"font-weight: bold;\">Company.</span> Nesher Israel Cement Enterprises is the largest cement producer in Israel. Owning large-scale production sites in Ramla and Haifa, Nesher produces about 60% of the cement used in the country's construction indus","og:title":"Indegy Device Integrity for Nesher Israel Cement Enterprises","og:description":"<span style=\"font-weight: bold;\">Company.</span> Nesher Israel Cement Enterprises is the largest cement producer in Israel. Owning large-scale production sites in Ramla and Haifa, Nesher produces about 60% of the cement used in the country's construction indus"},"deal_info":"","user":{"id":8906,"title":"Nesher Israel Cement Enterprises Ltd","logoURL":"https://old.roi4cio.com/uploads/roi/company/Nesher.png","alias":"nesher-israel-cement-enterprises-ltd","address":"Israel, Ramle, 72100, IL","roles":[],"description":" Nesher Israel Cement Enterprises Ltd., Israel's sole producer of cement has led the country's building sector for over 80 years. Since its establishment, the company has become a major force in Israeli industry through the high quality of its products and its commitment to customers and the environment. Nesher supplies most of the cement needs of Israel and the Palestinian Authority and also exports cement and clinker.<br />The company has three plants located in Haifa, Ramla and Har Tuv. The company's flagship plant in Ramle near Tel Aviv is one of the world's largest and leading factories in terms of production capacity, advanced production technology and preserving the environment.<br />Source: https://www.linkedin.com/company/nesher-israel-cement-enterprises-ltd./","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.nesher.co.il/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Nesher Israel Cement Enterprises Ltd","keywords":"","description":" Nesher Israel Cement Enterprises Ltd., Israel's sole producer of cement has led the country's building sector for over 80 years. Since its establishment, the company has become a major force in Israeli industry through the high quality of its products and its","og:title":"Nesher Israel Cement Enterprises Ltd","og:description":" Nesher Israel Cement Enterprises Ltd., Israel's sole producer of cement has led the country's building sector for over 80 years. Since its establishment, the company has become a major force in Israeli industry through the high quality of its products and its","og:image":"https://old.roi4cio.com/uploads/roi/company/Nesher.png"},"eventUrl":""},"supplier":{"id":5112,"title":"Indegy","logoURL":"https://old.roi4cio.com/uploads/roi/company/indegy-logo-bold-3-colors_01.png","alias":"indegy","address":"","roles":[],"description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and scale, we help ensure the safety and reliability of complex industrial control system (ICS) environments.\r\nFounded with a mission to protect industrial networks, the Indegy team boasts a unique mix of cyber-security expertise with hands-on industrial control knowhow. Our leadership and R&D teams are comprised of security, industrial operations and defense professionals, including several graduates of the Israeli Defense Force (IDF) elite cyber security units. This is the foundation and spirit driving our innovative technologies and marketleading industrial cyber security solutions.\r\nThe Indegy Industrial Cybersecurity Suite provides full threat detection & forensic trails, automated asset inventory, vulnerability management and configuration control. The suite of capabilities tie together in an out-of-thebox deployment resulting in delivery of alerts, automated reports and 3rd party integration with your existing tools.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":81,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":2,"vendorImplementationsCount":2,"vendorPartnersCount":7,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.indegy.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Indegy","keywords":"","description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and ","og:title":"Indegy","og:description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and ","og:image":"https://old.roi4cio.com/uploads/roi/company/indegy-logo-bold-3-colors_01.png"},"eventUrl":""},"vendors":[{"id":5112,"title":"Indegy","logoURL":"https://old.roi4cio.com/uploads/roi/company/indegy-logo-bold-3-colors_01.png","alias":"indegy","address":"","roles":[],"description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and scale, we help ensure the safety and reliability of complex industrial control system (ICS) environments.\r\nFounded with a mission to protect industrial networks, the Indegy team boasts a unique mix of cyber-security expertise with hands-on industrial control knowhow. Our leadership and R&D teams are comprised of security, industrial operations and defense professionals, including several graduates of the Israeli Defense Force (IDF) elite cyber security units. This is the foundation and spirit driving our innovative technologies and marketleading industrial cyber security solutions.\r\nThe Indegy Industrial Cybersecurity Suite provides full threat detection & forensic trails, automated asset inventory, vulnerability management and configuration control. The suite of capabilities tie together in an out-of-thebox deployment resulting in delivery of alerts, automated reports and 3rd party integration with your existing tools.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":81,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":2,"vendorImplementationsCount":2,"vendorPartnersCount":7,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.indegy.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Indegy","keywords":"","description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and ","og:title":"Indegy","og:description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and ","og:image":"https://old.roi4cio.com/uploads/roi/company/indegy-logo-bold-3-colors_01.png"},"eventUrl":""}],"products":[{"id":3228,"logo":false,"scheme":false,"title":"Indegy Industrial Cybersecurity Suite","vendorVerified":0,"rating":"1.00","implementationsCount":2,"suppliersCount":0,"alias":"indegy-ics","companyTypes":[],"description":"<p><strong>Flexible, All-in-One Industrial Cyber Security Solution</strong></p>\r\n<p>The Indegy Industrial Cybersecurity Suite protects industrial networks from cyber threats, malicious insiders, and human error. From threat detection and mitigation to asset tracking, vulnerability management, configuration control and device integrity checks, our Industrial Control System (ICS) security capabilities maximize the safety and reliability of your operational environment.</p>\r\n<p>Deployed as a network or virtual appliance, Indegy's agent-less solution offers comprehensive security tools and reports for IT security personnel and OT engineers. The Indegy Suite delivers crystal clear situational awareness across all sites and their respective OT assets - from Windows servers to PLC backplanes - in a single pane of glass.</p>\r\n<p>The Indegy Industrial Cybersecurity Suite is delivered as an all-in-one turnkey appliance that plugs into the network without the use of agents. The Indegy Security Platform is available in 1U Rack form factor as well as a virtual appliance, while the Indegy Sensors come in both rack mounts or DIN-rail mount form factors.</p>\r\n<ul>\r\n<li>Asset Tracking –provide you with a comprehensive up-to-date inventory of all assets in your network including dormant devices.</li>\r\n<li>Threat Detection & Mitigation –monitors for both cyber threats and operational mistakes. It generates alerts based on detection of behavioral anomalies as well as predefined policy conditions.</li>\r\n<li>Device Integrity - Discovers, classifies and queries all ICS assets even when they aren't communicating in the network. Using patent-pending active detection technology, this addon option works conjointly with network sniffing by collecting information that is impossible to find in the network - yet crucial to protecting the OT environment.</li>\r\n<li>Vulnerability Management – Receive periodic reports of risk levels for each of the assets in your ICS network. The reports enable you to delve deeply into the risk factors in the network and prioritize mitigation steps.</li>\r\n<li>Configuration Control - Tracks and logs all configuration changes, whether executed by a human user or by malware, over the network or physically on the device.</li>\r\n<li>Enterprise Visibility – Gain complete enterprise visibility by sending alerts directly to your SIEM as well as distributing them by email to the relevant parties.</li>\r\n</ul>","shortDescription":"Experience what complete visibility, security and control of your industrial environment can do for your organization.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Indegy Industrial Cybersecurity Suite","keywords":"","description":"<p><strong>Flexible, All-in-One Industrial Cyber Security Solution</strong></p>\r\n<p>The Indegy Industrial Cybersecurity Suite protects industrial networks from cyber threats, malicious insiders, and human error. From threat detection and mitigation to asset tr","og:title":"Indegy Industrial Cybersecurity Suite","og:description":"<p><strong>Flexible, All-in-One Industrial Cyber Security Solution</strong></p>\r\n<p>The Indegy Industrial Cybersecurity Suite protects industrial networks from cyber threats, malicious insiders, and human error. From threat detection and mitigation to asset tr"},"eventUrl":"","translationId":3229,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that operators use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3230,"logo":false,"scheme":false,"title":"Indegy Device Integrity","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"alias":"indegy-device-integrity","companyTypes":[],"description":"Device Integrity is the first solution in cybersecurity for threat detection in industry, which was introduced by Indegy in February 2016.<br />Indegy Device Integrity is part of the Indegy Industrial CyberSecurity Suite.<br /><span style=\"font-weight: bold;\"><br />Ensuring of Industrial Control Systems (ICS)</span>\r\nIndegy's proprietary active detection technology provides organizations with a full range of security by examining and analyzing the entire network - Industrial Control Systems (ICS). \r\n<ul><li>it detects, classifies and requests all the resources of an automated process control system (ICS) for their configuration, even those that do not exchange data in the network using their own communication protocols,</li></ul>\r\n<ul><li>actively collects information that cannot be found by the network listening, but which is crucial for the protection of the industrial network - this is a key element of the hybrid threat detection model - Indegy Device Integrity,</li></ul>\r\n<ul><li>eliminates false alarms, providing full information on the accounting and assessment of all the details, as well as an extended alert context,</li></ul>\r\n<ul><li>own device requests do not affect network operations.</li></ul>\r\n<span style=\"font-weight: bold;\"><br />Hybrid detection engine</span>\r\nIndegy Device Integrity technology is an integral part of its unique hybrid threat detection engine. This active detection technology works in cooperation with passive network monitoring, providing critical information about your process control system network, which cannot be gathered only by monitoring network traffic. The patented device integrity features let you keep up with all the details of every asset in your industrial network - all in one window. Full awareness of the situation in your industrial environment significantly reduces the load on equipment and maintenance costs.