Log in
Products
Our Products
Pitch Avatar
Create an avatar for the event
IT catalogs
Find IT product
Bonus4Reference
Get reference from user
IT catalogs
it_our_it_catalogs
Find and compare IT products
Learn implementation reviews
Find vendor and company-supplier
Explore IT products by category
About Us
Blog
Sign Up
Sign In
Home
/
Companies
/
starlightmedia
-
All countries
Update profile
{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"_type":"localeString","en":"Vendor","ru":"Производитель"},"role-supplier":{"en":"Supplier","ru":"Поставщик","_type":"localeString"},"products-popover":{"en":"Products","de":"die produkte","ru":"Продукты","_type":"localeString"},"introduction-popover":{"ru":"внедрения","_type":"localeString","en":"introduction"},"partners-popover":{"ru":"партнеры","_type":"localeString","en":"partners"},"update-profile-button":{"en":"Update profile","ru":"Обновить профиль","_type":"localeString"},"read-more-button":{"ru":"Показать ещё","_type":"localeString","en":"Show more"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"user-implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"categories":{"en":"Categories","ru":"Компетенции","_type":"localeString"},"description":{"_type":"localeString","en":"Description","ru":"Описание"},"role-user":{"_type":"localeString","en":"User","ru":"Пользователь"},"partnership-vendors":{"ru":"Партнерство с производителями","_type":"localeString","en":"Partnership with vendors"},"partnership-suppliers":{"ru":"Партнерство с поставщиками","_type":"localeString","en":"Partnership with suppliers"},"reference-bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus 4 reference"},"partner-status":{"_type":"localeString","en":"Partner status","ru":"Статус партнёра"},"country":{"ru":"Страна","_type":"localeString","en":"Country"},"partner-types":{"ru":"Типы партнеров","_type":"localeString","en":"Partner types"},"branch-popover":{"en":"branch","ru":"область деятельности","_type":"localeString"},"employees-popover":{"ru":"количество сотрудников","_type":"localeString","en":"number of employees"},"partnership-programme":{"_type":"localeString","en":"Partnership program","ru":"Партнерская программа"},"partner-discounts":{"ru":"Партнерские скидки","_type":"localeString","en":"Partner discounts"},"registered-discounts":{"en":"Additional benefits for registering a deal","ru":"Дополнительные преимущества за регистрацию сделки","_type":"localeString"},"additional-advantages":{"ru":"Дополнительные преимущества","_type":"localeString","en":"Additional Benefits"},"additional-requirements":{"en":"Partner level requirements","ru":"Требования к уровню партнера","_type":"localeString"},"certifications":{"ru":"Сертификация технических специалистов","_type":"localeString","en":"Certification of technical specialists"},"sales-plan":{"ru":"Годовой план продаж","_type":"localeString","en":"Annual Sales Plan"},"partners-vendors":{"en":"Partners-vendors","ru":"Партнеры-производители","_type":"localeString"},"partners-suppliers":{"_type":"localeString","en":"Partners-suppliers","ru":"Партнеры-поставщики"},"all-countries":{"_type":"localeString","en":"All countries","ru":"Все страны"},"supplied-products":{"ru":"Поставляемые продукты","_type":"localeString","en":"Supplied products"},"vendored-products":{"ru":"Производимые продукты","_type":"localeString","en":"Produced products"},"vendor-implementations":{"en":"Produced deployments","ru":"Производимые внедрения","_type":"localeString"},"supplier-implementations":{"ru":"Поставляемые внедрения","_type":"localeString","en":"Supplied deployments"},"show-all":{"ru":"Показать все","_type":"localeString","en":"Show all"},"not-yet-converted":{"en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString"},"schedule-event":{"_type":"localeString","en":"Events schedule","ru":"Pасписание событий"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"register":{"_type":"localeString","en":"Register","ru":"Регистрация "},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"auth-message":{"en":"To view company events please log in or register on the sit.","ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString"},"company-presentation":{"ru":"Презентация компании","_type":"localeString","en":"Company presentation"}},"header":{"help":{"_type":"localeString","en":"Help","de":"Hilfe","ru":"Помощь"},"how":{"en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString"},"login":{"de":"Einloggen","ru":"Вход","_type":"localeString","en":"Log in"},"logout":{"en":"Sign out","ru":"Выйти","_type":"localeString"},"faq":{"de":"FAQ","ru":"FAQ","_type":"localeString","en":"FAQ"},"references":{"de":"References","ru":"Мои запросы","_type":"localeString","en":"Requests"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"_type":"localeString","en":" Price calculator","ru":"Калькулятор цены"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"_type":"localeString","en":"ROI calculators","ru":"ROI калькуляторы"},"b4r":{"_type":"localeString","en":"Bonus for reference","ru":"Бонус за референс"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"categories":{"en":"Categories","ru":"Категории","_type":"localeString"},"for-suppliers":{"en":"For suppliers","ru":"Поставщикам","_type":"localeString"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"en":"Deletion","ru":"Удаление","_type":"localeString"},"comparison-confirm":{"_type":"localeString","en":"Are you sure you want to delete","ru":"Подтвердите удаление"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"en":"Products","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"en":"Learn implementation reviews","_type":"localeString"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"en":"IT catalogs","_type":"localeString"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"ru":"О компании","_type":"localeString","en":"My Company","de":"Über die Firma"},"about":{"_type":"localeString","en":"About us","de":"Über uns","ru":"О нас"},"infocenter":{"ru":"Инфоцентр","_type":"localeString","en":"Infocenter","de":"Infocenter"},"tariffs":{"en":"Subscriptions","de":"Tarife","ru":"Тарифы","_type":"localeString"},"contact":{"ru":"Связаться с нами","_type":"localeString","en":"Contact us","de":"Kontaktiere uns"},"marketplace":{"de":"Marketplace","ru":"Marketplace","_type":"localeString","en":"Marketplace"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche","ru":"Подобрать и сравнить"},"calculate":{"en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString"},"get_bonus":{"en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"_type":"localeString","en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов"},"roi_calcs":{"_type":"localeString","en":"ROI calculators","de":"ROI-Rechner","ru":"ROI калькуляторы"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference"},"our_social":{"_type":"localeString","en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети"},"subscribe":{"de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter"},"subscribe_info":{"_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта"},"policy":{"en":"Privacy Policy","ru":"Политика конфиденциальности","_type":"localeString"},"user_agreement":{"_type":"localeString","en":"Agreement","ru":"Пользовательское соглашение "},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"en":"Price calculator","ru":"Калькулятор цены","_type":"localeString"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"ru":"блог","_type":"localeString","en":"blog"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"en":"categories","ru":"категории","_type":"localeString"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*"},"subscribe__submit-label":{"_type":"localeString","en":"Subscribe","ru":"Подписаться"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"en":"You are successfully subscribed! Check you mailbox.","ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString"},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."},"roi4presenter":{"de":"roi4presenter","ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"_type":"localeString","en":"Registration","ru":"Регистрация"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"_type":"localeString","en":"First name","ru":"Имя"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"_type":"localeString","en":"Position","ru":"Должность"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"_type":"localeString","en":"Received ROI","ru":"Полученный ROI"},"saving-type":{"en":"Saving type","ru":"Тип экономии","_type":"localeString"},"comment":{"en":"Comment","ru":"Комментарий","_type":"localeString"},"your-rate":{"en":"Your rate","ru":"Ваша оценка","_type":"localeString"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"ru":"Спасибо за ваше понимание","_type":"localeString","en":"Thank you for your understanding"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"title":{"en":"ROI4CIO: Company","ru":"ROI4CIO: Компания","_type":"localeString"},"meta":[{"content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg","name":"og:image"},{"name":"og:type","content":"website"}],"translatable_meta":[{"name":"title","translations":{"_type":"localeString","en":"Company","ru":"Компания"}},{"translations":{"_type":"localeString","en":"Company description","ru":"Описание компании"},"name":"description"},{"name":"keywords","translations":{"_type":"localeString","en":"Company keywords","ru":"Ключевые слова для компании"}}]}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"mcafee":{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[{"id":3,"type":"vendor"}],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":["vendor"],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[{"id":670,"title":"McAfee Advanced Threat Defense for large global software company","description":"This large global software company with more than 20,000 employees in 20 countries has implemented an IT infrastructure that is highly virtual and fluid. Systems come and go daily on the company’s network. For instance, in a recent week, 45,000 systems, including virtual machines, connected to the corporate network.\r\nHowever, during peak periods, up to 150,000 endpoints can be connected. For the company’s senior manager of security engineering, who oversees the team responsible for deployment of all security tools across the global enterprise, this environment poses distinct challenges. ","alias":"mcafee-advanced-threat-defense-for-large-global-software-company","roi":0,"seo":{"title":"McAfee Advanced Threat Defense for large global software company","keywords":"","description":"This large global software company with more than 20,000 employees in 20 countries has implemented an IT infrastructure that is highly virtual and fluid. Systems come and go daily on the company’s network. For instance, in a recent week, 45,000 systems, includ","og:title":"McAfee Advanced Threat Defense for large global software company","og:description":"This large global software company with more than 20,000 employees in 20 countries has implemented an IT infrastructure that is highly virtual and fluid. Systems come and go daily on the company’s network. For instance, in a recent week, 45,000 systems, includ"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":10,"title":"Ensure Compliance"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":281,"title":"No IT security guidelines"},{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":387,"title":"Non-compliant with IT security requirements"}]}},"categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-multinational-software-company.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":793,"title":"McAfee Cloud Workload Security for Large Government Contractor","description":"A large, for-profit government contractor based in the eastern corridor of Washington, D.C. provides business services to government agencies in the US and other countries. Employing more than 15,000 professionals, the organization administers programs of all sizes, from enormous federal programs to smaller state and local programs that directly assist a broad sector of the population.\r\n<span style=\"font-weight: bold;\">Biggest Challenge of Adopting the Cloud isn’t Technical</span>\r\nIncreasingly the organization’s clients had begun asking about the possibility of receiving cloud-based services because of lower TCO. Internally, the company also realized that it could reap significant benefits from providing services using the public cloud. Like its customers, the organization could take advantage of reduced TCO. Using the public cloud, it could also quickly ramp up or scale down the number of users—a huge benefit for a company with so many contracted projects.\r\nClearly, the cloud belonged in the government contractor’s future, so the system analyst and his colleagues set out to figure out how best to secure it. In the process, they discovered that, as he puts it:<span style=\"font-style: italic;\"> “The biggest challenge of the public cloud isn’t technical.”</span> Rather, it is overcoming the perception that the cloud can’t be secured.\r\n<span style=\"font-style: italic;\">“We have had to educate both internally and externally that we can extend our existing threat defenses beyond our physical infrastructure to the public cloud,”</span> says the system analyst. <span style=\"font-style: italic;\">“Education is ongoing, but our success thus far at securely leveraging the public cloud is converting the naysayers.”</span>\r\n<span style=\"font-weight: bold;\">Easy Deployment of Cloud Protection for AWS</span>\r\nAfter carefully researching cloud security options, the company decided to implement McAfee Cloud Workload Security before launching its first contracted project using Amazon Web Services (AWS). They already relied on the McAfee integrated security platform and a variety of McAfee solutions to secure its physical and virtual infrastructure of 35,000 endpoints (including servers).\r\nThese products are all managed using the McAfee ePO central console—as is McAfee Cloud Workload Security.<br /><span style=\"font-style: italic;\">“Adding the public cloud to our McAfee infrastructure was simple,”</span> notes the system analyst. <span style=\"font-style: italic;\">“We spun out the cloud side in less than a week. With McAfee ePO software, it was easy to implement McAfee Cloud Workload Security and set security policies for the project.”</span>\r\nAs part of the McAfee Cloud Workload Security solution, they deployed the Data Center Connector for AWS, Cloud Usage Metering, Data Protection for Cloud, Data Center Visualization, and Data Center Assessment components. With this functionality, the organization has end-to-end visibility into all cloud workloads and their underlying platforms and insights into weak security controls, unsafe firewall and encryption settings, and indicators of compromise (IoCs). In addition, the same McAfee Endpoint Security, which protects its physical and virtual endpoints, protects the company’s endpoints within the AWS cloud.\r\n<span style=\"font-weight: bold;\">Flexibility and Bandwidth to Accommodate Volatility in Server Volume</span>\r\nThe company’s first AWS-based project serves a handful of US federal government agencies with a combined total of 1,500 endpoints. As part of the project, the company created a web-based portal where authorized users from these agencies can review aspects of their program’s infrastructure, request changes, and exchange information. <span style=\"font-style: italic;\">“Portal traffic is very fluid,”</span> explains the system analyst. <span style=\"font-style: italic;\">“The number of servers can increase or contract sometimes daily; five to 20 instances come online very week. The public cloud is the perfect vehicle to handle such fluctuations in bandwidth requirements.”</span>\r\nFor this multiple-agency project, the workloads that run in the public cloud are generated by:<br />■ SQL and Oracle databases<br />■ Imaging software, since a huge volume of documents need to be stored digitally for years<br />■ Agency- or contract-specific applications\r\n<span style=\"font-weight: bold;\">Small Team Able to Manage Security Across Hybrid Environment</span>\r\nFor this project, 95% of the security policies for the endpoints within the AWS public cloud are the same as for the company’s physical endpoints, but 5% are unique to the project.<span style=\"font-style: italic;\">“We run a base set of policies for every project, to meet ISO requirements and so on, but with McAfee ePO software, we can easily add or customize policies to meet the security needs of each specific contract and project,”</span>notes the system analyst.