\r\nIn this way, Indegy Device Integrity monitors and protects your network and devices simultaneously. By integrating the appropriate context gathered from devices while monitoring network activity, Device Integrity improves alert accuracy and network security analytics performance.<br /><br /><span style=\"font-weight: bold;\">BENEFITS</span>\r\n<span style=\"font-weight: bold;\">In-depth visibility</span>\r\nOften, the data of critical assets do not fall into the network of control systems. Information such as the registered user, the latest updates installed on PCs and servers, as well as the firmware revision and the list of open ports of the PLC / DCS components are stored in the devices themselves. Indegy Device Integrity removes this gap by automatically accessing devices and collecting the most accurate information about each component in your industrial environment. Indegy's integrated asset tracking gives you full visibility and control of ICS assets.<br /><br /><span style=\"font-weight: bold;\">Effective Incident Response</span>\r\nWhen Indegy Industrial Cybersecurity Suite detects a suspicious network event, Device Integrity automatically queries the appropriate devices to collect additional context information. By adding relevant information, such as "who logged in to the engineering station and at what time" and "what was done, changes to the PLC relay logic", Device Integrity provides more meaningful warnings. This improves situational awareness, speeds up cyber attack investigations and mitigation, and also reduces the workload on cyber incident teams.<br /><br /><span style=\"font-weight: bold;\">Local change detection</span>\r\nChanges made by authorized personnel or intruders to the controller code, firmware, or configuration using a cable programming cable or USB port cannot be detected while monitoring the network. In some cases, an employee or contractor unknowingly exposes controllers to threats using a laptop with infected software or USB drive. By periodically creating instant device images and comparing them with previous baselines, Indegy can detect changes in the application programs of the controllers and ensure the integrity of the device.<br /><span style=\"font-weight: bold;\"><br />Reduction of security costs</span>\r\nUnlike network monitoring technologies that only need to be deployed at each level and switched on the network, Indegy Device Integrity technology allows you to control all routed network sections with a single Indegy device. This can save you significant equipment and maintenance costs, especially in large industrial environments with multiple subnets. Using Indegy technology, you get complete control and overview of your ICS network and all relevant devices without the cost of multiple devices.<br /><span style=\"font-weight: bold;\"><br />Backup and restore</span>\r\nIndegy Device Integrity maintains a complete history of changes made to controllers over time. By recording and storing a complete device image, including firmware, configuration, full ladder logic, diagnostic buffer, and tag structure, Indegy keeps track of the version history of each controller and can help determine the previously known “good” state for faster recovery. However, Indegy Device Integrity does not store snapshots of images and does not make any changes to restore the device.<br /><br /><span style=\"font-weight: bold;\">Elimination of “white spots”</span>\r\nIndegy Device Integrity detects inactive industrial devices that are connected to the network but do not exchange data. Most industrial controllers have a built-in “find me” mechanism to support asset discovery with one broadcast of a unique package. This mechanism is used by engineering stations to automatically search for all controllers in the network. Indegy Device Integrity uses the same built-in mechanism to provide complete and accurate asset accounting, including inactive devices.<br /><br /><span style=\"font-weight: bold;\">FEATURES</span><span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">Identification of devices on their “native” protocol</span><br />Indegy Device Integrity polls assets only after full identification and only on the “native” protocol.<br /><br /><span style=\"font-weight: bold;\">Compliance with security policy from the vendor </span><br />Industrial controllers are only available in a manner that the vendor has provided for.<br /><br /><span style=\"font-weight: bold;\">Requirements Compliance</span><br />Schedules and policy settings are customized to your technology needs.<br /><br /><span style=\"font-weight: bold;\">"Read-only" activity out of range</span><br />Indegy Device Integrity uses communications solely for reading, without changing the configuration and configuration of devices.<br /><br /><span style=\"font-weight: bold;\">Zero impact, maximum efficiency</span><br />Device Integrity safely addresses to devices in their own protocols and only reads information without configuration changes without affecting the network.<br /><br /><span style=\"font-weight: bold;\">Extended Asset Details</span><br />Monitoring device metadata: firmware, OS versions, controller configurations, or logged in users who usually do not appear on the network.","shortDescription":"Indegy Device Integrity: Advanced solution for active detection in industrial safety environments","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Indegy Device Integrity","keywords":"","description":"Device Integrity is the first solution in cybersecurity for threat detection in industry, which was introduced by Indegy in February 2016.<br />Indegy Device Integrity is part of the Indegy Industrial CyberSecurity Suite.<br /><span style=\"font-weight: bold;\">","og:title":"Indegy Device Integrity","og:description":"Device Integrity is the first solution in cybersecurity for threat detection in industry, which was introduced by Indegy in February 2016.<br />Indegy Device Integrity is part of the Indegy Industrial CyberSecurity Suite.<br /><span style=\"font-weight: bold;\">"},"eventUrl":"","translationId":3256,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"},{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that operators use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":342,"title":"Total high cost of ownership of IT infrastructure (TCO)"},{"id":350,"title":"No monitoring of corporate IT processes"},{"id":373,"title":"IT infrastructure does not meet business tasks"},{"id":378,"title":"Low employee productivity"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":397,"title":"Insufficient risk management"},{"id":401,"title":"No control over implementation"}]}},"categories":[{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that operators use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://cdn2.hubspot.net/hubfs/2755567/Case%20Studies/Indegy%20Manufacturing%20Case%20Study%20_Nesher%20Cement%20Enterprises.pdf?__hstc=&__hssc=&hsCtaTracking=233b82f8-202f-4821-a2e7-ee34699d48bf%7C8b56dab1-4068-4869-96cc-f8410a772795","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":1227,"title":"Indegy Device Integrity for The Raleigh City Public Services Department","description":" <span style=\"font-weight: bold;\">About company.</span> The Raleigh City Public Services Department is responsible for providing water and sewage. The population of the city is 570,000 people - this includes the city of Raleigh, North Carolina, the United States and the surrounding areas. The work and support of the operation of these services are monitored by the “Technical Applications group”, which is also responsible for the operation and security of the process control network. <br /><br /><span style=\"font-weight: bold;\">Challenge.</span> Aware of the growing cyber threat to critical infrastructure and the need to comply with new rules regarding risk assessment and emergency response, the Roly Department of Public Utilities decided to update its industrial network security solution.\r\nIn order to provide a safer and more resilient infrastructure, to detect potential threats that could harm water supply and sewage, the Department of Public Utilities required full visibility and control of changes made to the PLC and other key devices in their industrial network. The security team realized that monitoring network traffic provides only half of what is needed to protect the control system network. Accordingly, they were interested in adding an active detection component that could work together with passive network monitoring to provide critical information about the industrial network, which cannot be gathered only by reviewing network traffic.\r\nAnother key security requirement for the Raleigh city was automatic asset discovery and management. Manual processes that were previously used to manage assets were laborious and error prone, making it difficult to maintain up-to-date and accurate accounting of assets within the network, which is crucial for adequate risk assessment and regulatory compliance.<br /><br /><span style=\"font-weight: bold;\">Integration. </span>The town of Raleigh chose Indegy after a thorough review of the proposals, during which they evaluated several suppliers. \r\n<span style=\"font-style: italic;\">“We have chosen Indegy for the unique ability to monitor, proactively detect and warn our employees about any changes made to our industrial management systems that may affect their integrity and proper operation.”<br />Steve Worley, SCADA Security Manager for Raleigh City.</span>\r\nResults Since the complete visibility of devices was a priority for Raleigh PCS engineers, the use of proprietary active detection technology in the Device Integrity solution enabled them to get the most comprehensive picture of the state of their network. Device Integrity detects, classifies and requests all ICS assets and devices, even those that do not interact on the network. At the same time, requests to devices do not affect network operations, without changing or making heavier the work of the systems. Details regarding asset accounting and advanced context for warnings helped to improve the accuracy of warnings and, ultimately, the effectiveness and efficiency of the security team, which was exempted from manual risk management.\r\nIndegy Device Integrity provides the Role team with a complete audit log, detailing all engineering activities related to devices. By collecting "who", "what", "when", "where", and "how" data on the network, the audit log allows the security team to quickly identify the problem, the responsible party and, in the event of a problem, facilitate the restoration of the system to its previous state .<br /><br /><span style=\"font-weight: bold;\">Light Bulb</span>\r\nDevice Integrity is a unique solution for full transparency and accounting of assets within industrial environments.","alias":"indegy-device-integrity-for-the-city-of-raleigh-public-utilities-department","roi":0,"seo":{"title":"Indegy Device Integrity for The Raleigh City Public Services Department","keywords":"","description":" <span style=\"font-weight: bold;\">About company.</span> The Raleigh City Public Services Department is responsible for providing water and sewage. The population of the city is 570,000 people - this includes the city of Raleigh, North Carolina, the United Stat","og:title":"Indegy Device Integrity for The Raleigh City Public Services Department","og:description":" <span style=\"font-weight: bold;\">About company.