\r\nThanks to the intuitive McAfee ePO management console, the company’s information security team of five, spread across three locations, can effectively and efficiently manage a host of McAfee solutions and even some non-McAfee solutions, across a widely dispersed physical and virtual infrastructure that includes private and public cloud. <span style=\"font-style: italic;\">“As a small but dispersed team, we must have tools that work well together and enable us to work efficiently with one another,”</span> says the system analyst.<span style=\"font-style: italic;\">“McAfee ePO software is basically our eyes and ears across the entire environment. We use it for day-to- day management as well as to remediate threats quickly in conjunction with our McAfee SIEM.”</span>\r\n<span style=\"font-weight: bold;\">Custom Reports and Automated Responses Speed Compliance and Resolution</span>\r\nUsing McAfee ePO software, the system analyst and his colleagues have also created customized reports and automated responses as an added cloud defense measure. <span style=\"font-style: italic;\">“To us, whether the endpoint is in the public cloud or on premises, it doesn’t matter,”</span> he says.<span style=\"font-style: italic;\"> “We use McAfee ePO software the same way, to manage as well as accelerate time to compliance and resolution.”</span>\r\nFor example, in McAfee ePO software, he created an agent access report, which runs frequently. The report details which endpoint agents are not reporting back on a regular basis. If an agent doesn’t respond within a set number of minutes—the number is set in the project contract—then the information security team will automatically be notified to investigate. The team also receives automatic notifications if file integrity monitoring queries discover that certain thresholds are reached, such as a user accessing an executable file a certain number of times within a certain number of minutes.\r\n<span style=\"font-weight: bold;\">“Full Speed Ahead” for AWS Expansion</span>\r\nThe government contractor has built a hardy, multilayered defense with a McAfee integrated security infrastructure backbone that protects its widely dispersed, hybrid environment and numerous, global government customers. With the addition of McAfee Cloud Workload Security, they have extended that defense and laid the foundation for securely leveraging the public cloud even more in the future, to the benefit of both the company and its customers.<br /><span style=\"font-style: italic;\">“Now that we can extend robust security to the public cloud, it’s not a question of if we’ll put more projects in AWS, but how many,”</span>says the system analyst.<span style=\"font-style: italic;\">“It’s full speed ahead.”</span>","alias":"mcafee-cloud-workload-security-for-large-government-contractor","roi":0,"seo":{"title":"McAfee Cloud Workload Security for Large Government Contractor","keywords":"","description":"A large, for-profit government contractor based in the eastern corridor of Washington, D.C. provides business services to government agencies in the US and other countries. Employing more than 15,000 professionals, the organization administers programs of all ","og:title":"McAfee Cloud Workload Security for Large Government Contractor","og:description":"A large, for-profit government contractor based in the eastern corridor of Washington, D.C. provides business services to government agencies in the US and other countries. Employing more than 15,000 professionals, the organization administers programs of all "},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3410,"logo":false,"scheme":false,"title":"McAfee Cloud Workload Security","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"alias":"mcafee-cloud-workload-security","companyTypes":[],"description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it possible for a single, automated policy to effectively secure your workloads as they transition through your virtual private, public, and multicloud environments, enabling operational excellence for your cybersecurity teams.\r\n<span style=\"font-weight: bold; \">Automate discovery and deployment</span>\r\nContinuous workload discovery gives you a centralized perspective of all instances across your Amazon Web Services (AWS), Microsoft Azure, and VMware accounts, while automation templates ensure your workloads are protected from the start.\r\n<span style=\"font-weight: bold; \">Visualize and control network threats</span>\r\nTraditional perimeter-based security doesn’t work across hybrid workloads due to their amorphous and decentralized nature. Cloud-native network visualization, prioritized risk alerting, and micro-segmentation deliver awareness and control to prevent both lateral attacks in the data center and external threats\r\n<span style=\"font-weight: bold; \">Defend workloads against advanced attacks</span>\r\nIntegrated countermeasures spanning machine learning, application containment, virtual machine-optimized anti-malware, whitelisting, file integrity monitoring, and micro-segmentation, protect workloads from threats like ransomware and targeted attacks.\r\n<span style=\"font-weight: bold; \">Simplify cloud security management</span>\r\nA single-pane console consolidates security policy and management across physical endpoints, servers, virtual servers and desktops, and hybrid and multi-cloud environments. Isolation allows you to use micro-segmentation to quarantine workloads and containers with a single click.\r\n\r\n<span style=\"font-weight: bold; \">SECURITY BUILD FOR THE CLOUD</span>\r\n<span style=\"text-decoration: underline; \">Cloud and DevOps integration</span>\r\nMcAfee Cloud Workload Security works directly with AWS, Microsoft Azure, and VMware environments to provide continuous visibility, while delivering deployment automation through common DevOps tool support (Chef, Puppet, and shell scripts).\r\n<span style=\"text-decoration: underline; \">Optimized for virtual workloads</span>\r\nLeverage advanced host-based workload defense optimized specifically for virtual instances to avoid resource storms that can strain underlying infrastructure.<br /><br /><span style=\"text-decoration: underline; \">Cloud-native network control</span>\r\nWith increased awareness and control of your cloud workloads you can prevent both lateral attacks in the data center and external threats.<br /><br /><span style=\"text-decoration: underline; \">Cloud provider direct integration</span>\r\nAdditional capabilities are enabled through direct integration with cloud providers such as AWS. For example, AWS GuardDuty alerts integrate directly into McAfee ePO, displaying network connections, port probes, and DNS requests for EC2 instances.\r\n\r\nMcAfee Cloud Workload Security:\r\n<ul><li>McAfee Cloud Workload Security Basic</li></ul>\r\n<ul><li>McAfee Cloud Workload Security Essentials</li></ul>\r\n<ul><li>McAfee Cloud Workload Security Advanced</li></ul>","shortDescription":"McAfee Cloud Workload Security secures your hybrid infrastructure workloads","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Cloud Workload Security","keywords":"","description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it ","og:title":"McAfee Cloud Workload Security","og:description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it "},"eventUrl":"","translationId":3411,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":220,"title":"United States","name":"USA"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":7,"title":"Improve Customer Service"},{"id":254,"title":"Centralize management"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":340,"title":"Low quality of customer service"},{"id":352,"title":"Non-existent or decentralized IT incidents' management"},{"id":354,"title":"Low bandwidth data channels"},{"id":375,"title":"No support for mobile and remote users"},{"id":378,"title":"Low employee productivity"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-large-government-contractor.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":668,"title":"McAfee Endpoint Security for educational organization in Brazil","description":"SOMOS Educação, the largest K through 12 educational organization in Brazil, with more than 50 sites across Brazil, looked to McAfee for a robust, scalable endpoint security solution; simple, centralized management; and stronger protection for sensitive business and personal data.\r\n<span style=\"font-weight: bold; \"><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">SOMOS Educação/</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Customer Profile</span></span>\r\n<ul><li>Incorporated in 2011, SOMOSEducação (SEDU3:BZ) is thelargest K through 12 group inBrazil. It has a broad portfolioof integrated educationalsolutions (textbooks, digitalproducts, and services) andalso administers proprietaryschools and preparatorycourses.</li><li>Industry:Education</li><li>IT Environment:3,000 nodes, 5,000 employees,50 sites</li></ul>\r\n<span style=\"font-weight: bold; \">Challenges</span>\r\n<ul><li>Prevent both internal business data and personal data from being exfiltrated</li><li>Reduce security management complexity in a distributed environment</li><li>Find a security vendor that offers robust, integrated solutions and reliable support at an affordable price</li><li>Accelerate threat detection and mitigation</li><li>Raise security awareness among employees</li></ul>\r\n<span style=\"font-weight: bold; \">McAfee Solution</span>\r\n<ul><li>McAfee® Complete Endpoint Protection</li><li>McAfee® DLP Endpoint</li><li>McAfee® Drive Encryption</li><li>McAfee® ePolicy Orchestrator® (McAfee ePO™)</li><li>McAfee® Web Protection</li></ul>\r\n<span style=\"font-weight: bold; \">Results</span>\r\n<ul><li>An integrated, single-vendor security architecture</li><li>Centralized and scalable single-console management</li><li>Comprehensive, full-coverage endpoint protection</li><li>Improved protection for sensitive data</li><li>Greater peace of mind for parents, students, schools, and employees</li><li>Simplified deployment </li></ul>\r\nFor Juliano Pereira, CIO, and his IT colleagues at SOMOS Educação, securing sensitive data and the infrastructure is paramount to his organization’s greater mission, which is to elevate the nation of Brazil by contributing an important intangible asset: education. With the full support of the board and executive team, Pereira and his team have embarked on a journey to solidify and stabilize their cybersecurity strategy in order to better protect student information and business data and allow employees to work safely and without interruption.\r\nWith a lean and efficient security team overseeing 50 sites, 3,000 nodes, and 5,000 employees distributed across Brazil, SOMOS needed a reliable vendor that could offer robust, scalable solutions, centralized management, and excellent service and support. Chief among the organization’s cybersecurity concerns are protecting against advanced threats like WannaCry ransomware, which hit several government agencies in Brazil in 2017; safeguarding business information; and preserving the privacy of the students SOMOS serves. Dissatisfied with their previous vendor because of poor service, a limited feature set, and implementation complexity, the IT leadership team at SOMOS selected McAfee as the organization’s primary security vendor based on the reputation of the McAfee brand; its connected, integrated portfolio; and the affordability of its solutions. The organization implemented McAfee endpoint security, data protection, and single-console security management. As Ricardo Costa, IT governance manager, notes,<span style=\"font-style: italic; \"> “Because many IT team members had positive experiences with McAfee in the past, it was an easy decision.”</span>\r\n<span style=\"font-weight: bold; \">Single-Agent Endpoint Security Platform Reduces Infections and Improves Detection</span>\r\nPereira and his team deployed McAfee® Complete Endpoint Protection to its 3,000 endpoints in several phases over a period of only three months. The deployment was smooth and straightforward, with “zero errors,” as Marco Aurelio, IT infrastructure manager, asserts.\r\nWith its single-agent architecture, McAfee Complete Endpoint Protection provides SOMOS with a single, consolidated platform that brings together multiple defenses. So far, the security team has deployed four modules. The Threat Prevention module provides intelligent, on-demand scanning and coverage for vulnerabilities and exploits. The Web Control module ensures that employees are safe when browsing the web and downloading files. And, the Firewall module leverages McAfee® Global Intelligence reputation scores to protect users from network attacks. The team has also implemented Real Protect, which uses real-time behavioral analysis and machine learning to detect advanced and zero-day threats. According to Pereira, the organization has significantly improved its ability to quickly detect malware and suspicious activities and neutralize threats.\r\n<span style=\"font-weight: bold;\">McAfee DLP Endpoint Technology Safeguards Business and Personal Information</span>\r\nTo address data protection and privacy concerns, the organization implemented McAfee DLP Endpoint, which protects data at rest, in use, and in motion across all endpoints. McAfee DLP Endpoint capabilities make it easy to categorize and map out the data that flows through the organization and apply appropriate controls and policies to relevant assets. Additionally, drive encryption combined with strong access control prevents employees from unauthorized access to confidential data on all endpoints—from desktops and laptops to tablets and USB drives. Pereira has made a point to inform employees about these new data security controls and believes that this has helped instill a greater sense of vigilance about handling sensitive data across the organization.\r\n<span style=\"font-style: italic;\">“One of our biggest issues is possible damage to our reputation should a breach occur. I believe that implementing McAfee DLP will have a positive effect on everyone. Students and their parents will feel more at ease, and employees will be more mindful about the way they use and transmit data,” points out Willians Santos, IT security leader.</span>\r\n<span style=\"font-weight: bold;\">McAfee ePO Simplifies Management and Increases Security Effectiveness</span>\r\nTying it all together is the McAfee ePO management console. Pereira’s staff can now maximize their time and efficiency by getting visibility into the organization’s entire infrastructure from a centralized single pane of glass. The easy-to-use McAfee ePO console enables the team to monitor the security health of endpoints and servers and to create and enforce data protection policies.\r\nThey regularly check both built-in and customized dashboards that provide them with valuable data and statistics like the number of threat events within a defined timeframe, including names of affected hosts and types of threats. Just recently, for example, they discovered that, via the McAfee ePO console, McAfee intercepted 1,065 threats in the course of a week.\r\nFundamental to the McAfee connected ecosystem, the McAfee ePO console has simplified security management at SOMOS Educação and has empowered its security professionals to be more effective through automation.\r\n<span style=\"font-style: italic;\">“The single greatest benefit we’ve experienced from McAfee is the ability to use a single tool for security management, which makes it easy to scale as required. Now everyone everywhere can enjoy the same level of security,” relates Pereira.</span>\r\n<span style=\"font-weight: bold;\">McAfee Helps Drive Technology Innovation</span>\r\nThe company has big plans for the next two years. Migration of educational services to the cloud is currently in the works. SOMOS Educação has two major instructional systems in the cloud and is negotiating with partners to implement new modules and updated versions of existing systems. They have also migrated several applications focused on student assessment, tutoring, and other learning activities. McAfee® Web\r\nProtection provides a unified defense, including antimalware, web filtering with reputation scoring, cloud application control, and real-time behavioral analysis to help prevent against zero-day threats. It provides the organization with consistent protection and policy enforcement in the cloud as well as on premises.\r\nPereira explains that the organization is doing everything possible to strengthen its security architecture: updating and stabilizing the environment overall; investing in cutting-edge defenses for endpoints, servers, and databases; streamlining, evaluating, and testing every new security tool against potential threats; and improving technology processes.