</span> The Raleigh City Public Services Department is responsible for providing water and sewage. The population of the city is 570,000 people - this includes the city of Raleigh, North Carolina, the United Stat"},"deal_info":"","user":{"id":8908,"title":"The Raleigh City Public Services Department","logoURL":"https://old.roi4cio.com/uploads/roi/company/Raleigh.png","alias":"the-raleigh-city-public-services-department","address":"222 West Hargett Street, Raleigh, NC 27601, US","roles":[],"description":" The City of Raleigh Public Utilities Department, now also known as Raleigh Water, provides water and sanitary sewer service to approximately 198,000 metered water and sewer customers and a service population of approximately 600,000 people in Raleigh, Garner, Wake Forest, Rolesville, Knightdale, Wendell, and Zebulon areas.<br />Mission: To provide safe, sustainable water services for our customers while protecting public health and contributing to the economic, environmental and social vitality of our communities.<br />Source: https://raleighnc.gov/water","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://raleighnc.gov/water","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"The Raleigh City Public Services Department","keywords":"","description":" The City of Raleigh Public Utilities Department, now also known as Raleigh Water, provides water and sanitary sewer service to approximately 198,000 metered water and sewer customers and a service population of approximately 600,000 people in Raleigh, Garner,","og:title":"The Raleigh City Public Services Department","og:description":" The City of Raleigh Public Utilities Department, now also known as Raleigh Water, provides water and sanitary sewer service to approximately 198,000 metered water and sewer customers and a service population of approximately 600,000 people in Raleigh, Garner,","og:image":"https://old.roi4cio.com/uploads/roi/company/Raleigh.png"},"eventUrl":""},"supplier":{"id":5112,"title":"Indegy","logoURL":"https://old.roi4cio.com/uploads/roi/company/indegy-logo-bold-3-colors_01.png","alias":"indegy","address":"","roles":[],"description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and scale, we help ensure the safety and reliability of complex industrial control system (ICS) environments.\r\nFounded with a mission to protect industrial networks, the Indegy team boasts a unique mix of cyber-security expertise with hands-on industrial control knowhow. Our leadership and R&D teams are comprised of security, industrial operations and defense professionals, including several graduates of the Israeli Defense Force (IDF) elite cyber security units. This is the foundation and spirit driving our innovative technologies and marketleading industrial cyber security solutions.\r\nThe Indegy Industrial Cybersecurity Suite provides full threat detection & forensic trails, automated asset inventory, vulnerability management and configuration control. The suite of capabilities tie together in an out-of-thebox deployment resulting in delivery of alerts, automated reports and 3rd party integration with your existing tools.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":81,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":2,"vendorImplementationsCount":2,"vendorPartnersCount":7,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.indegy.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Indegy","keywords":"","description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and ","og:title":"Indegy","og:description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and ","og:image":"https://old.roi4cio.com/uploads/roi/company/indegy-logo-bold-3-colors_01.png"},"eventUrl":""},"vendors":[{"id":5112,"title":"Indegy","logoURL":"https://old.roi4cio.com/uploads/roi/company/indegy-logo-bold-3-colors_01.png","alias":"indegy","address":"","roles":[],"description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and scale, we help ensure the safety and reliability of complex industrial control system (ICS) environments.\r\nFounded with a mission to protect industrial networks, the Indegy team boasts a unique mix of cyber-security expertise with hands-on industrial control knowhow. Our leadership and R&D teams are comprised of security, industrial operations and defense professionals, including several graduates of the Israeli Defense Force (IDF) elite cyber security units. This is the foundation and spirit driving our innovative technologies and marketleading industrial cyber security solutions.\r\nThe Indegy Industrial Cybersecurity Suite provides full threat detection & forensic trails, automated asset inventory, vulnerability management and configuration control. The suite of capabilities tie together in an out-of-thebox deployment resulting in delivery of alerts, automated reports and 3rd party integration with your existing tools.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":81,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":2,"vendorImplementationsCount":2,"vendorPartnersCount":7,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.indegy.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Indegy","keywords":"","description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and ","og:title":"Indegy","og:description":" Indegy is committed to protecting businesses, critical infrastructure and governments from cyber threats, malicious insiders and human error. By delivering the most comprehensive set of enterprise-class OT security capabilities with unmatched flexibility and ","og:image":"https://old.roi4cio.com/uploads/roi/company/indegy-logo-bold-3-colors_01.png"},"eventUrl":""}],"products":[{"id":3228,"logo":false,"scheme":false,"title":"Indegy Industrial Cybersecurity Suite","vendorVerified":0,"rating":"1.00","implementationsCount":2,"suppliersCount":0,"alias":"indegy-ics","companyTypes":[],"description":"<p><strong>Flexible, All-in-One Industrial Cyber Security Solution</strong></p>\r\n<p>The Indegy Industrial Cybersecurity Suite protects industrial networks from cyber threats, malicious insiders, and human error. From threat detection and mitigation to asset tracking, vulnerability management, configuration control and device integrity checks, our Industrial Control System (ICS) security capabilities maximize the safety and reliability of your operational environment.</p>\r\n<p>Deployed as a network or virtual appliance, Indegy's agent-less solution offers comprehensive security tools and reports for IT security personnel and OT engineers. The Indegy Suite delivers crystal clear situational awareness across all sites and their respective OT assets - from Windows servers to PLC backplanes - in a single pane of glass.</p>\r\n<p>The Indegy Industrial Cybersecurity Suite is delivered as an all-in-one turnkey appliance that plugs into the network without the use of agents. The Indegy Security Platform is available in 1U Rack form factor as well as a virtual appliance, while the Indegy Sensors come in both rack mounts or DIN-rail mount form factors.</p>\r\n<ul>\r\n<li>Asset Tracking –provide you with a comprehensive up-to-date inventory of all assets in your network including dormant devices.</li>\r\n<li>Threat Detection & Mitigation –monitors for both cyber threats and operational mistakes. It generates alerts based on detection of behavioral anomalies as well as predefined policy conditions.</li>\r\n<li>Device Integrity - Discovers, classifies and queries all ICS assets even when they aren't communicating in the network. Using patent-pending active detection technology, this addon option works conjointly with network sniffing by collecting information that is impossible to find in the network - yet crucial to protecting the OT environment.</li>\r\n<li>Vulnerability Management – Receive periodic reports of risk levels for each of the assets in your ICS network. The reports enable you to delve deeply into the risk factors in the network and prioritize mitigation steps.</li>\r\n<li>Configuration Control - Tracks and logs all configuration changes, whether executed by a human user or by malware, over the network or physically on the device.</li>\r\n<li>Enterprise Visibility – Gain complete enterprise visibility by sending alerts directly to your SIEM as well as distributing them by email to the relevant parties.</li>\r\n</ul>","shortDescription":"Experience what complete visibility, security and control of your industrial environment can do for your organization.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Indegy Industrial Cybersecurity Suite","keywords":"","description":"<p><strong>Flexible, All-in-One Industrial Cyber Security Solution</strong></p>\r\n<p>The Indegy Industrial Cybersecurity Suite protects industrial networks from cyber threats, malicious insiders, and human error. From threat detection and mitigation to asset tr","og:title":"Indegy Industrial Cybersecurity Suite","og:description":"<p><strong>Flexible, All-in-One Industrial Cyber Security Solution</strong></p>\r\n<p>The Indegy Industrial Cybersecurity Suite protects industrial networks from cyber threats, malicious insiders, and human error. From threat detection and mitigation to asset tr"},"eventUrl":"","translationId":3229,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that operators use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3230,"logo":false,"scheme":false,"title":"Indegy Device Integrity","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"alias":"indegy-device-integrity","companyTypes":[],"description":"Device Integrity is the first solution in cybersecurity for threat detection in industry, which was introduced by Indegy in February 2016.<br />Indegy Device Integrity is part of the Indegy Industrial CyberSecurity Suite.<br /><span style=\"font-weight: bold;\"><br />Ensuring of Industrial Control Systems (ICS)</span>\r\nIndegy's proprietary active detection technology provides organizations with a full range of security by examining and analyzing the entire network - Industrial Control Systems (ICS). \r\n<ul><li>it detects, classifies and requests all the resources of an automated process control system (ICS) for their configuration, even those that do not exchange data in the network using their own communication protocols,</li></ul>\r\n<ul><li>actively collects information that cannot be found by the network listening, but which is crucial for the protection of the industrial network - this is a key element of the hybrid threat detection model - Indegy Device Integrity,</li></ul>\r\n<ul><li>eliminates false alarms, providing full information on the accounting and assessment of all the details, as well as an extended alert context,</li></ul>\r\n<ul><li>own device requests do not affect network operations.</li></ul>\r\n<span style=\"font-weight: bold;\"><br />Hybrid detection engine</span>\r\nIndegy Device Integrity technology is an integral part of its unique hybrid threat detection engine. This active detection technology works in cooperation with passive network monitoring, providing critical information about your process control system network, which cannot be gathered only by monitoring network traffic. The patented device integrity features let you keep up with all the details of every asset in your industrial network - all in one window. Full awareness of the situation in your industrial environment significantly reduces the load on equipment and maintenance costs.\r\nIn this way, Indegy Device Integrity monitors and protects your network and devices simultaneously. By integrating the appropriate context gathered from devices while monitoring network activity, Device Integrity improves alert accuracy and network security analytics performance.<br /><br /><span style=\"font-weight: bold;\">BENEFITS</span>\r\n<span style=\"font-weight: bold;\">In-depth visibility</span>\r\nOften, the data of critical assets do not fall into the network of control systems. Information such as the registered user, the latest updates installed on PCs and servers, as well as the firmware revision and the list of open ports of the PLC / DCS components are stored in the devices themselves. Indegy Device Integrity removes this gap by automatically accessing devices and collecting the most accurate information about each component in your industrial environment. Indegy's integrated asset tracking gives you full visibility and control of ICS assets.<br /><br /><span style=\"font-weight: bold;\">Effective Incident Response</span>\r\nWhen Indegy Industrial Cybersecurity Suite detects a suspicious network event, Device Integrity automatically queries the appropriate devices to collect additional context information. By adding relevant information, such as "who logged in to the engineering station and at what time" and "what was done, changes to the PLC relay logic", Device Integrity provides more meaningful warnings. This improves situational awareness, speeds up cyber attack investigations and mitigation, and also reduces the workload on cyber incident teams.<br /><br /><span style=\"font-weight: bold;\">Local change detection</span>\r\nChanges made by authorized personnel or intruders to the controller code, firmware, or configuration using a cable programming cable or USB port cannot be detected while monitoring the network. In some cases, an employee or contractor unknowingly exposes controllers to threats using a laptop with infected software or USB drive. By periodically creating instant device images and comparing them with previous baselines, Indegy can detect changes in the application programs of the controllers and ensure the integrity of the device.<br /><span style=\"font-weight: bold;\"><br />Reduction of security costs</span>\r\nUnlike network monitoring technologies that only need to be deployed at each level and switched on the network, Indegy Device Integrity technology allows you to control all routed network sections with a single Indegy device. This can save you significant equipment and maintenance costs, especially in large industrial environments with multiple subnets. Using Indegy technology, you get complete control and overview of your ICS network and all relevant devices without the cost of multiple devices.<br /><span style=\"font-weight: bold;\"><br />Backup and restore</span>\r\nIndegy Device Integrity maintains a complete history of changes made to controllers over time. By recording and storing a complete device image, including firmware, configuration, full ladder logic, diagnostic buffer, and tag structure, Indegy keeps track of the version history of each controller and can help determine the previously known “good” state for faster recovery. However, Indegy Device Integrity does not store snapshots of images and does not make any changes to restore the device.<br /><br /><span style=\"font-weight: bold;\">Elimination of “white spots”</span>\r\nIndegy Device Integrity detects inactive industrial devices that are connected to the network but do not exchange data. Most industrial controllers have a built-in “find me” mechanism to support asset discovery with one broadcast of a unique package. This mechanism is used by engineering stations to automatically search for all controllers in the network. Indegy Device Integrity uses the same built-in mechanism to provide complete and accurate asset accounting, including inactive devices.<br /><br /><span style=\"font-weight: bold;\">FEATURES</span><span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">Identification of devices on their “native” protocol</span><br />Indegy Device Integrity polls assets only after full identification and only on the “native” protocol.<br /><br /><span style=\"font-weight: bold;\">Compliance with security policy from the vendor </span><br />Industrial controllers are only available in a manner that the vendor has provided for.<br /><br /><span style=\"font-weight: bold;\">Requirements Compliance</span><br />Schedules and policy settings are customized to your technology needs.<br /><br /><span style=\"font-weight: bold;\">"Read-only" activity out of range</span><br />Indegy Device Integrity uses communications solely for reading, without changing the configuration and configuration of devices.<br /><br /><span style=\"font-weight: bold;\">Zero impact, maximum efficiency</span><br />Device Integrity safely addresses to devices in their own protocols and only reads information without configuration changes without affecting the network.<br /><br /><span style=\"font-weight: bold;\">Extended Asset Details</span><br />Monitoring device metadata: firmware, OS versions, controller configurations, or logged in users who usually do not appear on the network.","shortDescription":"Indegy Device Integrity: Advanced solution for active detection in industrial safety environments","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Indegy Device Integrity","keywords":"","description":"Device Integrity is the first solution in cybersecurity for threat detection in industry, which was introduced by Indegy in February 2016.<br />Indegy Device Integrity is part of the Indegy Industrial CyberSecurity Suite.<br /><span style=\"font-weight: bold;\">","og:title":"Indegy Device Integrity","og:description":"Device Integrity is the first solution in cybersecurity for threat detection in industry, which was introduced by Indegy in February 2016.<br />Indegy Device Integrity is part of the Indegy Industrial CyberSecurity Suite.<br /><span style=\"font-weight: bold;\">"},"eventUrl":"","translationId":3256,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"},{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that operators use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":220,"title":"United States","name":"USA"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":8,"title":"Reduce Production Timelines"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":178,"title":"No control over data access"},{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":350,"title":"No monitoring of corporate IT processes"},{"id":356,"title":"High costs of routine operations"},{"id":373,"title":"IT infrastructure does not meet business tasks"},{"id":378,"title":"Low employee productivity"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":397,"title":"Insufficient risk management"},{"id":401,"title":"No control over implementation"}]}},"categories":[{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that operators use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://cdn2.hubspot.net/hubfs/2755567/Indegy%20Water%20Utility%20Case%20Study%20_%20City%20of%20Raleigh.pdf?__hstc=&__hssc=&hsCtaTracking=093532f7-d3fc-4357-8381-19b8bb3dfafe%7Caa232546-16b0-4bc8-9e99-6bdc5d95a29c","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":542,"title":"McAfee Endpoint Security for global software company","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">security platform widens the scope of threat detection to include unmanaged devices</span>\r\n<span style=\"font-weight: bold; \">Multinational Software Company</span>\r\n<ul><li>Large global software company</li><li>Industry: Technology</li><li>Environment: Fluid environment with up to 150,000 endpoints at any given time, many of them virtual, across 20 countries</li></ul>\r\n<span style=\"font-weight: bold; \">Challenges</span>\r\n<ul><li>Protect against zero-day threats across extended global enterprise</li><li>Shrink detection to remediation gap</li></ul>\r\n<span style=\"font-weight: bold; \">McAfee solution</span>\r\n<ul><li>McAfee® Advanced Threat Defense</li><li>McAfee® Complete Endpoint Threat Protection</li><li>McAfee® ePolicy Orchestrator®</li><li>McAfee® Threat Intelligence Exchange</li></ul>\r\n<span style=\"font-weight: bold; \">Results</span>\r\n<ul><li>Accelerates time to protection, thanks to automation</li><li>Augments threat reputation information shared across</li><li>McAfee ePO softwaremanaged devices with information gleaned from incidents involving unmanaged devices</li><li>Facilitates endpoint incident forensics and accelerates response</li><li>Saves security operations time and hassle</li></ul>\r\nAutomated submission of threat information to McAfee Advanced Threat Defense and automated sharing of that information across the enterprise improves protection while saving security operations time and hassle.\r\nThis large global software company with more than 20,000 employees in 20 countries has implemented an IT infrastructure that is highly virtual and fluid. Systems come and go daily on the company’s network. For instance, in a recent week, 45,000 systems, including virtual machines, connected to the corporate network. However, during peak periods, up to 150,000 endpoints can be connected. For the company’s senior manager of security engineering, who oversees the team responsible for deployment of all security tools across the global enterprise, this environment poses distinct challenges.\r\n<span style=\"font-weight: bold; \">Challenge: Close Gaps to Block Zero-Day Attacks</span>\r\nAlthough the company employs the McAfee Complete Endpoint Threat Protection suite on all its high-risk physical and virtual endpoints, it also has many virtual endpoints connecting to its network that do not have a McAfee agent installed and are therefore not updated with the latest threat protection via the McAfee ePolicy Orchestrator (McAfee® ePO™) management console. The company’s more important virtual machines host a McAfee agent but many “low-risk” systems do not. Until recently, if one of these unmanaged endpoints downloaded a malicious file, the McAfee ePO softwaremanaged endpoints would be at risk because they had no way of knowing of the existence of that threat within the environment.\r\n<span style=\"font-style: italic; \">“Zero-day threats are our biggest concern,” remarks the senior manager of security engineering. “If any of our endpoints—managed or unmanaged—downloads a zero-day threat, we want our whole environment to know about it, and we want to be able to react appropriately as fast as possible.”</span>\r\nIn addition, if a managed endpoint became infected, security analysts would receive an alert, but, because of the fluidity of systems coming on and off the network, by the time an analyst has logged in and has attempted to find the suspicious payload, the system could easily have moved offline, essentially removing the information needed to understand what had transpired. As a result, security operations center (SOC) engineers found that they had to spend extra time tracking down infected systems and remediating them.