\r\n<span style=\"font-style: italic;\">“We are at the beginning of our journey, and we still </span><span style=\"font-style: italic;\">have far to go before we achieve all our goals, but we </span><span style=\"font-style: italic;\">take pride in the fact that we are leading the way when </span><span style=\"font-style: italic;\">it comes to cybersecurity. When our schools hear that </span><span style=\"font-style: italic;\">we are providing them with stronger security, they are</span><span style=\"font-style: italic;\">really pleased and receptive. Compared to 99% of the</span><span style=\"font-style: italic;\">educational organizations in Brazil, we are way ahead of</span><span style=\"font-style: italic;\">the game,” Pereira affirms.</span>","alias":"mcafee-endpoint-security-for-educational-organization-in-brazil","roi":0,"seo":{"title":"McAfee Endpoint Security for educational organization in Brazil","keywords":"","description":"SOMOS Educação, the largest K through 12 educational organization in Brazil, with more than 50 sites across Brazil, looked to McAfee for a robust, scalable endpoint security solution; simple, centralized management; and stronger protection for sensitive busine","og:title":"McAfee Endpoint Security for educational organization in Brazil","og:description":"SOMOS Educação, the largest K through 12 educational organization in Brazil, with more than 50 sites across Brazil, looked to McAfee for a robust, scalable endpoint security solution; simple, centralized management; and stronger protection for sensitive busine"},"deal_info":"","user":{"id":4371,"title":"SOMOS Educação","logoURL":"https://old.roi4cio.com/uploads/roi/company/SOMOS_Educacao.png","alias":"somos-educacao","address":"","roles":[],"description":"SOMOS Educação is the main group of basic education in Brazil.\r\nOur schools, education systems, publishers and educational solutions for Elementary, Technical and Higher Education impact the day to day and transform the lives of thousands of educators and millions of students nationwide.\r\nThe brands that make up the SOMOS Educação group are quality references and empower the group's ability to form a better prepared society.\r\nBuilding on all this, there is a team of restless professionals who share the commitment to form generations of Brazilians ever better.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.somoseducacao.com.br/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"SOMOS Educação","keywords":"","description":"SOMOS Educação is the main group of basic education in Brazil.\r\nOur schools, education systems, publishers and educational solutions for Elementary, Technical and Higher Education impact the day to day and transform the lives of thousands of educators and mill","og:title":"SOMOS Educação","og:description":"SOMOS Educação is the main group of basic education in Brazil.\r\nOur schools, education systems, publishers and educational solutions for Elementary, Technical and Higher Education impact the day to day and transform the lives of thousands of educators and mill","og:image":"https://old.roi4cio.com/uploads/roi/company/SOMOS_Educacao.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":400,"title":"High costs"}]}},"categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-somos.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":542,"title":"McAfee Endpoint Security for global software company","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">security platform widens the scope of threat detection to include unmanaged devices</span>\r\n<span style=\"font-weight: bold; \">Multinational Software Company</span>\r\n<ul><li>Large global software company</li><li>Industry: Technology</li><li>Environment: Fluid environment with up to 150,000 endpoints at any given time, many of them virtual, across 20 countries</li></ul>\r\n<span style=\"font-weight: bold; \">Challenges</span>\r\n<ul><li>Protect against zero-day threats across extended global enterprise</li><li>Shrink detection to remediation gap</li></ul>\r\n<span style=\"font-weight: bold; \">McAfee solution</span>\r\n<ul><li>McAfee® Advanced Threat Defense</li><li>McAfee® Complete Endpoint Threat Protection</li><li>McAfee® ePolicy Orchestrator®</li><li>McAfee® Threat Intelligence Exchange</li></ul>\r\n<span style=\"font-weight: bold; \">Results</span>\r\n<ul><li>Accelerates time to protection, thanks to automation</li><li>Augments threat reputation information shared across</li><li>McAfee ePO softwaremanaged devices with information gleaned from incidents involving unmanaged devices</li><li>Facilitates endpoint incident forensics and accelerates response</li><li>Saves security operations time and hassle</li></ul>\r\nAutomated submission of threat information to McAfee Advanced Threat Defense and automated sharing of that information across the enterprise improves protection while saving security operations time and hassle.\r\nThis large global software company with more than 20,000 employees in 20 countries has implemented an IT infrastructure that is highly virtual and fluid. Systems come and go daily on the company’s network. For instance, in a recent week, 45,000 systems, including virtual machines, connected to the corporate network. However, during peak periods, up to 150,000 endpoints can be connected. For the company’s senior manager of security engineering, who oversees the team responsible for deployment of all security tools across the global enterprise, this environment poses distinct challenges.\r\n<span style=\"font-weight: bold; \">Challenge: Close Gaps to Block Zero-Day Attacks</span>\r\nAlthough the company employs the McAfee Complete Endpoint Threat Protection suite on all its high-risk physical and virtual endpoints, it also has many virtual endpoints connecting to its network that do not have a McAfee agent installed and are therefore not updated with the latest threat protection via the McAfee ePolicy Orchestrator (McAfee® ePO™) management console. The company’s more important virtual machines host a McAfee agent but many “low-risk” systems do not. Until recently, if one of these unmanaged endpoints downloaded a malicious file, the McAfee ePO softwaremanaged endpoints would be at risk because they had no way of knowing of the existence of that threat within the environment.\r\n<span style=\"font-style: italic; \">“Zero-day threats are our biggest concern,” remarks the senior manager of security engineering. “If any of our endpoints—managed or unmanaged—downloads a zero-day threat, we want our whole environment to know about it, and we want to be able to react appropriately as fast as possible.”</span>\r\nIn addition, if a managed endpoint became infected, security analysts would receive an alert, but, because of the fluidity of systems coming on and off the network, by the time an analyst has logged in and has attempted to find the suspicious payload, the system could easily have moved offline, essentially removing the information needed to understand what had transpired. As a result, security operations center (SOC) engineers found that they had to spend extra time tracking down infected systems and remediating them.\r\n<span style=\"font-weight: bold; \">Hunting and Blocking Zero-Day Threats with McAfee Advanced Threat Defense</span>\r\nAlong with McAfee Complete Endpoint Threat Protection, the company had implemented the Data Exchange Layer (DXL) communication fabric and McAfee Threat Intelligence Exchange. DXL connects and optimizes security actions across multiple vendor products, as well as internally developed and open source solutions, and McAfee Threat Intelligence Exchange leverages DXL to bi-directionally share threat information across all DXL-connected systems. To this automated threat reputation-sharing framework, the company added McAfee Advanced Threat Defense for “zero-day hunting,” as the senior manager of security engineering describes the appliance’s main role. \r\n<span style=\"font-style: italic;\">“If an unknown or suspicious file comes across one of</span><span style=\"font-style: italic;\">our endpoints protected by McAfee Endpoint Security, </span><span style=\"font-style: italic;\">the file is automatically sent to McAfee Advanced Threat</span><span style=\"font-style: italic;\">Defense for sophisticated static and dynamic behavioral</span><span style=\"font-style: italic;\">analysis,” explains the senior manager of security</span><span style=\"font-style: italic;\">engineering. “If McAfee Advanced Threat Defense</span><span style=\"font-style: italic;\">deems the file to be malicious, its reputation is then</span><span style=\"font-style: italic;\">automatically broadcast via McAfee Threat Intelligence</span><span style=\"font-style: italic;\">Exchange to all the endpoints connected to DXL. This</span><span style=\"font-style: italic;\">automatic distribution of threat reputation information</span><span style=\"font-style: italic;\">helps us block zero-day threats before they can harm</span><span style=\"font-style: italic;\">our environment.”</span>\r\n<span style=\"font-weight: bold;\">Enhancing Intrusion Detection with Bro</span>\r\nBut what about threats entering the environment through the company’s many unmanaged endpoints? To extend detection to these systems, the company turned to the open-source Bro network security monitoring platform. Bro ingests the company’s network traffic off a span or inline tap and converts the traffic data into logs and metadata in binary format. In a typical week, Bro submits approximately 6,000 files to McAfee Advanced Threat Defense for analysis. Of those, approximately 10% to 20% end up in the McAfee Threat Intelligence Exchange threat reputation database and are subsequently shared throughout the enterprise.\r\n<span style=\"font-style: italic;\">“Bro gives us the ability to retain network traffic in a searchable format, which is extremely useful,” the senior manager of security engineering explains. “For instance, using Bro, we can search for source or distributed IP so we can easily conduct lightweight investigations— discover who or what connected to a specific IP address, what the payload looks like, determine the packet size, and so on.”</span>\r\nThe information captured by Bro supplements the threat information delivered via the McAfee Global Threat Intelligence cloud and disseminated via McAfee Threat Intelligence Exchange. With the Bro script and advice provided by McAfee (now available as a deployment kit), the senior manager of security engineering’s team integrated Bro with McAfee Advanced Threat Defense so that the Bro traffic data is automatically submitted to McAfee Advanced Threat Defense, just as suspicious files from McAfee Endpoint Security are automatically submitted through McAfee Threat Intelligence Exchange.\r\nSince the team was already very familiar with Bro, the integration was straightforward. \r\n<span style=\"font-weight: bold;\">Automatic Immunization Against Threats that Hit Unmanaged Endpoints</span>\r\n<span style=\"font-style: italic;\">“If one of our unmanaged endpoints downloads a malicious file, Bro will capture that event among the </span><span style=\"font-style: italic;\">network traffic and submit it to McAfee Advanced</span><span style=\"font-style: italic;\">Threat Defense for analysis,” notes the senior manager</span><span style=\"font-style: italic;\">of security engineering. “If McAfee Advanced Threat</span><span style=\"font-style: italic;\">Defense determines the file is malicious, then that</span><span style=\"font-style: italic;\">malicious reputation will be shared automatically with</span><span style=\"font-style: italic;\">every McAfee ePO software-managed system in our</span><span style=\"font-style: italic;\">entire enterprise—in other words, with all the systems</span><span style=\"font-style: italic;\">we care about. Put another way, if one of our unmanaged</span><span style=\"font-style: italic;\">virtual machines downloads a malicious file, all of our</span><span style=\"font-style: italic;\">managed devices automatically receive an immune shot.”</span>\r\n<span style=\"font-weight: bold;\">Facilitating and Accelerating Incident Response</span>\r\nWith the McAfee Advanced Threat Defense/Bro integration and threat reputation information automatically disseminated across endpoints via McAfee Threat Intelligence Exchange, inoculation of endpoints happens much faster than it did before. Consequently, there is a much greater likelihood that a system will “receive the immune shot” before it goes offline. In addition, because the actual event and surrounding intelligence is captured by Bro, even if the system goes offline, McAfee Advanced Threat Defense, as well as security analysts, have a great deal more information to help determine appropriate action, and, if necessary, to remediate more quickly.\r\n<span style=\"font-style: italic;\">“With the McAfee automated threat framework and supporting intelligence from the Bro integration, plus automated remediation that we have also set up, our SOC very rarely needs to pay attention to endpoint incidents,” points out the senior manager of security engineering. “The Bro integration and all that automation save a ton of time.”</span>\r\nTo fortify its defenses further, the company continues to build upon its DXL-based integrated security framework. For instance, the company is currently in the process of adding McAfee DLP Monitor to gather, track, and report on data in motion across its entire network and augment its McAfee DLP Endpoint host-based data protection.\r\n<span style=\"font-style: italic;\">“The more we can integrate our systems and automate </span><span style=\"font-style: italic;\">responses, the safer we will be,” says the senior manager</span><span style=\"font-style: italic;\">of security engineering.</span>","alias":"mcafee-endpoint-security-for-global-software-company","roi":0,"seo":{"title":"McAfee Endpoint Security for global software company","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; ","og:title":"McAfee Endpoint Security for global software company","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; "},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":538,"logo":false,"scheme":false,"title":"McAfee Complete Endpoint Threat Protection","vendorVerified":1,"rating":"2.00","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-complete-endpoint-threat-protection","companyTypes":[],"description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.</p>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.</p>","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Endpoint Threat Protection","keywords":"McAfee, Complete, defenses, your, Threat, Endpoint, Protection, zero-day","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:title":"McAfee Complete Endpoint Threat Protection","og:description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that "},"eventUrl":"","translationId":595,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":397,"title":"Insufficient risk management"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-multinational-software-company.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":541,"title":"McAfee Endpoint Security for marketing company","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">With McAfee® Endpoint Security, McAfee Advanced Threat Defense, and McAfee Threat </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Intelligence Exchange, this CIO can focus on his main job, using technology to</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">keep his company thriving and to increase value for his company’s customers, not</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">information security. </span>\r\n<span style=\"font-weight: bold; \">Challenges</span>\r\nSimplify security management for small information security team\r\nMinimize impact of security on business end users\r\nKeep organization secure, avoid unwanted appearances in the boardroom \r\n<span style=\"font-weight: bold; \">McAfee Solution</span>\r\n<ul><li>McAfee® Advanced ThreatDefense</li><li>McAfee Complete Endpoint Threat Protection</li><li>McAfee Endpoint Security</li><li>McAfee ePolicy Orchestrator</li><li>McAfee Threat Intelligence Exchange</li></ul>\r\n<span style=\"font-weight: bold; \">Results</span>\r\n<ul><li>Elimination of ransomware</li><li>Superior endpoint protection experience for both end users and administrators</li><li>Ability to focus on business rather than security issues</li><li>Trusted partnership with company focused solely on security</li></ul>\r\nHarry Folloder loves his job as Chief Information Officer of Waypoint, the premier sales and marketing agency for foodservice (as well as non-foods channels) in North America. As CIO, he oversees the use of technology within the company and across its 1,500 endpoints and three data centers. <span style=\"font-style: italic;\">“It’s fun,” he says. “I get to spend a lot of my time innovating and looking for ways to use technology to increase the value we provide our customers.”