\r\n<span style=\"font-weight: bold; \">Hunting and Blocking Zero-Day Threats with McAfee Advanced Threat Defense</span>\r\nAlong with McAfee Complete Endpoint Threat Protection, the company had implemented the Data Exchange Layer (DXL) communication fabric and McAfee Threat Intelligence Exchange. DXL connects and optimizes security actions across multiple vendor products, as well as internally developed and open source solutions, and McAfee Threat Intelligence Exchange leverages DXL to bi-directionally share threat information across all DXL-connected systems. To this automated threat reputation-sharing framework, the company added McAfee Advanced Threat Defense for “zero-day hunting,” as the senior manager of security engineering describes the appliance’s main role. \r\n<span style=\"font-style: italic;\">“If an unknown or suspicious file comes across one of</span><span style=\"font-style: italic;\">our endpoints protected by McAfee Endpoint Security, </span><span style=\"font-style: italic;\">the file is automatically sent to McAfee Advanced Threat</span><span style=\"font-style: italic;\">Defense for sophisticated static and dynamic behavioral</span><span style=\"font-style: italic;\">analysis,” explains the senior manager of security</span><span style=\"font-style: italic;\">engineering. “If McAfee Advanced Threat Defense</span><span style=\"font-style: italic;\">deems the file to be malicious, its reputation is then</span><span style=\"font-style: italic;\">automatically broadcast via McAfee Threat Intelligence</span><span style=\"font-style: italic;\">Exchange to all the endpoints connected to DXL. This</span><span style=\"font-style: italic;\">automatic distribution of threat reputation information</span><span style=\"font-style: italic;\">helps us block zero-day threats before they can harm</span><span style=\"font-style: italic;\">our environment.”</span>\r\n<span style=\"font-weight: bold;\">Enhancing Intrusion Detection with Bro</span>\r\nBut what about threats entering the environment through the company’s many unmanaged endpoints? To extend detection to these systems, the company turned to the open-source Bro network security monitoring platform. Bro ingests the company’s network traffic off a span or inline tap and converts the traffic data into logs and metadata in binary format. In a typical week, Bro submits approximately 6,000 files to McAfee Advanced Threat Defense for analysis. Of those, approximately 10% to 20% end up in the McAfee Threat Intelligence Exchange threat reputation database and are subsequently shared throughout the enterprise.\r\n<span style=\"font-style: italic;\">“Bro gives us the ability to retain network traffic in a searchable format, which is extremely useful,” the senior manager of security engineering explains. “For instance, using Bro, we can search for source or distributed IP so we can easily conduct lightweight investigations— discover who or what connected to a specific IP address, what the payload looks like, determine the packet size, and so on.”</span>\r\nThe information captured by Bro supplements the threat information delivered via the McAfee Global Threat Intelligence cloud and disseminated via McAfee Threat Intelligence Exchange. With the Bro script and advice provided by McAfee (now available as a deployment kit), the senior manager of security engineering’s team integrated Bro with McAfee Advanced Threat Defense so that the Bro traffic data is automatically submitted to McAfee Advanced Threat Defense, just as suspicious files from McAfee Endpoint Security are automatically submitted through McAfee Threat Intelligence Exchange.\r\nSince the team was already very familiar with Bro, the integration was straightforward. \r\n<span style=\"font-weight: bold;\">Automatic Immunization Against Threats that Hit Unmanaged Endpoints</span>\r\n<span style=\"font-style: italic;\">“If one of our unmanaged endpoints downloads a malicious file, Bro will capture that event among the </span><span style=\"font-style: italic;\">network traffic and submit it to McAfee Advanced</span><span style=\"font-style: italic;\">Threat Defense for analysis,” notes the senior manager</span><span style=\"font-style: italic;\">of security engineering. “If McAfee Advanced Threat</span><span style=\"font-style: italic;\">Defense determines the file is malicious, then that</span><span style=\"font-style: italic;\">malicious reputation will be shared automatically with</span><span style=\"font-style: italic;\">every McAfee ePO software-managed system in our</span><span style=\"font-style: italic;\">entire enterprise—in other words, with all the systems</span><span style=\"font-style: italic;\">we care about. Put another way, if one of our unmanaged</span><span style=\"font-style: italic;\">virtual machines downloads a malicious file, all of our</span><span style=\"font-style: italic;\">managed devices automatically receive an immune shot.”</span>\r\n<span style=\"font-weight: bold;\">Facilitating and Accelerating Incident Response</span>\r\nWith the McAfee Advanced Threat Defense/Bro integration and threat reputation information automatically disseminated across endpoints via McAfee Threat Intelligence Exchange, inoculation of endpoints happens much faster than it did before. Consequently, there is a much greater likelihood that a system will “receive the immune shot” before it goes offline. In addition, because the actual event and surrounding intelligence is captured by Bro, even if the system goes offline, McAfee Advanced Threat Defense, as well as security analysts, have a great deal more information to help determine appropriate action, and, if necessary, to remediate more quickly.\r\n<span style=\"font-style: italic;\">“With the McAfee automated threat framework and supporting intelligence from the Bro integration, plus automated remediation that we have also set up, our SOC very rarely needs to pay attention to endpoint incidents,” points out the senior manager of security engineering. “The Bro integration and all that automation save a ton of time.”</span>\r\nTo fortify its defenses further, the company continues to build upon its DXL-based integrated security framework. For instance, the company is currently in the process of adding McAfee DLP Monitor to gather, track, and report on data in motion across its entire network and augment its McAfee DLP Endpoint host-based data protection.\r\n<span style=\"font-style: italic;\">“The more we can integrate our systems and automate </span><span style=\"font-style: italic;\">responses, the safer we will be,” says the senior manager</span><span style=\"font-style: italic;\">of security engineering.</span>","alias":"mcafee-endpoint-security-for-global-software-company","roi":0,"seo":{"title":"McAfee Endpoint Security for global software company","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; ","og:title":"McAfee Endpoint Security for global software company","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; "},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":538,"logo":false,"scheme":false,"title":"McAfee Complete Endpoint Threat Protection","vendorVerified":1,"rating":"2.00","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-complete-endpoint-threat-protection","companyTypes":[],"description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.</p>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.</p>","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Endpoint Threat Protection","keywords":"McAfee, Complete, defenses, your, Threat, Endpoint, Protection, zero-day","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:title":"McAfee Complete Endpoint Threat Protection","og:description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that "},"eventUrl":"","translationId":595,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":397,"title":"Insufficient risk management"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-multinational-software-company.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":541,"title":"McAfee Endpoint Security for marketing company","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">With McAfee® Endpoint Security, McAfee Advanced Threat Defense, and McAfee Threat </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Intelligence Exchange, this CIO can focus on his main job, using technology to</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">keep his company thriving and to increase value for his company’s customers, not</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">information security. </span>\r\n<span style=\"font-weight: bold; \">Challenges</span>\r\nSimplify security management for small information security team\r\nMinimize impact of security on business end users\r\nKeep organization secure, avoid unwanted appearances in the boardroom \r\n<span style=\"font-weight: bold; \">McAfee Solution</span>\r\n<ul><li>McAfee® Advanced ThreatDefense</li><li>McAfee Complete Endpoint Threat Protection</li><li>McAfee Endpoint Security</li><li>McAfee ePolicy Orchestrator</li><li>McAfee Threat Intelligence Exchange</li></ul>\r\n<span style=\"font-weight: bold; \">Results</span>\r\n<ul><li>Elimination of ransomware</li><li>Superior endpoint protection experience for both end users and administrators</li><li>Ability to focus on business rather than security issues</li><li>Trusted partnership with company focused solely on security</li></ul>\r\nHarry Folloder loves his job as Chief Information Officer of Waypoint, the premier sales and marketing agency for foodservice (as well as non-foods channels) in North America. As CIO, he oversees the use of technology within the company and across its 1,500 endpoints and three data centers. <span style=\"font-style: italic;\">“It’s fun,” he says. “I get to spend a lot of my time innovating and looking for ways to use technology to increase the value we provide our customers.”</span>\r\n<span style=\"font-weight: bold;\">No News is Good News</span>\r\nFolloder’s job was a lot less fun and his phone a lot less quiet a few years ago. <span style=\"font-style: italic;\">“So much of my security staff’s time was spent dealing with false positives and other program problems; they would end up calling me and griping about the problems,” recalls Folloder, who is also CIO of Marlin Networks, the leading marketing agency in the food service industry.</span>\r\n<span style=\"font-style: italic;\">“Sometimes the security issues would even take salespeople out of the field for a day or two while waiting for the issue to be resolved. Ultimately, I decided we needed a security partner focused solely on security, with products that do what they’re supposed to do, so I don’t have to hear about them and, more importantly, so our end users can keep focusing on doing their part to serve our customers and grow our business.”</span>\r\nFolloder says his top priority as CIO is to be an ambassador to clients and customers and to keep the business moving forward. “Keeping security running is not my job,” he says. “When security is running smoothly and my phone is quiet, with no unwanted calls from my security team or my Board, then I can focus on my real job.”\r\n<span style=\"font-weight: bold;\">Result of Migrating to McAfee Endpoint Security: Better User Experience and Reduced TCO</span>\r\nFolloder found in McAfee the security partner he was looking for. After replacing Waypoint’s previous endpoint protection software with McAfee Complete Endpoint Protection Enterprise (now called McAfee Complete Endpoint Threat Protection), phone calls from his staff decreased significantly. When Folloder and his staff heard that McAfee was introducing a new, more intelligent, more collaborative endpoint protection framework, McAfee Endpoint Security, they couldn’t wait to take advantage of it. After running McAfee Endpoint Security version 10.2 briefly in a test environment, they used the McAfee ePolicy Orchestrator® (McAfee ePO™) central console to push it out across all of Waypoint’s approximately 1,500 nodes. The migration of the virus scanning engine, McAfee VirusScan® Enterprise, and McAfee SiteAdvisor® software from the McAfee Complete Endpoint Threat Protection to McAfee Endpoint Security took place within a two-and-a-half-week period that also included deployment of McAfee Threat Intelligence Exchange across all endpoints and McAfee Advanced Threat Defense for sandbox analysis.