</span>\r\n<span style=\"font-weight: bold;\">No News is Good News</span>\r\nFolloder’s job was a lot less fun and his phone a lot less quiet a few years ago. <span style=\"font-style: italic;\">“So much of my security staff’s time was spent dealing with false positives and other program problems; they would end up calling me and griping about the problems,” recalls Folloder, who is also CIO of Marlin Networks, the leading marketing agency in the food service industry.</span>\r\n<span style=\"font-style: italic;\">“Sometimes the security issues would even take salespeople out of the field for a day or two while waiting for the issue to be resolved. Ultimately, I decided we needed a security partner focused solely on security, with products that do what they’re supposed to do, so I don’t have to hear about them and, more importantly, so our end users can keep focusing on doing their part to serve our customers and grow our business.”</span>\r\nFolloder says his top priority as CIO is to be an ambassador to clients and customers and to keep the business moving forward. “Keeping security running is not my job,” he says. “When security is running smoothly and my phone is quiet, with no unwanted calls from my security team or my Board, then I can focus on my real job.”\r\n<span style=\"font-weight: bold;\">Result of Migrating to McAfee Endpoint Security: Better User Experience and Reduced TCO</span>\r\nFolloder found in McAfee the security partner he was looking for. After replacing Waypoint’s previous endpoint protection software with McAfee Complete Endpoint Protection Enterprise (now called McAfee Complete Endpoint Threat Protection), phone calls from his staff decreased significantly. When Folloder and his staff heard that McAfee was introducing a new, more intelligent, more collaborative endpoint protection framework, McAfee Endpoint Security, they couldn’t wait to take advantage of it. After running McAfee Endpoint Security version 10.2 briefly in a test environment, they used the McAfee ePolicy Orchestrator® (McAfee ePO™) central console to push it out across all of Waypoint’s approximately 1,500 nodes. The migration of the virus scanning engine, McAfee VirusScan® Enterprise, and McAfee SiteAdvisor® software from the McAfee Complete Endpoint Threat Protection to McAfee Endpoint Security took place within a two-and-a-half-week period that also included deployment of McAfee Threat Intelligence Exchange across all endpoints and McAfee Advanced Threat Defense for sandbox analysis.\r\n<span style=\"font-style: italic;\">“Migrating to McAfee Endpoint Security was one of the easiest platform migrations ever,” notes Folloder. “It went off without a hitch. The only calls received were from a handful of users who had shut down or rebooted in the middle of the upgrade process. Folloder and his staff have been extremely pleased with the results. “McAfee Endpoint Security is a much better experience for our administrative staff, providing better protection with less management time,” says Folloder.</span>\r\n<span style=\"font-style: italic;\">“It allows us to better serve our business with higher quality levels, lower total cost of ownership, and lower cost of administration. It also allows our business users to focus on their jobs rather than issues caused by security software.”</span>\r\n<span style=\"font-weight: bold;\">No Ransomware. Period.</span>\r\nFolloder was most excited to integrate McAfee Endpoint Security with McAfee Advanced Threat Defense via McAfee Threat Intelligence Exchange, for even greater ability to combat advanced threats and deliver actionable threat forensics. Leveraging the McAfee Data Exchange Layer (DXL), McAfee Threat Intelligence Exchange combines multiple internal and external threat information sources and instantly shares this data along the DXL backbone that extends to all of the company’s nearly 1,500 nodes. Integration of McAfee Endpoint Security with Threat Intelligence Exchange enables information generated by McAfee Advanced Threat Defense to be shared immediately with all endpoints.\r\n<span style=\"font-style: italic;\">“McAfee Threat Intelligence Exchange is information sharing at its best; you’re aggregating everything that McAfee and all of its customers are seeing in a way that helps crowdsource the good info,” explains Folloder.</span>\r\n<span style=\"font-style: italic;\">“It gives us comprehensive, near real-time threat intelligence and shares it with all our machines to make them safer.”</span>\r\n<span style=\"font-style: italic;\">As for McAfee Advanced Threat Defense, Folloder says: “One of the initial things that caught my eye was the inspection methodology and in-depth analysis that Advanced Threat Defense does, that I just didn’t see elsewhere. Its simple packet inspection, which is what a lot of malware targets, and in-depth analysis of disassembled raw code drew me in immediately. Then when I found out what else it did, I became a true believer. Best of all, it fulfills its promise to detect zeroday, zero-hour attacks, and does so in a very elegant way with minimal end-user impact.”</span>\r\n“Since implementing McAfee Endpoint Security, Threat Intelligence Exchange, and Advanced Threat Defense, we haven’t had a single case of ransomware,” says Folloder.\r\n“Period.” McAfee Advanced Threat Defense also catches many undesirable files that try to install on users’ browsers, such as adware, the Mindspark toolbar, fake utilities like Optimizer Pro and PC Accelerator, and plugins for music players, coupons, and online games.\r\n<span style=\"font-weight: bold;\">Experience Improved for Both Business Users and Security Administrators</span>\r\nWaypoint’s legacy endpoint protection—McAfee VirusScan Enterprise software—although many times better than the company’s previous antivirus solution, still required some heavy processor usage at times. With the upgrade to McAfee Endpoint Security, however, the impact of malware scanning on CPU utilization has diminished significantly. \r\n“Our end users have a much better experience,” says Folloder. “Whether or not their personal computer has experienced a significant change in processor usage, all of our users perceive less interference and faster computing. Since the rollout of McAfee Endpoint Security, we haven’t heard a single complaint about corporate virus scans.”\r\nThe user experience for Waypoint’s two information security administrators has also improved with the migration to McAfee Endpoint Security. “I don’t have to interact with [Endpoint Security] much, which is a good thing,” says Folloder, “but my techs say that it has a much nicer, more modern interface than before.”\r\n<span style=\"font-weight: bold;\">Quiet and Peace of Mind “Worth Every Penny” </span>\r\n<span style=\"font-style: italic;\">“At my level, the measure of success for a product is that I haven’t had to hear about it or worry about it,” says Folloder. “I haven’t had to mess with McAfee Endpoint Security. I haven’t had to hear from anyone in the C-suite or their direct reports. It is doing exactly what we paid for it to do and I love it.” Furthermore, adds Folloder, since the migration to McAfee Endpoint Security, endpoint protection has not interrupted a single associate or sales person’s work. “The less interruptions of business and service to our customers, the better,” he states. “That’s really my overarching goal. That’s why I invest in products like McAfee Endpoint Security. It’s worth every penny.”</span>\r\n<span style=\"font-weight: bold;\">A True Security Partner</span>\r\nBut it’s not just the quality of products that count. “I look for partners, not vendors,’ says Folloder. “At the end of the day we’re a service company. Partnering with the best allows us to focus on our core competency.”\r\n<span style=\"font-style: italic;\">“I know I sound like an ad for McAfee, but I really do love that I can sleep at night, knowing that Waypoint’s IT infrastructure is protected by a company that is focused on protecting my environment and not distracted by backup or storage or whatnot,” continues Folloder. “Ask yourself, ‘Is my security vendor focused specifically on securing my environment? Does it have leading researchers and state-of-the-art resources to protect my infrastructure and users, and to keep innovating and evolving to face new threats?’ Take a hard look. My experience with McAfee has been everything a partnership should be and more.”</span>","alias":"mcafee-endpoint-security-for-marketing-company","roi":0,"seo":{"title":"McAfee Endpoint Security for marketing company","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">With McAfee® Endpoint Security, McAfee Advanced Threat Defense, and McAfee Threat </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: ","og:title":"McAfee Endpoint Security for marketing company","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">With McAfee® Endpoint Security, McAfee Advanced Threat Defense, and McAfee Threat </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: "},"deal_info":"","user":{"id":4370,"title":"Waypoint","logoURL":"https://old.roi4cio.com/uploads/roi/company/Waypoint.png","alias":"waypoint","address":"","roles":[],"description":"Waypoint is the premier national sales and marketing agency for Foodservice and Non-Foods channels and beyond.\r\nSucceeding in today’s competitive marketplace begins with gaining the advantage, and at Waypoint we stay ahead of the curve. Our partners rely on our unparalleled strategic insights, channel-specific expertise and resources, and innovative culinary support to deliver that competitive advantage. But helping our partners gain the advantage is not enough for us – we make it our business to maximize it through our pioneering technology and big data mining capabilities. We help position our partners to consistently beat their competition and to grow their business.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://asmwaypoint.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Waypoint","keywords":"","description":"Waypoint is the premier national sales and marketing agency for Foodservice and Non-Foods channels and beyond.\r\nSucceeding in today’s competitive marketplace begins with gaining the advantage, and at Waypoint we stay ahead of the curve. Our partners rely on ou","og:title":"Waypoint","og:description":"Waypoint is the premier national sales and marketing agency for Foodservice and Non-Foods channels and beyond.\r\nSucceeding in today’s competitive marketplace begins with gaining the advantage, and at Waypoint we stay ahead of the curve. Our partners rely on ou","og:image":"https://old.roi4cio.com/uploads/roi/company/Waypoint.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":538,"logo":false,"scheme":false,"title":"McAfee Complete Endpoint Threat Protection","vendorVerified":1,"rating":"2.00","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-complete-endpoint-threat-protection","companyTypes":[],"description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.</p>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.</p>","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Endpoint Threat Protection","keywords":"McAfee, Complete, defenses, your, Threat, Endpoint, Protection, zero-day","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:title":"McAfee Complete Endpoint Threat Protection","og:description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that "},"eventUrl":"","translationId":595,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":356,"title":"High costs of routine operations"},{"id":384,"title":"Risk of attacks by hackers"},{"id":397,"title":"Insufficient risk management"},{"id":400,"title":"High costs"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-waypoint.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":32,"title":"McAfee Enterprise Security Manager for Brewing Company","description":"Description is not ready yet","alias":"mcafee-enterprise-security-manager-for-brewing-company","roi":0,"seo":{"title":"McAfee Enterprise Security Manager for Brewing Company","keywords":"","description":"Description is not ready yet","og:title":"McAfee Enterprise Security Manager for Brewing Company","og:description":"Description is not ready yet"},"deal_info":"","user":{},"supplier":{},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":79,"logo":false,"scheme":false,"title":"McAfee Enterprise Security Manager (SIEM)","vendorVerified":1,"rating":"2.80","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-enterprise-security-manager","companyTypes":[],"description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Advanced threat intelligence</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Get actionable information on all collected events with contextual information, such as vendor threat feeds and shared indicators of compromise (IOC), to deliver prioritized, actionable information in minutes.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Critical facts in minutes, not hours</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for indications of advanced persistent threats (APTs) or IOC, and remediate a failed compliance audit.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Optimize security management and operations</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Centralize the view of your organization’s security posture, compliance status, and prioritized security issues that require investigation. Access hundreds of reports, views, rules, alerts, and dashboards.</p>","shortDescription":"McAfee Enterprise Security Manager delivers real-time visibility into all activity on systems, networks, databases, and applications","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Enterprise Security Manager (SIEM)","keywords":"compliance, information, security, McAfee, data, actionable, Security, Enterprise","description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px","og:title":"McAfee Enterprise Security Manager (SIEM)","og:description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px"},"eventUrl":"","translationId":84,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":180,"title":"Russia","name":"RUS"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":7,"title":"Improve Customer Service"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":178,"title":"No control over data access"},{"id":281,"title":"No IT security guidelines"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"http://www.andek.ru/ehkspertiza/istorii-uspexa/detail.php?ID=490","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":69,"title":"McAfee ePolicy Orchestrator (McAfee ePO) for bank","description":"Description is not ready yet","alias":"mcafee-epolicy-orchestrator-mcafee-epo-for-bank","roi":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO) for bank","keywords":"","description":"Description is not ready yet","og:title":"McAfee ePolicy Orchestrator (McAfee ePO) for bank","og:description":"Description is not ready yet"},"deal_info":"","user":{"id":342,"title":"Alfa-Bank Ukraine","logoURL":"https://old.roi4cio.com/uploads/roi/company/alfabank.png","alias":"alfa-bank-ukraina","address":"","roles":[],"description":"Alfa-Bank Ukraine is a major Ukrainian commercial bank with international capital. The bank is owned by a private investment holding company ABH Holdings SA (ABHH) with investments in financial institutions in Ukraine, Belarus, Kazakhstan, the Netherlands and Russia, having representative offices in Cyprus and the United Kingdom. The bank was founded in 1992. Since 2001, it has been operating under the brand Alfa-Bank Ukraine. The bank is one of the most sustainable and reliable banks in Ukraine holding leading positions in all segments of the banking market. The bank is among the top 10 financial institutions in the country in terms of assets according to the data of the National Bank of Ukraine.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":5,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://alfabank.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Alfa-Bank Ukraine","keywords":"Alfa-Bank, with, holding, Ukraine, company, Holdings, headquarters, compa","description":"Alfa-Bank Ukraine is a major Ukrainian commercial bank with international capital. The bank is owned by a private investment holding company ABH Holdings SA (ABHH) with investments in financial institutions in Ukraine, Belarus, Kazakhstan, the Netherlands and ","og:title":"Alfa-Bank Ukraine","og:description":"Alfa-Bank Ukraine is a major Ukrainian commercial bank with international capital. The bank is owned by a private investment holding company ABH Holdings SA (ABHH) with investments in financial institutions in Ukraine, Belarus, Kazakhstan, the Netherlands and ","og:image":"https://old.roi4cio.com/uploads/roi/company/alfabank.png"},"eventUrl":""},"supplier":{"id":186,"title":"ISSP","logoURL":"https://old.roi4cio.com/uploads/roi/company/issp_logo_01.png","alias":"issp","address":"","roles":[],"description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expertise of its own team of certified engineers and project managers.