\r\n<span style=\"font-style: italic;\">“Migrating to McAfee Endpoint Security was one of the easiest platform migrations ever,” notes Folloder. “It went off without a hitch. The only calls received were from a handful of users who had shut down or rebooted in the middle of the upgrade process. Folloder and his staff have been extremely pleased with the results. “McAfee Endpoint Security is a much better experience for our administrative staff, providing better protection with less management time,” says Folloder.</span>\r\n<span style=\"font-style: italic;\">“It allows us to better serve our business with higher quality levels, lower total cost of ownership, and lower cost of administration. It also allows our business users to focus on their jobs rather than issues caused by security software.”</span>\r\n<span style=\"font-weight: bold;\">No Ransomware. Period.</span>\r\nFolloder was most excited to integrate McAfee Endpoint Security with McAfee Advanced Threat Defense via McAfee Threat Intelligence Exchange, for even greater ability to combat advanced threats and deliver actionable threat forensics. Leveraging the McAfee Data Exchange Layer (DXL), McAfee Threat Intelligence Exchange combines multiple internal and external threat information sources and instantly shares this data along the DXL backbone that extends to all of the company’s nearly 1,500 nodes. Integration of McAfee Endpoint Security with Threat Intelligence Exchange enables information generated by McAfee Advanced Threat Defense to be shared immediately with all endpoints.\r\n<span style=\"font-style: italic;\">“McAfee Threat Intelligence Exchange is information sharing at its best; you’re aggregating everything that McAfee and all of its customers are seeing in a way that helps crowdsource the good info,” explains Folloder.</span>\r\n<span style=\"font-style: italic;\">“It gives us comprehensive, near real-time threat intelligence and shares it with all our machines to make them safer.”</span>\r\n<span style=\"font-style: italic;\">As for McAfee Advanced Threat Defense, Folloder says: “One of the initial things that caught my eye was the inspection methodology and in-depth analysis that Advanced Threat Defense does, that I just didn’t see elsewhere. Its simple packet inspection, which is what a lot of malware targets, and in-depth analysis of disassembled raw code drew me in immediately. Then when I found out what else it did, I became a true believer. Best of all, it fulfills its promise to detect zeroday, zero-hour attacks, and does so in a very elegant way with minimal end-user impact.”</span>\r\n“Since implementing McAfee Endpoint Security, Threat Intelligence Exchange, and Advanced Threat Defense, we haven’t had a single case of ransomware,” says Folloder.\r\n“Period.” McAfee Advanced Threat Defense also catches many undesirable files that try to install on users’ browsers, such as adware, the Mindspark toolbar, fake utilities like Optimizer Pro and PC Accelerator, and plugins for music players, coupons, and online games.\r\n<span style=\"font-weight: bold;\">Experience Improved for Both Business Users and Security Administrators</span>\r\nWaypoint’s legacy endpoint protection—McAfee VirusScan Enterprise software—although many times better than the company’s previous antivirus solution, still required some heavy processor usage at times. With the upgrade to McAfee Endpoint Security, however, the impact of malware scanning on CPU utilization has diminished significantly. \r\n“Our end users have a much better experience,” says Folloder. “Whether or not their personal computer has experienced a significant change in processor usage, all of our users perceive less interference and faster computing. Since the rollout of McAfee Endpoint Security, we haven’t heard a single complaint about corporate virus scans.”\r\nThe user experience for Waypoint’s two information security administrators has also improved with the migration to McAfee Endpoint Security. “I don’t have to interact with [Endpoint Security] much, which is a good thing,” says Folloder, “but my techs say that it has a much nicer, more modern interface than before.”\r\n<span style=\"font-weight: bold;\">Quiet and Peace of Mind “Worth Every Penny” </span>\r\n<span style=\"font-style: italic;\">“At my level, the measure of success for a product is that I haven’t had to hear about it or worry about it,” says Folloder. “I haven’t had to mess with McAfee Endpoint Security. I haven’t had to hear from anyone in the C-suite or their direct reports. It is doing exactly what we paid for it to do and I love it.” Furthermore, adds Folloder, since the migration to McAfee Endpoint Security, endpoint protection has not interrupted a single associate or sales person’s work. “The less interruptions of business and service to our customers, the better,” he states. “That’s really my overarching goal. That’s why I invest in products like McAfee Endpoint Security. It’s worth every penny.”</span>\r\n<span style=\"font-weight: bold;\">A True Security Partner</span>\r\nBut it’s not just the quality of products that count. “I look for partners, not vendors,’ says Folloder. “At the end of the day we’re a service company. Partnering with the best allows us to focus on our core competency.”\r\n<span style=\"font-style: italic;\">“I know I sound like an ad for McAfee, but I really do love that I can sleep at night, knowing that Waypoint’s IT infrastructure is protected by a company that is focused on protecting my environment and not distracted by backup or storage or whatnot,” continues Folloder. “Ask yourself, ‘Is my security vendor focused specifically on securing my environment? Does it have leading researchers and state-of-the-art resources to protect my infrastructure and users, and to keep innovating and evolving to face new threats?’ Take a hard look. My experience with McAfee has been everything a partnership should be and more.”</span>","alias":"mcafee-endpoint-security-for-marketing-company","roi":0,"seo":{"title":"McAfee Endpoint Security for marketing company","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">With McAfee® Endpoint Security, McAfee Advanced Threat Defense, and McAfee Threat </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: ","og:title":"McAfee Endpoint Security for marketing company","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">With McAfee® Endpoint Security, McAfee Advanced Threat Defense, and McAfee Threat </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: "},"deal_info":"","user":{"id":4370,"title":"Waypoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/Waypoint.png","alias":"waypoint","address":"","roles":[],"description":"Waypoint is the premier national sales and marketing agency for Foodservice and Non-Foods channels and beyond.\r\nSucceeding in today’s competitive marketplace begins with gaining the advantage, and at Waypoint we stay ahead of the curve. Our partners rely on our unparalleled strategic insights, channel-specific expertise and resources, and innovative culinary support to deliver that competitive advantage. But helping our partners gain the advantage is not enough for us – we make it our business to maximize it through our pioneering technology and big data mining capabilities. We help position our partners to consistently beat their competition and to grow their business.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://asmwaypoint.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Waypoint","keywords":"","description":"Waypoint is the premier national sales and marketing agency for Foodservice and Non-Foods channels and beyond.\r\nSucceeding in today’s competitive marketplace begins with gaining the advantage, and at Waypoint we stay ahead of the curve. Our partners rely on ou","og:title":"Waypoint","og:description":"Waypoint is the premier national sales and marketing agency for Foodservice and Non-Foods channels and beyond.\r\nSucceeding in today’s competitive marketplace begins with gaining the advantage, and at Waypoint we stay ahead of the curve. Our partners rely on ou","og:image":"https://old.roi4cio.com/uploads/roi/company/Waypoint.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":538,"logo":false,"scheme":false,"title":"McAfee Complete Endpoint Threat Protection","vendorVerified":1,"rating":"2.00","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-complete-endpoint-threat-protection","companyTypes":[],"description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.</p>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.</p>","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Endpoint Threat Protection","keywords":"McAfee, Complete, defenses, your, Threat, Endpoint, Protection, zero-day","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:title":"McAfee Complete Endpoint Threat Protection","og:description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that "},"eventUrl":"","translationId":595,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":356,"title":"High costs of routine operations"},{"id":384,"title":"Risk of attacks by hackers"},{"id":397,"title":"Insufficient risk management"},{"id":400,"title":"High costs"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-waypoint.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":795,"title":"McAfee solutions for a refiner and distributor of petroleum products","description":"<span style=\"color: rgb(97, 97, 97); \">HollyFrontier is a Fortune 500 independent refiner and distributor of petroleum products. The company operates six refineries—five in the middle of the US and one in Ontario, Canada. The company employs 3,500 people across 43 sites in the US, 16 in Canada, and a handful of locations in China and the United Kingdom.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Search for Better Endpoint Protection Leads to Revamped Security Architecture</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As part of an endpoint security review, HollyFrontier invited six leading vendors to make presentations in competition for the business. McAfee stood out from the other vendors with its integrated security strategy and attainable vision of a threat defense lifecycle that learns and adapts to meet changing requirements.</span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-style: italic;\">“We agreed wholeheartedly with the McAfee® approach,” </span>says Cybersecurity Engineer Phillip Fort, the main person responsible for HollyFrontier’s day-to-day security posture. <span style=\"font-style: italic;\">“With the integrated McAfee ecosystem, our limited security team can automate a lot of security tasks. We can essentially do a lot more to protect our company a lot faster, without adding staff.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">In addition to McAfee endpoint protection and its bundled McAfee ePolicy Orchestrator (McAfee ePO) central console, in just a few weeks, HollyFrontier deployed:<br />■ McAfee Network Security Platform intrusion prevention system (IPS) appliances.<br />■ McAfee Data Exchange Layer, the open-source fabric that connects security components to automate integration and real-time data exchange.<br />■ McAfee Threat Intelligence Exchange, which aggregates threat intelligence from local and global sources and shares file reputation information across McAfee Data Exchange Layer-connected systems.<br />■ McAfee Enterprise Security Manager and other components of the McAfee SIEM solution set.