\r\nISSP is a preferred integration partner with high-level statuses of the world`s top vendors of information security technologies to provide its customers with best in class solutions, integration, maintenance and information security consulting services.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":200,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":8,"vendorImplementationsCount":0,"vendorPartnersCount":24,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.issp.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"ISSP","keywords":"information, best, ISSP, solutions, with, world, integration, class","description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expert","og:title":"ISSP","og:description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expert","og:image":"https://old.roi4cio.com/uploads/roi/company/issp_logo_01.png"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":217,"title":"Ukraine","name":"UKR"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.issp.ua/resource_descr.php?l=ru&id=204","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":76,"title":"McAfee ePolicy Orchestrator (McAfee ePO) for iBox Bank","description":"Description is not ready yet","alias":"mcafee-epolicy-orchestrator-mcafee-epo-for-ibox-bank","roi":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO) for iBox Bank","keywords":"","description":"Description is not ready yet","og:title":"McAfee ePolicy Orchestrator (McAfee ePO) for iBox Bank","og:description":"Description is not ready yet"},"deal_info":"","user":{"id":2900,"title":"Ibox Bank (User)","logoURL":"https://old.roi4cio.com/uploads/roi/company/Aiboks_Bank.png","alias":"aiboks-bank","address":"","roles":[],"description":"Ibox Bank operates in the Ukrainian market for over 20 years. During this time it has repeatedly been recognized as one of the most stable banks in Ukraine according to many experts, rating agencies in the banking industry.\r\n\r\nIn particular, in 2013 Ibox Bank was recognized the "Most reliable and stable bank of the year" at the First International Competition "Trusted Bank". In addition, the "Bankir" Magazine recognized the Ibox Bank as the "Most customer-oriented bank" in 2013.\r\n\r\nFor 20 years we have been entrusted the savings from more than 1,000 domestic investors. Also, the Ibox Bank became the bank of choice among 4000 thousands of successful companies, including 100 foreign ones.\r\n\r\nIbox Bank is a traditional universal bank that provides all kinds of services to individuals and legal entities of any type of ownership, with an emphasis on comfort and prompt service.\r\n\r\nIbox Bank obtains income through prudent investment in stable Ukrainian companies with an impeccable reputation and high profitability level, including the agricultural sector of Ukraine.\r\n\r\nOver the past 10 years Ibox Bank assets increased by 800%, confirming the right choice of Bank's strategy and demonstrating its continued successful development.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.iboxbank.online/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Ibox Bank (User)","keywords":"Bank, Ibox, bank, recognized, stable, years, Ukraine, companies","description":"Ibox Bank operates in the Ukrainian market for over 20 years. During this time it has repeatedly been recognized as one of the most stable banks in Ukraine according to many experts, rating agencies in the banking industry.\r\n\r\nIn particular, in 2013 Ibox Bank ","og:title":"Ibox Bank (User)","og:description":"Ibox Bank operates in the Ukrainian market for over 20 years. During this time it has repeatedly been recognized as one of the most stable banks in Ukraine according to many experts, rating agencies in the banking industry.\r\n\r\nIn particular, in 2013 Ibox Bank ","og:image":"https://old.roi4cio.com/uploads/roi/company/Aiboks_Bank.png"},"eventUrl":""},"supplier":{"id":186,"title":"ISSP","logoURL":"https://old.roi4cio.com/uploads/roi/company/issp_logo_01.png","alias":"issp","address":"","roles":[],"description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expertise of its own team of certified engineers and project managers.\r\nISSP is a preferred integration partner with high-level statuses of the world`s top vendors of information security technologies to provide its customers with best in class solutions, integration, maintenance and information security consulting services.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":200,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":8,"vendorImplementationsCount":0,"vendorPartnersCount":24,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.issp.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"ISSP","keywords":"information, best, ISSP, solutions, with, world, integration, class","description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expert","og:title":"ISSP","og:description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expert","og:image":"https://old.roi4cio.com/uploads/roi/company/issp_logo_01.png"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":217,"title":"Ukraine","name":"UKR"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":178,"title":"No control over data access"},{"id":281,"title":"No IT security guidelines"},{"id":282,"title":"Unauthorized access to corporate IT systems and data"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"http://www.issp.ua/resource_descr.php?l=ru&id=94","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":795,"title":"McAfee solutions for a refiner and distributor of petroleum products","description":"<span style=\"color: rgb(97, 97, 97); \">HollyFrontier is a Fortune 500 independent refiner and distributor of petroleum products. The company operates six refineries—five in the middle of the US and one in Ontario, Canada. The company employs 3,500 people across 43 sites in the US, 16 in Canada, and a handful of locations in China and the United Kingdom.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Search for Better Endpoint Protection Leads to Revamped Security Architecture</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As part of an endpoint security review, HollyFrontier invited six leading vendors to make presentations in competition for the business. McAfee stood out from the other vendors with its integrated security strategy and attainable vision of a threat defense lifecycle that learns and adapts to meet changing requirements.</span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-style: italic;\">“We agreed wholeheartedly with the McAfee® approach,” </span>says Cybersecurity Engineer Phillip Fort, the main person responsible for HollyFrontier’s day-to-day security posture. <span style=\"font-style: italic;\">“With the integrated McAfee ecosystem, our limited security team can automate a lot of security tasks. We can essentially do a lot more to protect our company a lot faster, without adding staff.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">In addition to McAfee endpoint protection and its bundled McAfee ePolicy Orchestrator (McAfee ePO) central console, in just a few weeks, HollyFrontier deployed:<br />■ McAfee Network Security Platform intrusion prevention system (IPS) appliances.<br />■ McAfee Data Exchange Layer, the open-source fabric that connects security components to automate integration and real-time data exchange.<br />■ McAfee Threat Intelligence Exchange, which aggregates threat intelligence from local and global sources and shares file reputation information across McAfee Data Exchange Layer-connected systems.<br />■ McAfee Enterprise Security Manager and other components of the McAfee SIEM solution set.<br />■ McAfee Advanced Threat Defense sandboxing appliance.</span>\r\n<span style=\"color: rgb(97, 97, 97); \">Within a year, the company also began deploying McAfee Endpoint Threat Defense and Response and McAfee Web Gateway.</span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Infection Rate and Ransomware Reduced Dramatically</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">HollyFrontier initially deployed the McAfee Complete Endpoint Threat Protection suite. However, because of “all the ransomware going around,” HollyFrontier was anxious to install McAfee Endpoint Security and its Dynamic Application Containment (DAC) functionality. When DAC encounters a file that does not have a trusted reputation or is unknown, it immediately quarantines the file before it can infect “patient zero.” Consequently, as soon as McAfee Endpoint Security became available, the company migrated the McAfee VirusScan® Enterprise portion of its endpoint protection suite to the McAfee Endpoint Security Threat Prevention module, first rolling out version 10.1, then upgrading to version 10.2, and upgrading again to version 10.5.<br />Although DAC initially blocked a few legacy applications that are still used, Fort was able to quickly create exclusions for those applications.<span style=\"font-style: italic;\"> “The McAfee Endpoint Security graphical user interface is very easy to use,”</span> he notes.<span style=\"font-style: italic;\">“Once I created the first couple exclusions, the rest were easy.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">It didn’t take long for the biggest impact of the new endpoint protection framework to became evident. <span style=\"font-style: italic;\">“After implementing McAfee Endpoint Security and DAC, our malware infection rate plummeted,”</span> states Fort. <span style=\"font-style: italic;\">“We used to have ransomware attacks each month, but we have had none since migrating to McAfee Endpoint Security and integrating it with McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense … Truthfully, I don’t have to deal with McAfee Endpoint Security very much—and that’s a good thing.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Results of Sandbox Analysis Automatically Shared Throughout Enterprise</span><br />As Fort contemplated the benefits of an integrated security platform prior to its implementation, the integration he was most excited about was that of the endpoint and other security components with the McAfee Advanced Threat Defense.<br /><span style=\"font-style: italic;\">“McAfee Advanced Threat Defense does as much or more than other sandboxes, but its integration with other McAfee solutions is what makes it so incredibly powerful,”</span> says Fort. <span style=\"font-style: italic;\">“It immediately detects and contains a potentially malicious file on the endpoint, IPS, or gateway.<br />First it sends the file automatically to McAfee Advanced Threat Defense for analysis, and, if found malicious, the file is then automatically removed across the entire enterprise. That is truly transformative for our small security team,” states Fort. “It augments our own abilities and saves us a lot of time.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">Every day a security analyst checks McAfee Advanced Threat Defense to review the list of files that the appliance has convicted as malicious. <span style=\"font-style: italic;\">“Once an administrative assistant clicked on a phishing email,”</span> explains Fort. <span style=\"font-style: italic;\">“The IPS, McAfee Network Security Platform, blocked the suspicious file and sent it to McAfee Advanced Threat Defense, which determined that it was bad. The file appeared in the day’s list of convicted files, and we confirmed that it was indeed blocked and automatically entered in the McAfee Threat Intelligence Exchange reputation database shared throughout the enterprise.”</span><br />Periodically, the HollyFrontier security team runs assessments in which sample malware is put on a machine.<span style=\"font-style: italic;\"> “We then watch to make sure the malware shows up in McAfee Advanced Threat Defense and is removed from the host machine and blacklisted throughout the enterprise,”</span> clarifies Fort. <span style=\"font-style: italic;\">“It works every time—just as it’s supposed to.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Increasing Visibility and Facilitating Reporting with McAfee SIEM</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">The desire for better visibility across the enterprise drove HollyFrontier to replace its aging SIEM with the McAfee SIEM technology. According to Fort, McAfee SIEM technology provides a much more complete security picture and widespread visibility across the network, which helps in countless ways. To cite just one example, a considerable number of users were becoming locked out as they tried to reset their passwords because they had failed to log off other machines. A security analyst simply entered the user ID in the McAfee SIEM system, and immediately could see exactly which machines a user was logged into, whether or not he was locked out, and whether he should have access—and then could reset passwords as necessary.<span style=\"font-style: italic;\"> “In that case and many more, McAfee Enterprise Security Manager technology saves us a lot of investigative time,”</span> says Fort.</span>\r\n<span style=\"color: rgb(97, 97, 97); \">The HollyFrontier security team also uses many out-of- the-box rules and alerts, as well as custom ones within the McAfee SIEM solution.<span style=\"font-style: italic;\"> “Even if we haven’t developed a custom rule, if I have just a little information on a security event, it is easy to drill down and do a search based on single or multiple variables to find as much additional information as I need,”</span> explains Fort.</span>\r\n<span style=\"color: rgb(97, 97, 97); \">The McAfee Enterprise Security Manager solution also makes reporting easier. For example, to produce a quarterly security review to upper management, Fort simply runs out-of-the-box executive reports created by the McAfee SIEM solution and McAfee Advanced Threat Defense from within McAfee ePO software.<br />Rapid Searching Saves Time, Eliminates Vulnerabilities Faster<br />According to Fort, before learning about the McAfee integrated security platform, he had “fallen in love” with an endpoint detection and response (EDR) product from another vendor. <span style=\"font-style: italic;\">“When we looked at McAfee Endpoint Threat Defense and Response, however, we realized it did everything that other solution did,”</span> he recalls. <span style=\"font-style: italic;\">“It gives us all the information we ever wanted to know— really, really fast.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">With the McAfee EDR software, the HollyFrontier security team can eradicate vulnerabilities much faster. If Fort learns of a vulnerability in a specific version of an application—for instance, in Microsoft Office 2013—he can use the McAfee Active Response search functionality to quickly and easily find out exactly how many desktops have that version or create a list of all endpoints with that version. It took less than a minute for one of Fort’s colleagues to find all versions of Adobe Acrobat in the enterprise recently and just a few more minutes to determine which endpoints required updating. After pushing out the update, he clicked to rerun the search to confirm that all the updates were successful.<br /><span style=\"font-style: italic;\">“The rapid searching we can do using McAfee Active Response saves us a tremendous amount of time,” </span>says Fort. <span style=\"font-style: italic;\">“We used to manually maintain inventory spreadsheets of all the various applications and systems. Now we can run real-time reports in seconds, and everyone is confident they are correct.”</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Adding Hybrid Web Protection</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \">At a McAfee user conference, while Fort was singing the praises of McAfee Network Security Platform and McAfee Advanced Threat Defense to other attendees.<br />Many of the participants were raving about McAfee Web Gateway, claiming it was their favorite McAfee product, prompting Fort to investigate. He quickly became convinced that McAfee Web Gateway was worth the investment, even though the company had an adequate web gateway solution. In addition to being able to share threat information in near real time with the other McAfee Data Exchange Layer-connected security solutions, McAfee Web Gateway offers more granular control and the ability to deploy a hybrid environment managed from the same console.<br />As a result, HollyFrontier is in the process of deploying its first McAfee Web Gateway appliance and McAfee Web Gateway Cloud Service. HollyFrontier employees working from home or on the road will be protected by the same corporate web security policies as users at corporate locations. In addition, any malware detected by McAfee Web Gateway is sent immediately to McAfee Advanced Threat Defense, and its information is shared throughout the enterprise.</span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Integration and Increased Protection Ease Security Administration</span></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-style: italic;\">“With the McAfee integrated security infrastructure and McAfee ePO software, I can manage just about everything through one pane of glass,” </span>says Fort. <span style=\"font-style: italic;\">“That alone makes administration so much easier, but so does increased protection. If there is an infection somewhere else in the world, thanks to McAfee Threat Intelligence Exchange, my network knows about it and is protected before the infection even reaches us. If, on the other hand, the malware is detected within our environment, it is immediately sent to McAfee Advanced Threat Defense for analysis, and the rest of the environment is automatically informed. We have reduced operational overhead dramatically while improving our security posture.”</span><br />Fort has not only been impressed with McAfee products and their integration with one another, but also with McAfee personnel. <span style=\"font-style: italic;\">“Any time I need anything, I just call or email my McAfee Security Engineer, and he responds right away,”</span> he notes. <span style=\"font-style: italic;\">“McAfee Platinum Support is also extremely responsive. I can usually get the help I need within a couple of minutes. We learned early on that McAfee is a strategic security partner as well as a dependable one.”</span></span>","alias":"mcafee-solutions-for-a-refiner-and-distributor-of-petroleum-products","roi":0,"seo":{"title":"McAfee solutions for a refiner and distributor of petroleum products","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">HollyFrontier is a Fortune 500 independent refiner and distributor of petroleum products. The company operates six refineries—five in the middle of the US and one in Ontario, Canada. The company employs 3,500 people acros","og:title":"McAfee solutions for a refiner and distributor of petroleum products","og:description":"<span style=\"color: rgb(97, 97, 97); \">HollyFrontier is a Fortune 500 independent refiner and distributor of petroleum products. The company operates six refineries—five in the middle of the US and one in Ontario, Canada. The company employs 3,500 people acros"},"deal_info":"","user":{"id":5436,"title":"HollyFrontier","logoURL":"https://old.roi4cio.com/uploads/roi/company/hfc_logo.png","alias":"hollyfrontier","address":"","roles":[],"description":" HollyFrontier is principally an independent petroleum refiner that produces high-value light products such as gasoline, diesel fuel, jet fuel, specialty lubricant products and specialty and modified asphalt.<br />HollyFrontier owns and operates refineries located in Kansas, Oklahoma, New Mexico, Wyoming and Utah and markets its refined products principally in the Southwest U.S., the Rocky Mountains extending into the Pacific Northwest and in other neighboring Plains states.\r\nIn addition, HollyFrontier produces base oils and other specialized lubricants in the U.S., Canada and the Netherlands, and exports products to more than 80 countries.\r\n<ul><li>Headquartered in Dallas, Texas</li></ul>\r\n<ul><li>Through its subsidiaries, operates five complex refineries</li></ul>\r\n<ul><li>457,000 barrels per day of crude oil processing capacity</li></ul>\r\n<ul><li>34,000 barrels per day of lubricant production capacity</li></ul>\r\n<br /><br /><br /><br /><br />","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.hollyfrontier.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"HollyFrontier","keywords":"","description":" HollyFrontier is principally an independent petroleum refiner that produces high-value light products such as gasoline, diesel fuel, jet fuel, specialty lubricant products and specialty and modified asphalt.<br />HollyFrontier owns and operates refineries loc","og:title":"HollyFrontier","og:description":" HollyFrontier is principally an independent petroleum refiner that produces high-value light products such as gasoline, diesel fuel, jet fuel, specialty lubricant products and specialty and modified asphalt.<br />HollyFrontier owns and operates refineries loc","og:image":"https://old.roi4cio.com/uploads/roi/company/hfc_logo.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":79,"logo":false,"scheme":false,"title":"McAfee Enterprise Security Manager (SIEM)","vendorVerified":1,"rating":"2.80","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-enterprise-security-manager","companyTypes":[],"description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Advanced threat intelligence</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Get actionable information on all collected events with contextual information, such as vendor threat feeds and shared indicators of compromise (IOC), to deliver prioritized, actionable information in minutes.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Critical facts in minutes, not hours</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for indications of advanced persistent threats (APTs) or IOC, and remediate a failed compliance audit.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Optimize security management and operations</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Centralize the view of your organization’s security posture, compliance status, and prioritized security issues that require investigation. Access hundreds of reports, views, rules, alerts, and dashboards.</p>","shortDescription":"McAfee Enterprise Security Manager delivers real-time visibility into all activity on systems, networks, databases, and applications","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Enterprise Security Manager (SIEM)","keywords":"compliance, information, security, McAfee, data, actionable, Security, Enterprise","description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px","og:title":"McAfee Enterprise Security Manager (SIEM)","og:description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px"},"eventUrl":"","translationId":84,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":431,"logo":false,"scheme":false,"title":"McAfee Web Gateway","vendorVerified":1,"rating":"2.70","implementationsCount":4,"suppliersCount":0,"alias":"mcafee-web-gateway","companyTypes":[],"description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can make other security tools more intelligent. None of this should disrupt the productivity of a large workforce.\r\n\r\nGateway technology for the world’s most demanding IT environments\r\n\r\nBest-in-class threat prevention\r\nProtect against highly sophisticated malware and targeted attacks that evade URL filtering and antivirus signatures. This secure web gateway provides industry-leading, proactive detection of zero-day malware with full coverage of web traffic, including SSL.\r\n\r\nThreat information sharing\r\nMcAfee Web Gateway is integrated with the Security Connected platform to enable more effective threat detection, reduce incident response times, and improve operational efficiency. Learn about key integration points, McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange.\r\n\r\nPowerful rules-based policy engine\r\nTake action on any element of the web request-response cycle, allowing limitless flexibility and web security crafted for your organization.","shortDescription":"McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine. McAfee Web Gateway is part of the McAfee Web Protection solution alongside McAfee Web Gateway Cloud Service, available together to provide optimal protection for users everywhere.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Web Gateway","keywords":"McAfee, threat, Threat, Gateway, malware, security, more, information","description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can","og:title":"McAfee Web Gateway","og:description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can"},"eventUrl":"","translationId":432,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":538,"logo":false,"scheme":false,"title":"McAfee Complete Endpoint Threat Protection","vendorVerified":1,"rating":"2.00","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-complete-endpoint-threat-protection","companyTypes":[],"description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.</p>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.</p>","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Endpoint Threat Protection","keywords":"McAfee, Complete, defenses, your, Threat, Endpoint, Protection, zero-day","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:title":"McAfee Complete Endpoint Threat Protection","og:description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that "},"eventUrl":"","translationId":595,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3408,"logo":false,"scheme":false,"title":"McAfee Active Response","vendorVerified":1,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"alias":"mcafee-active-response","companyTypes":[],"description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security posture, improve threat detection, and expand incident response capabilities through forward-looking discovery, detailed analysis, forensic investigation, comprehensive reporting, and prioritized alerts and actions.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response is proof of the effectiveness of the integrated McAfee security architecture, which is designed to resolve more threats faster and with fewer resources in a more complex world. McAfee Active Response gives you continuous visibility and powerful insights into your endpoints so you can identify breaches faster. And it provides you with the tools you need to correct issues faster and in the way that makes the most sense for your business. All of this power is managed via McAfee® ePolicy Orchestrator® (McAfee ePO™) software leveraging McAfee Data Exchange Layer—this provides unified scalability and extensibility without the need for incremental staff to administer the product.<br /><br /><span style=\"font-weight: bold;\">Key Advantages</span><br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Automated: Capture and monitor context and system state for changes that may be IoAs, as well as find dormant attack components, and send intelligence to analytics, operations, and forensic teams.</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Adaptable: When alerted, you can adjust to changes in attack methodologies; automate data collection, alerts, and responses to objects of interest; and customize your configuration to customer workflows.</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Continuous: Persistent collectors activate triggers on detection of attack events, alerting you and your systems to attack activity that you</span></li></ul>\r\n<span style=\"color: rgb(97, 97, 97); \"><br /><br /><br /><br /></span>\r\n<br /><br />","shortDescription":"McAfee Active Response is a leading innovation in finding and responding to advanced threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Active Response","keywords":"","description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security po","og:title":"McAfee Active Response","og:description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security po"},"eventUrl":"","translationId":3409,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3456,"logo":false,"scheme":false,"title":"McAfee Network Security Platform","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"alias":"mcafee-network-security-platform","companyTypes":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emulation techniques, moving beyond mere pattern matching to defend against stealthy attacks with a high degree of accuracy. To meet the needs of demanding networks, the platform can scale to more than 40 Gbps with a single device. The integrated McAfee solution portfolio streamlines security operations by combining real-time McAfee Global Threat Intelligence feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.<br /><br /><span style=\"font-weight: bold;\">Key Advantages</span><br />■ Quickly detects and blocks threats to protect applications and data<br />■ High-performance, scalable solution for dynamic environments<br />■ Centralized management for visibility and control<br />■ Advanced detection, including signature-less malware analysis<br />■ Inbound and outbound SSL decryption to inspect network traffic<br />■ High-availability and disaster recovery protection<br />■ Virtual appliances also available<br />■ Integrates with McAfee solution portfolio for device-to-cloud security<br /></span><br />","shortDescription":"McAfee Network Security Platform is a next-generation intrusion prevention system (IPS) that redefines how organizations block advanced threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Network Security Platform","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emu","og:title":"McAfee Network Security Platform","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emu"},"eventUrl":"","translationId":3457,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":220,"title":"United States","name":"USA"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":8,"title":"Reduce Production Timelines"},{"id":10,"title":"Ensure Compliance"},{"id":254,"title":"Centralize management"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":350,"title":"No monitoring of corporate IT processes"},{"id":383,"title":"Shortage of inhouse IT engineers"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":395,"title":"Decentralization of management"},{"id":396,"title":"Low speed of report generation"},{"id":397,"title":"Insufficient risk management"},{"id":400,"title":"High costs"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"},{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-hollyfrontier.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":797,"title":"McAfee Total Protection for Data Loss Prevention (DLP) for Panama's Bank","description":"Ariel Picans, technology risk manager at Banco Delta, is responsible for overseeing the security posture of 400 endpoints and safeguarding the assets that reside both within the perimeter of the organization and in the cloud, ensuring that sensitive financial information, databases, and documents are secured against known and emerging threats. Once a year, Picans and his team conduct security checks and assessments of the infrastructure, creating vulnerability tests using various methods to make sure that alerts and filters are functioning properly.\r\nOver the years, Picans has been building out Banco Delta’s security infrastructure with solutions that, in his words, “add value and protect the bank’s environment from future attacks.” As a long-time McAfee customer,<br />Banco Delta was looking to upgrade to deepen and broaden protections and further simplify and consolidate security management. Additionally, Picans wanted to make sure that the bank was implementing the security controls required by compliance regulations and could provide detailed reports at audit time.\r\n<span style=\"font-weight: bold;\">McAfee Solutions Expand Security Options at Banco Delta</span>\r\nPicans has always appreciated the advantages of the single-vendor, integrated approach offered by McAfee. Positive reviews from industry analysts like Gartner and Forrester, along with streamlined management, support, and communications prompted him to continue down the same path and explore the latest McAfee innovations, particularly McAfee® Endpoint Security 10.5 and McAfee ePO 5.9.1 software.\r\nSeveral years ago, Picans and his team relied on McAfee® VirusScan® Enterprise for strong antivirus and anti- malware. When he learned about McAfee Endpoint Security, Picans was impressed with the solution’s multilayered protection and made a decision to upgrade as a way of protecting Banco Delta against rapidly evolving threats.\r\nThe solution provides not only antivirus but also encryption and integration with data loss prevention (DLP). McAfee Endpoint Security in collaboration with McAfee ePO software, McAfee® DLP Endpoint, the McAfee Network DLP solution, and McAfee® Network Security Platform enables him to create and enforce strict data access policies for devices both within and outside the four walls of the bank.