<br />■ McAfee Advanced Threat Defense sandboxing appliance.</span>\r\n<span style=\"color: rgb(97, 97, 97); \">Within a year, the company also began deploying McAfee Endpoint Threat Defense and Response and McAfee Web Gateway.</span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Infection Rate and Ransomware Reduced Dramatically</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">HollyFrontier initially deployed the McAfee Complete Endpoint Threat Protection suite. However, because of “all the ransomware going around,” HollyFrontier was anxious to install McAfee Endpoint Security and its Dynamic Application Containment (DAC) functionality. When DAC encounters a file that does not have a trusted reputation or is unknown, it immediately quarantines the file before it can infect “patient zero.” Consequently, as soon as McAfee Endpoint Security became available, the company migrated the McAfee VirusScan® Enterprise portion of its endpoint protection suite to the McAfee Endpoint Security Threat Prevention module, first rolling out version 10.1, then upgrading to version 10.2, and upgrading again to version 10.5.<br />Although DAC initially blocked a few legacy applications that are still used, Fort was able to quickly create exclusions for those applications.<span style=\"font-style: italic;\"> “The McAfee Endpoint Security graphical user interface is very easy to use,”</span> he notes.<span style=\"font-style: italic;\">“Once I created the first couple exclusions, the rest were easy.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">It didn’t take long for the biggest impact of the new endpoint protection framework to became evident. <span style=\"font-style: italic;\">“After implementing McAfee Endpoint Security and DAC, our malware infection rate plummeted,”</span> states Fort. <span style=\"font-style: italic;\">“We used to have ransomware attacks each month, but we have had none since migrating to McAfee Endpoint Security and integrating it with McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense … Truthfully, I don’t have to deal with McAfee Endpoint Security very much—and that’s a good thing.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Results of Sandbox Analysis Automatically Shared Throughout Enterprise</span><br />As Fort contemplated the benefits of an integrated security platform prior to its implementation, the integration he was most excited about was that of the endpoint and other security components with the McAfee Advanced Threat Defense.<br /><span style=\"font-style: italic;\">“McAfee Advanced Threat Defense does as much or more than other sandboxes, but its integration with other McAfee solutions is what makes it so incredibly powerful,”</span> says Fort. <span style=\"font-style: italic;\">“It immediately detects and contains a potentially malicious file on the endpoint, IPS, or gateway.<br />First it sends the file automatically to McAfee Advanced Threat Defense for analysis, and, if found malicious, the file is then automatically removed across the entire enterprise. That is truly transformative for our small security team,” states Fort. “It augments our own abilities and saves us a lot of time.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">Every day a security analyst checks McAfee Advanced Threat Defense to review the list of files that the appliance has convicted as malicious. <span style=\"font-style: italic;\">“Once an administrative assistant clicked on a phishing email,”</span> explains Fort. <span style=\"font-style: italic;\">“The IPS, McAfee Network Security Platform, blocked the suspicious file and sent it to McAfee Advanced Threat Defense, which determined that it was bad. The file appeared in the day’s list of convicted files, and we confirmed that it was indeed blocked and automatically entered in the McAfee Threat Intelligence Exchange reputation database shared throughout the enterprise.”</span><br />Periodically, the HollyFrontier security team runs assessments in which sample malware is put on a machine.<span style=\"font-style: italic;\"> “We then watch to make sure the malware shows up in McAfee Advanced Threat Defense and is removed from the host machine and blacklisted throughout the enterprise,”</span> clarifies Fort. <span style=\"font-style: italic;\">“It works every time—just as it’s supposed to.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Increasing Visibility and Facilitating Reporting with McAfee SIEM</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">The desire for better visibility across the enterprise drove HollyFrontier to replace its aging SIEM with the McAfee SIEM technology. According to Fort, McAfee SIEM technology provides a much more complete security picture and widespread visibility across the network, which helps in countless ways. To cite just one example, a considerable number of users were becoming locked out as they tried to reset their passwords because they had failed to log off other machines. A security analyst simply entered the user ID in the McAfee SIEM system, and immediately could see exactly which machines a user was logged into, whether or not he was locked out, and whether he should have access—and then could reset passwords as necessary.<span style=\"font-style: italic;\"> “In that case and many more, McAfee Enterprise Security Manager technology saves us a lot of investigative time,”</span> says Fort.</span>\r\n<span style=\"color: rgb(97, 97, 97); \">The HollyFrontier security team also uses many out-of- the-box rules and alerts, as well as custom ones within the McAfee SIEM solution.<span style=\"font-style: italic;\"> “Even if we haven’t developed a custom rule, if I have just a little information on a security event, it is easy to drill down and do a search based on single or multiple variables to find as much additional information as I need,”</span> explains Fort.</span>\r\n<span style=\"color: rgb(97, 97, 97); \">The McAfee Enterprise Security Manager solution also makes reporting easier. For example, to produce a quarterly security review to upper management, Fort simply runs out-of-the-box executive reports created by the McAfee SIEM solution and McAfee Advanced Threat Defense from within McAfee ePO software.<br />Rapid Searching Saves Time, Eliminates Vulnerabilities Faster<br />According to Fort, before learning about the McAfee integrated security platform, he had “fallen in love” with an endpoint detection and response (EDR) product from another vendor. <span style=\"font-style: italic;\">“When we looked at McAfee Endpoint Threat Defense and Response, however, we realized it did everything that other solution did,”</span> he recalls. <span style=\"font-style: italic;\">“It gives us all the information we ever wanted to know— really, really fast.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">With the McAfee EDR software, the HollyFrontier security team can eradicate vulnerabilities much faster. If Fort learns of a vulnerability in a specific version of an application—for instance, in Microsoft Office 2013—he can use the McAfee Active Response search functionality to quickly and easily find out exactly how many desktops have that version or create a list of all endpoints with that version. It took less than a minute for one of Fort’s colleagues to find all versions of Adobe Acrobat in the enterprise recently and just a few more minutes to determine which endpoints required updating. After pushing out the update, he clicked to rerun the search to confirm that all the updates were successful.<br /><span style=\"font-style: italic;\">“The rapid searching we can do using McAfee Active Response saves us a tremendous amount of time,” </span>says Fort. <span style=\"font-style: italic;\">“We used to manually maintain inventory spreadsheets of all the various applications and systems. Now we can run real-time reports in seconds, and everyone is confident they are correct.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Adding Hybrid Web Protection</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">At a McAfee user conference, while Fort was singing the praises of McAfee Network Security Platform and McAfee Advanced Threat Defense to other attendees.<br />Many of the participants were raving about McAfee Web Gateway, claiming it was their favorite McAfee product, prompting Fort to investigate. He quickly became convinced that McAfee Web Gateway was worth the investment, even though the company had an adequate web gateway solution. In addition to being able to share threat information in near real time with the other McAfee Data Exchange Layer-connected security solutions, McAfee Web Gateway offers more granular control and the ability to deploy a hybrid environment managed from the same console.<br />As a result, HollyFrontier is in the process of deploying its first McAfee Web Gateway appliance and McAfee Web Gateway Cloud Service. HollyFrontier employees working from home or on the road will be protected by the same corporate web security policies as users at corporate locations. In addition, any malware detected by McAfee Web Gateway is sent immediately to McAfee Advanced Threat Defense, and its information is shared throughout the enterprise.</span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Integration and Increased Protection Ease Security Administration</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-style: italic;\">“With the McAfee integrated security infrastructure and McAfee ePO software, I can manage just about everything through one pane of glass,” </span>says Fort. <span style=\"font-style: italic;\">“That alone makes administration so much easier, but so does increased protection. If there is an infection somewhere else in the world, thanks to McAfee Threat Intelligence Exchange, my network knows about it and is protected before the infection even reaches us. If, on the other hand, the malware is detected within our environment, it is immediately sent to McAfee Advanced Threat Defense for analysis, and the rest of the environment is automatically informed. We have reduced operational overhead dramatically while improving our security posture.”</span><br />Fort has not only been impressed with McAfee products and their integration with one another, but also with McAfee personnel. <span style=\"font-style: italic;\">“Any time I need anything, I just call or email my McAfee Security Engineer, and he responds right away,”</span> he notes. <span style=\"font-style: italic;\">“McAfee Platinum Support is also extremely responsive. I can usually get the help I need within a couple of minutes. We learned early on that McAfee is a strategic security partner as well as a dependable one.”</span></span>","alias":"mcafee-solutions-for-a-refiner-and-distributor-of-petroleum-products","roi":0,"seo":{"title":"McAfee solutions for a refiner and distributor of petroleum products","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">HollyFrontier is a Fortune 500 independent refiner and distributor of petroleum products. The company operates six refineries—five in the middle of the US and one in Ontario, Canada. The company employs 3,500 people acros","og:title":"McAfee solutions for a refiner and distributor of petroleum products","og:description":"<span style=\"color: rgb(97, 97, 97); \">HollyFrontier is a Fortune 500 independent refiner and distributor of petroleum products. The company operates six refineries—five in the middle of the US and one in Ontario, Canada. The company employs 3,500 people acros"},"deal_info":"","user":{"id":5436,"title":"HollyFrontier","logoURL":"https://old.roi4cio.com/uploads/roi/company/hfc_logo.png","alias":"hollyfrontier","address":"","roles":[],"description":" HollyFrontier is principally an independent petroleum refiner that produces high-value light products such as gasoline, diesel fuel, jet fuel, specialty lubricant products and specialty and modified asphalt.