\r\nThe McAfee® Web Gateway appliance is also part of the ecosystem, using a host of techniques to analyze all web traffic and offering protection against malware and malicious code hidden through encryption.<br />To round out Banco Delta’s security infrastructure, Picans added McAfee® Enterprise Security Manager, a security and events management (SIEM) solution that integrates with all of the bank’s solutions. It uses advanced analytics to give Picans and his team context and to enable them to prioritize threats and assess risks. McAfee Enterprise Security Manager also centralizes and automates compliance monitoring and reporting, with pre-built dashboards, audit trails, and reports for more than 240 global regulations.\r\n<span style=\"font-style: italic;\">“We migrated to McAfee Endpoint Security because it has opened up a wide gamut of options, all managed by a single console and a single agent. We’ve taken maximum advantage of this tool and have experienced very positive results. For all these reasons, we trust and count on McAfee security technology,”</span> says Picans.\r\n<span style=\"font-weight: bold;\">A Collaborative Ecosystem with McAfee ePO at the Helm</span>\r\nSince the upgrades, Picans has observed a noticeable reduction in both infections and in potentially compromising user behavior. The integration of McAfee® Threat Intelligence Exchange extends another layer of protection and speeds detection and response across the bank’s entire environment. McAfee Threat Intelligence Exchange shares threat intelligence from third-party sources and locally collected intelligence with other McAfee and third-party security solutions via the Data Exchange Layer (DXL) communications fabric. As Picans points out, all of the McAfee solutions in the bank’s integrated ecosystem can act immediately on this intelligence and swiftly block or quarantine threats.\r\nBanco Delta made a decision to add McAfee Threat Intelligence to its arsenal when Picans and his team detected an increase in usage of unauthorized applications. <span style=\"font-style: italic;\">“Because of this, we needed a tool that provides information on whitelisted and a blacklisted applications. McAfee Threat Intelligence is the perfect solution because it provides us with visibility across the whole organization,”</span> he says.\r\nNow Picans can customize data for his organization— including blacklists and whitelists of applications.<br />Reports generated by the McAfee ePO console provide an overview of executed applications—both authorized and unauthorized. This allows him to see whether somebody has been engaged in malicious or unauthorized activities. Picans and his team simply configure McAfee Threat Intelligence, let it run, and check reports on a daily basis.\r\n<span style=\"font-weight: bold;\">McAfee Solutions Keep Advanced Threats in Check and Prevent Disruption</span>\r\nAs the management hub for Banco Delta’s McAfee solutions, McAfee ePO software is integral to security operations. Picans relies on McAfee ePO software to ensure that every endpoint has antivirus and encryption, updated .DATs, and more.\r\nPicans and his team can also pull reports from the McAfee ePO dashboard with details like analysis and classification of malware by type, blocked malware, and devices that are most vulnerable to attack. Picans consolidates this information and provides the bank’s executive committee with a comprehensive view of<br />Banco Delta’s risk profile every month. He also finds this data useful for trend analysis.\r\n<span style=\"font-style: italic;\">“The main benefit of this collaborative approach has been the reduction of the advanced malware and ransomware attacks that have been in circulation recently. Thanks to McAfee ePO software and our other McAfee solutions, we’ve been able to carry on without disruption, while other organizations have suffered from data breaches, putting their day-to-day operations at risk,”</span> explains Picans.\r\nTo protect against today’s continually morphing threats, Picans deployed McAfee® Advanced Threat Defense.<br />McAfee Advanced Threat Defense combines multiple powerful technologies—in-depth static code analysis, dynamic analysis through sandboxing, and machine learning—to help the bank accelerate detection of zero-day malware, evasive threats, and ransomware. In the first month of deployment at Banco Delta, McAfee Advanced Threat Defense proved its value by intercepting Locky, a prolific and persistent strain of ransomware that continues to reappear with new variants.\r\nPicans also uses McAfee Advanced Threat Defense to support security investigations. He points out that it has detected several malicious archives that were missed by solutions from other vendors. Picans submits these malware samples to McAfee Advanced Threat Defense to derive insights on indicators of compromise, which help him gain a better understanding of highly camouflaged threats.\r\nSince deploying these McAfee solutions, Picans has seen a significant reduction in attacks and data loss. Additionally, the integrated and connected McAfee ecosystem, with its single-console management through McAfee ePO software, has resulted in notable operational efficiencies as compared to a multivendor environment. \r\n“When you have a collection of unintegrated products with multiple management consoles, you need more people, and they need additional, highly specific training. McAfee has reduced the need for hiring additional personnel,” he affirms. “Plus, with its modular, centrally managed system, McAfee opens up a world of possibilities.”\r\n<span style=\"font-weight: bold;\">Stepping Up Security Across On-Premises, Virtualized, and Cloud Environments</span>\r\nMcAfee® Cloud Workload Security (CWS) will help increase Banco Delta’s visibility to elastic workloads in the public cloud and AWS (Amazon Web Service)/ VMware environments and will provide an integrated defense against advanced attacks. CWS with AWS is an example of how we can forge forward fearlessly in the cloud. McAfee® MOVE AntiVirus currently offers optimized security for virtualized desktops and servers.\r\n<span style=\"font-style: italic;\">“I know that, with McAfee, I can count on having the same level of security in the cloud and in virtualized environments as we have on premises,” </span>he notes.\r\nThe bank currently has plans in the works to provide cloud-based services and applications for both external clients and internal stakeholders. When Banco Delta fully launches these cloud services, Picans and his team will be responsible for making sure all communications and data are encrypted and secure. For example, it will be really important to reassure the sales department that their information won’t be exposed and will be monitored regularly and that the bank’s databases won’t be compromised.\r\n<span style=\"font-style: italic;\">“McAfee protects everything that’s online—not just within the network perimeter. The company’s advancements in cloud security and other innovations speak for themselves. It shows that McAfee is truly concerned about protecting its customers and that it strives to stay current with new technology trends and the evolving threat landscape,”</span> summarizes Picans.<br /><br />","alias":"mcafee-total-protection-for-data-loss-prevention-dlp-for-panamas-bank","roi":0,"seo":{"title":"McAfee Total Protection for Data Loss Prevention (DLP) for Panama's Bank","keywords":"","description":"Ariel Picans, technology risk manager at Banco Delta, is responsible for overseeing the security posture of 400 endpoints and safeguarding the assets that reside both within the perimeter of the organization and in the cloud, ensuring that sensitive financial ","og:title":"McAfee Total Protection for Data Loss Prevention (DLP) for Panama's Bank","og:description":"Ariel Picans, technology risk manager at Banco Delta, is responsible for overseeing the security posture of 400 endpoints and safeguarding the assets that reside both within the perimeter of the organization and in the cloud, ensuring that sensitive financial "},"deal_info":"","user":{"id":5444,"title":"Banco Delta","logoURL":"https://old.roi4cio.com/uploads/roi/company/banco-delta.png","alias":"banco-delta","address":"","roles":[],"description":" Founded in 2006, Banco<br />Delta, S.A. is a microfinance bank located in Panama City,<br />The Republic of Panama, that provides a range of credit, insurance, and savings products to small businesses. ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.bandelta.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Banco Delta","keywords":"","description":" Founded in 2006, Banco<br />Delta, S.A. is a microfinance bank located in Panama City,<br />The Republic of Panama, that provides a range of credit, insurance, and savings products to small businesses. ","og:title":"Banco Delta","og:description":" Founded in 2006, Banco<br />Delta, S.A. is a microfinance bank located in Panama City,<br />The Republic of Panama, that provides a range of credit, insurance, and savings products to small businesses. ","og:image":"https://old.roi4cio.com/uploads/roi/company/banco-delta.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":79,"logo":false,"scheme":false,"title":"McAfee Enterprise Security Manager (SIEM)","vendorVerified":1,"rating":"2.80","implementationsCount":3,"suppliersCount":0,"alias":"mcafee-enterprise-security-manager","companyTypes":[],"description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Advanced threat intelligence</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Get actionable information on all collected events with contextual information, such as vendor threat feeds and shared indicators of compromise (IOC), to deliver prioritized, actionable information in minutes.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Critical facts in minutes, not hours</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for indications of advanced persistent threats (APTs) or IOC, and remediate a failed compliance audit.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Optimize security management and operations</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Centralize the view of your organization’s security posture, compliance status, and prioritized security issues that require investigation. Access hundreds of reports, views, rules, alerts, and dashboards.</p>","shortDescription":"McAfee Enterprise Security Manager delivers real-time visibility into all activity on systems, networks, databases, and applications","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Enterprise Security Manager (SIEM)","keywords":"compliance, information, security, McAfee, data, actionable, Security, Enterprise","description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px","og:title":"McAfee Enterprise Security Manager (SIEM)","og:description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px"},"eventUrl":"","translationId":84,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3161,"logo":false,"scheme":false,"title":"McAfee Total Protection for Data Loss Prevention (DLP)","vendorVerified":1,"rating":"2.00","implementationsCount":1,"suppliersCount":0,"alias":"mcafee-total-protection-dlja-data-loss-prevention-dlp","companyTypes":[],"description":"McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives—on premises, in the cloud, or at the endpoints.\r\n<span style=\"font-weight: bold;\">Gain visibility</span>\r\nOur capture technology allows you to see how your data is being used and how it is leaking out.\r\n<span style=\"font-weight: bold;\">Quickly identify data</span>\r\nStronger data classification identifies and classifies data that is important to your specific organization.\r\n<span style=\"font-weight: bold;\">Ensure you remain compliant</span>\r\nPrioritize the remediation of critical compliance information and highly sensitive data over less critical data.\r\n<span style=\"font-weight: bold;\">Simplify deployment and management</span>\r\nMcAfee Total Protection for DLP is available through physical or virtual low-maintenance appliances, and uses McAfee ePolicy Orchestrator for streamlined deployment, management, updates, and reports.\r\n<span style=\"font-weight: bold;\">Easily synchronize on-prem and Cloud DLP policies</span>\r\nBy leveraging McAfee ePO, existing McAfee DLP customers can easily extend current enterprise DLP policies to the cloud. Connecting the two components can be as easy as one click and can be as fast as under a minute.\r\n<span style=\"font-weight: bold;\">Universal device-to-cloud data protection</span>\r\nAll McAfee DLP components leverage a common policy engine across endpoints, networks, and the cloud. There’s no need to recreate policies to protect the same piece of data in different environments, or to make the same change in more than one console.\r\n<span style=\"font-weight: bold;\">Centralized incident management and reporting</span>\r\nMcAfee offers users a single pane of glass experience when it comes to managing all DLP violations and reporting via McAfee ePO. There is no need to switch consoles to view incidents and generate reports regardless if the DLP violations are coming from corporate devices or cloud applications.","shortDescription":"McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Total Protection for Data Loss Prevention (DLP)","keywords":"","description":"McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives—on premises, in the cloud, or at the endpoints.\r\n<span style=\"font-weight: bold;\">Gain visibility</spa","og:title":"McAfee Total Protection for Data Loss Prevention (DLP)","og:description":"McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives—on premises, in the cloud, or at the endpoints.\r\n<span style=\"font-weight: bold;\">Gain visibility</spa"},"eventUrl":"","translationId":3162,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":544,"title":"DLP - Appliance","alias":"dlp-appliance","description":"DLP (Data Loss Prevention) is a technology for preventing leakage of confidential information from an information system to the outside, as well as technical software and hardware devices for such prevention of leakage. According to most definitions, information leakage is the unauthorized distribution of restricted access data that is not controlled by the owner of this data. This implies that the person who committed the leak has the rights to access information.\r\nThe most effective way to ensure data security on corporate computers today is to use specialized data leakage prevention tools (Data Leak Prevention or DLP). DLP solutions are designed to eliminate the “human factor” and prevent misconduct by preventing (and fixing) data leaks from a computer for as many scripts as possible.\r\nEmail and webmail services, instant messaging services, social networks and forums, cloud file storages, FTP servers - all these benefits of the Internet can at any moment be a channel for leaking corporate information, disclosure of which may be undesirable or even dangerous for business.\r\nYou shouldn’t disregard traditional local channels - data storage devices (flash drives, disks, memory cards), printers and data transfer interfaces and synchronization with smartphones.\r\nAn effective DLP solution should control the widest possible range of network communications channels, local devices, and interfaces. At the same time, the effectiveness of a DLP solution is determined by the flexibility of the settings and the ability to ensure a successful combination of business interests and security.\r\nToday, DLP products are a rapidly growing information security industry, and new products are released very often. Installing a DLP system will allow you to distinguish confidential information from the usual, which in turn will reduce the cost of the entire complex for the protection of information and resources in general. No unimportant moment when choosing a DLP-system is its price, but Data Leak Prevention has a modularity that allows you to protect the channels you need and not pay extra for protecting unnecessary ones.","materialsDescription":"<span style=\"font-weight: bold;\">What Is Data Loss Prevention (DLP)?</span>\r\nData loss prevention, or DLP, is a set of technologies, products, and techniques that are designed to stop sensitive information from leaving an organization.\r\nData can end up in the wrong hands whether it’s sent through email or instant messaging, website forms, file transfers, or other means. DLP strategies must include solutions that monitor for, detect, and block the unauthorized flow of information.\r\n<span style=\"font-weight: bold;\">How does DLP work?