<br />HollyFrontier owns and operates refineries located in Kansas, Oklahoma, New Mexico, Wyoming and Utah and markets its refined products principally in the Southwest U.S., the Rocky Mountains extending into the Pacific Northwest and in other neighboring Plains states.\r\nIn addition, HollyFrontier produces base oils and other specialized lubricants in the U.S., Canada and the Netherlands, and exports products to more than 80 countries.\r\n<ul><li>Headquartered in Dallas, Texas</li></ul>\r\n<ul><li>Through its subsidiaries, operates five complex refineries</li></ul>\r\n<ul><li>457,000 barrels per day of crude oil processing capacity</li></ul>\r\n<ul><li>34,000 barrels per day of lubricant production capacity</li></ul>\r\n<br /><br /><br /><br /><br />","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.hollyfrontier.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"HollyFrontier","keywords":"","description":" HollyFrontier is principally an independent petroleum refiner that produces high-value light products such as gasoline, diesel fuel, jet fuel, specialty lubricant products and specialty and modified asphalt.<br />HollyFrontier owns and operates refineries loc","og:title":"HollyFrontier","og:description":" HollyFrontier is principally an independent petroleum refiner that produces high-value light products such as gasoline, diesel fuel, jet fuel, specialty lubricant products and specialty and modified asphalt.<br />HollyFrontier owns and operates refineries loc","og:image":"https://old.roi4cio.com/uploads/roi/company/hfc_logo.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":79,"logo":false,"scheme":false,"title":"McAfee Enterprise Security Manager (SIEM)","vendorVerified":1,"rating":"2.80","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-enterprise-security-manager","companyTypes":[],"description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Advanced threat intelligence</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Get actionable information on all collected events with contextual information, such as vendor threat feeds and shared indicators of compromise (IOC), to deliver prioritized, actionable information in minutes.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Critical facts in minutes, not hours</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for indications of advanced persistent threats (APTs) or IOC, and remediate a failed compliance audit.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Optimize security management and operations</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Centralize the view of your organization’s security posture, compliance status, and prioritized security issues that require investigation. Access hundreds of reports, views, rules, alerts, and dashboards.</p>","shortDescription":"McAfee Enterprise Security Manager delivers real-time visibility into all activity on systems, networks, databases, and applications","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Enterprise Security Manager (SIEM)","keywords":"compliance, information, security, McAfee, data, actionable, Security, Enterprise","description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px","og:title":"McAfee Enterprise Security Manager (SIEM)","og:description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px"},"eventUrl":"","translationId":84,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":431,"logo":false,"scheme":false,"title":"McAfee Web Gateway","vendorVerified":1,"rating":"2.70","implementationsCount":4,"suppliersCount":0,"alias":"mcafee-web-gateway","companyTypes":[],"description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can make other security tools more intelligent. None of this should disrupt the productivity of a large workforce.\r\n\r\nGateway technology for the world’s most demanding IT environments\r\n\r\nBest-in-class threat prevention\r\nProtect against highly sophisticated malware and targeted attacks that evade URL filtering and antivirus signatures. This secure web gateway provides industry-leading, proactive detection of zero-day malware with full coverage of web traffic, including SSL.\r\n\r\nThreat information sharing\r\nMcAfee Web Gateway is integrated with the Security Connected platform to enable more effective threat detection, reduce incident response times, and improve operational efficiency. Learn about key integration points, McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange.\r\n\r\nPowerful rules-based policy engine\r\nTake action on any element of the web request-response cycle, allowing limitless flexibility and web security crafted for your organization.","shortDescription":"McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine. McAfee Web Gateway is part of the McAfee Web Protection solution alongside McAfee Web Gateway Cloud Service, available together to provide optimal protection for users everywhere.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Web Gateway","keywords":"McAfee, threat, Threat, Gateway, malware, security, more, information","description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can","og:title":"McAfee Web Gateway","og:description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can"},"eventUrl":"","translationId":432,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":538,"logo":false,"scheme":false,"title":"McAfee Complete Endpoint Threat Protection","vendorVerified":1,"rating":"2.00","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-complete-endpoint-threat-protection","companyTypes":[],"description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.</p>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.</p>","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Endpoint Threat Protection","keywords":"McAfee, Complete, defenses, your, Threat, Endpoint, Protection, zero-day","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:title":"McAfee Complete Endpoint Threat Protection","og:description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that "},"eventUrl":"","translationId":595,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3408,"logo":false,"scheme":false,"title":"McAfee Active Response","vendorVerified":1,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"alias":"mcafee-active-response","companyTypes":[],"description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security posture, improve threat detection, and expand incident response capabilities through forward-looking discovery, detailed analysis, forensic investigation, comprehensive reporting, and prioritized alerts and actions.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response is proof of the effectiveness of the integrated McAfee security architecture, which is designed to resolve more threats faster and with fewer resources in a more complex world. McAfee Active Response gives you continuous visibility and powerful insights into your endpoints so you can identify breaches faster. And it provides you with the tools you need to correct issues faster and in the way that makes the most sense for your business. All of this power is managed via McAfee® ePolicy Orchestrator® (McAfee ePO™) software leveraging McAfee Data Exchange Layer—this provides unified scalability and extensibility without the need for incremental staff to administer the product.<br /><br /><span style=\"font-weight: bold;\">Key Advantages</span><br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Automated: Capture and monitor context and system state for changes that may be IoAs, as well as find dormant attack components, and send intelligence to analytics, operations, and forensic teams.</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Adaptable: When alerted, you can adjust to changes in attack methodologies; automate data collection, alerts, and responses to objects of interest; and customize your configuration to customer workflows.</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Continuous: Persistent collectors activate triggers on detection of attack events, alerting you and your systems to attack activity that you</span></li></ul>\r\n<span style=\"color: rgb(97, 97, 97); \"><br /><br /><br /><br /></span>\r\n<br /><br />","shortDescription":"McAfee Active Response is a leading innovation in finding and responding to advanced threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Active Response","keywords":"","description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security po","og:title":"McAfee Active Response","og:description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security po"},"eventUrl":"","translationId":3409,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3456,"logo":false,"scheme":false,"title":"McAfee Network Security Platform","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"alias":"mcafee-network-security-platform","companyTypes":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emulation techniques, moving beyond mere pattern matching to defend against stealthy attacks with a high degree of accuracy. To meet the needs of demanding networks, the platform can scale to more than 40 Gbps with a single device. The integrated McAfee solution portfolio streamlines security operations by combining real-time McAfee Global Threat Intelligence feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.<br /><br /><span style=\"font-weight: bold;\">Key Advantages</span><br />■ Quickly detects and blocks threats to protect applications and data<br />■ High-performance, scalable solution for dynamic environments<br />■ Centralized management for visibility and control<br />■ Advanced detection, including signature-less malware analysis<br />■ Inbound and outbound SSL decryption to inspect network traffic<br />■ High-availability and disaster recovery protection<br />■ Virtual appliances also available<br />■ Integrates with McAfee solution portfolio for device-to-cloud security<br /></span><br />","shortDescription":"McAfee Network Security Platform is a next-generation intrusion prevention system (IPS) that redefines how organizations block advanced threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Network Security Platform","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emu","og:title":"McAfee Network Security Platform","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emu"},"eventUrl":"","translationId":3457,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":220,"title":"United States","name":"USA"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":8,"title":"Reduce Production Timelines"},{"id":10,"title":"Ensure Compliance"},{"id":254,"title":"Centralize management"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":350,"title":"No monitoring of corporate IT processes"},{"id":383,"title":"Shortage of inhouse IT engineers"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":395,"title":"Decentralization of management"},{"id":396,"title":"Low speed of report generation"},{"id":397,"title":"Insufficient risk management"},{"id":400,"title":"High costs"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"},{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-hollyfrontier.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0}]}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}