</span>\r\nDLP technologies use rules to look for sensitive information that may be included in electronic communications or to detect abnormal data transfers. The goal is to stop information such as intellectual property, financial data, and employee or customer details from being sent, either accidentally or intentionally, outside the corporate network.\r\n<span style=\"font-weight: bold;\">Why do organizations need DLP solutions?</span>\r\nThe proliferation of business communications has given many more people access to corporate data. Some of these users can be negligent or malicious. The result: a multitude of insider threats that can expose confidential data with a single click. Many government and industry regulations have made DLP a requirement.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DLP_Appliance.png"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3410,"logo":false,"scheme":false,"title":"McAfee Cloud Workload Security","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"alias":"mcafee-cloud-workload-security","companyTypes":[],"description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it possible for a single, automated policy to effectively secure your workloads as they transition through your virtual private, public, and multicloud environments, enabling operational excellence for your cybersecurity teams.\r\n<span style=\"font-weight: bold; \">Automate discovery and deployment</span>\r\nContinuous workload discovery gives you a centralized perspective of all instances across your Amazon Web Services (AWS), Microsoft Azure, and VMware accounts, while automation templates ensure your workloads are protected from the start.\r\n<span style=\"font-weight: bold; \">Visualize and control network threats</span>\r\nTraditional perimeter-based security doesn’t work across hybrid workloads due to their amorphous and decentralized nature. Cloud-native network visualization, prioritized risk alerting, and micro-segmentation deliver awareness and control to prevent both lateral attacks in the data center and external threats\r\n<span style=\"font-weight: bold; \">Defend workloads against advanced attacks</span>\r\nIntegrated countermeasures spanning machine learning, application containment, virtual machine-optimized anti-malware, whitelisting, file integrity monitoring, and micro-segmentation, protect workloads from threats like ransomware and targeted attacks.\r\n<span style=\"font-weight: bold; \">Simplify cloud security management</span>\r\nA single-pane console consolidates security policy and management across physical endpoints, servers, virtual servers and desktops, and hybrid and multi-cloud environments. Isolation allows you to use micro-segmentation to quarantine workloads and containers with a single click.\r\n\r\n<span style=\"font-weight: bold; \">SECURITY BUILD FOR THE CLOUD</span>\r\n<span style=\"text-decoration: underline; \">Cloud and DevOps integration</span>\r\nMcAfee Cloud Workload Security works directly with AWS, Microsoft Azure, and VMware environments to provide continuous visibility, while delivering deployment automation through common DevOps tool support (Chef, Puppet, and shell scripts).\r\n<span style=\"text-decoration: underline; \">Optimized for virtual workloads</span>\r\nLeverage advanced host-based workload defense optimized specifically for virtual instances to avoid resource storms that can strain underlying infrastructure.<br /><br /><span style=\"text-decoration: underline; \">Cloud-native network control</span>\r\nWith increased awareness and control of your cloud workloads you can prevent both lateral attacks in the data center and external threats.<br /><br /><span style=\"text-decoration: underline; \">Cloud provider direct integration</span>\r\nAdditional capabilities are enabled through direct integration with cloud providers such as AWS. For example, AWS GuardDuty alerts integrate directly into McAfee ePO, displaying network connections, port probes, and DNS requests for EC2 instances.\r\n\r\nMcAfee Cloud Workload Security:\r\n<ul><li>McAfee Cloud Workload Security Basic</li></ul>\r\n<ul><li>McAfee Cloud Workload Security Essentials</li></ul>\r\n<ul><li>McAfee Cloud Workload Security Advanced</li></ul>","shortDescription":"McAfee Cloud Workload Security secures your hybrid infrastructure workloads","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Cloud Workload Security","keywords":"","description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it ","og:title":"McAfee Cloud Workload Security","og:description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it "},"eventUrl":"","translationId":3411,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3456,"logo":false,"scheme":false,"title":"McAfee Network Security Platform","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"alias":"mcafee-network-security-platform","companyTypes":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emulation techniques, moving beyond mere pattern matching to defend against stealthy attacks with a high degree of accuracy. To meet the needs of demanding networks, the platform can scale to more than 40 Gbps with a single device. The integrated McAfee solution portfolio streamlines security operations by combining real-time McAfee Global Threat Intelligence feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.<br /><br /><span style=\"font-weight: bold;\">Key Advantages</span><br />■ Quickly detects and blocks threats to protect applications and data<br />■ High-performance, scalable solution for dynamic environments<br />■ Centralized management for visibility and control<br />■ Advanced detection, including signature-less malware analysis<br />■ Inbound and outbound SSL decryption to inspect network traffic<br />■ High-availability and disaster recovery protection<br />■ Virtual appliances also available<br />■ Integrates with McAfee solution portfolio for device-to-cloud security<br /></span><br />","shortDescription":"McAfee Network Security Platform is a next-generation intrusion prevention system (IPS) that redefines how organizations block advanced threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Network Security Platform","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emu","og:title":"McAfee Network Security Platform","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emu"},"eventUrl":"","translationId":3457,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":164,"title":"Panama","name":"PAN"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":10,"title":"Ensure Compliance"},{"id":254,"title":"Centralize management"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":387,"title":"Non-compliant with IT security requirements"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"},{"id":544,"title":"DLP - Appliance","alias":"dlp-appliance","description":"DLP (Data Loss Prevention) is a technology for preventing leakage of confidential information from an information system to the outside, as well as technical software and hardware devices for such prevention of leakage. According to most definitions, information leakage is the unauthorized distribution of restricted access data that is not controlled by the owner of this data. This implies that the person who committed the leak has the rights to access information.\r\nThe most effective way to ensure data security on corporate computers today is to use specialized data leakage prevention tools (Data Leak Prevention or DLP). DLP solutions are designed to eliminate the “human factor” and prevent misconduct by preventing (and fixing) data leaks from a computer for as many scripts as possible.\r\nEmail and webmail services, instant messaging services, social networks and forums, cloud file storages, FTP servers - all these benefits of the Internet can at any moment be a channel for leaking corporate information, disclosure of which may be undesirable or even dangerous for business.\r\nYou shouldn’t disregard traditional local channels - data storage devices (flash drives, disks, memory cards), printers and data transfer interfaces and synchronization with smartphones.\r\nAn effective DLP solution should control the widest possible range of network communications channels, local devices, and interfaces. At the same time, the effectiveness of a DLP solution is determined by the flexibility of the settings and the ability to ensure a successful combination of business interests and security.\r\nToday, DLP products are a rapidly growing information security industry, and new products are released very often. Installing a DLP system will allow you to distinguish confidential information from the usual, which in turn will reduce the cost of the entire complex for the protection of information and resources in general. No unimportant moment when choosing a DLP-system is its price, but Data Leak Prevention has a modularity that allows you to protect the channels you need and not pay extra for protecting unnecessary ones.","materialsDescription":"<span style=\"font-weight: bold;\">What Is Data Loss Prevention (DLP)?</span>\r\nData loss prevention, or DLP, is a set of technologies, products, and techniques that are designed to stop sensitive information from leaving an organization.\r\nData can end up in the wrong hands whether it’s sent through email or instant messaging, website forms, file transfers, or other means. DLP strategies must include solutions that monitor for, detect, and block the unauthorized flow of information.\r\n<span style=\"font-weight: bold;\">How does DLP work?</span>\r\nDLP technologies use rules to look for sensitive information that may be included in electronic communications or to detect abnormal data transfers. The goal is to stop information such as intellectual property, financial data, and employee or customer details from being sent, either accidentally or intentionally, outside the corporate network.\r\n<span style=\"font-weight: bold;\">Why do organizations need DLP solutions?</span>\r\nThe proliferation of business communications has given many more people access to corporate data. Some of these users can be negligent or malicious. The result: a multitude of insider threats that can expose confidential data with a single click. Many government and industry regulations have made DLP a requirement.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DLP_Appliance.png"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"},{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"},{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-banco-delta.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":71,"title":"McAfee Web Gateway for bank","description":"After Microsoft stopped developing its Forefront TMG product, many users of this solution had to start the replacement search process. Among such clients was ProCredit Bank. The bank was faced with the task of integrating a new proxy server. And in the summer of 2013, ProCredit Bank specialists carried out comparative testing of the leading solutions of this market with partial involvement of ISSP, a specialized expert integrator of information security systems. The test resulted in a choice in favor of McAfee Web Gateway.\r\n ISSP was also involved in providing implementation services and customizing McAfee Content Security Suite (McAfee Web Gateway module), which performed well during testing, demonstrating high competencies and extensive experience with McAfee products. \r\n Implementing an Internet access protection gateway consisted of the migration of the existing proxy server settings from Microsoft ISA to McAfee Web Gateway and the configuration of new features. \r\n ISSP, in conjunction with specialists from the Bank’s Information Technology Department, established and configured basic filters — authentication, access to important resources of the Bank, filtering data types, and checked the correctness of the changes made. \r\n Additionally, the reporting server was configured and the proxy server was integrated with the configuration backup system. The specialists of both companies managed to integrate McAfee Web Gateway in such a way as to minimize changes in the existing infrastructure of the Ban","alias":"mcafee-web-gateway-for-bank","roi":0,"seo":{"title":"McAfee Web Gateway for bank","keywords":"","description":"After Microsoft stopped developing its Forefront TMG product, many users of this solution had to start the replacement search process. Among such clients was ProCredit Bank. The bank was faced with the task of integrating a new proxy server. And in the summer ","og:title":"McAfee Web Gateway for bank","og:description":"After Microsoft stopped developing its Forefront TMG product, many users of this solution had to start the replacement search process. Among such clients was ProCredit Bank. The bank was faced with the task of integrating a new proxy server. And in the summer "},"deal_info":"","user":{"id":540,"title":"ProCredit Bank","logoURL":"https://old.roi4cio.com/uploads/roi/company/ProCredit_Bank_logo.png","alias":"prokredit-bank","address":"","roles":[],"description":"ProCredit Bank is a development-oriented commercial bank. We offer excellent customer service to small and medium enterprises and to private individuals who would like to save.\r\nProCredit Bank is part of the international ProCredit group, whose shareholders are large financial institutions and investment companies. The bank is not associated with any commercial or political group.\r\nStrong backing from the bank’s shareholders, its membership of the international ProCredit group and supervision by the German Federal Financial Supervisory Authority (BaFin) are factors which guarantee ProCredit Bank’s stability and reliability.\r\nIn addition, Fitch Ratings has awarded the bank the highest rating available in Ukraine.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.procreditbank.com.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"ProCredit Bank","keywords":"ProCredit, Bank, enterprises, private, medium, individuals, would, save","description":"ProCredit Bank is a development-oriented commercial bank. We offer excellent customer service to small and medium enterprises and to private individuals who would like to save.\r\nProCredit Bank is part of the international ProCredit group, whose shareholders ar","og:title":"ProCredit Bank","og:description":"ProCredit Bank is a development-oriented commercial bank. We offer excellent customer service to small and medium enterprises and to private individuals who would like to save.\r\nProCredit Bank is part of the international ProCredit group, whose shareholders ar","og:image":"https://old.roi4cio.com/uploads/roi/company/ProCredit_Bank_logo.png"},"eventUrl":""},"supplier":{"id":186,"title":"ISSP","logoURL":"https://old.roi4cio.com/uploads/roi/company/issp_logo_01.png","alias":"issp","address":"","roles":[],"description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expertise of its own team of certified engineers and project managers.\r\nISSP is a preferred integration partner with high-level statuses of the world`s top vendors of information security technologies to provide its customers with best in class solutions, integration, maintenance and information security consulting services.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":200,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":8,"vendorImplementationsCount":0,"vendorPartnersCount":24,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.issp.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"ISSP","keywords":"information, best, ISSP, solutions, with, world, integration, class","description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expert","og:title":"ISSP","og:description":"ISSP provides best in class products and services for securing organizational information and information systems based on world’s top hardware and software solutions and guided by world`s best practice, international standards, wide experience and deep expert","og:image":"https://old.roi4cio.com/uploads/roi/company/issp_logo_01.png"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":431,"logo":false,"scheme":false,"title":"McAfee Web Gateway","vendorVerified":1,"rating":"2.70","implementationsCount":4,"suppliersCount":0,"alias":"mcafee-web-gateway","companyTypes":[],"description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can make other security tools more intelligent. None of this should disrupt the productivity of a large workforce.\r\n\r\nGateway technology for the world’s most demanding IT environments\r\n\r\nBest-in-class threat prevention\r\nProtect against highly sophisticated malware and targeted attacks that evade URL filtering and antivirus signatures. This secure web gateway provides industry-leading, proactive detection of zero-day malware with full coverage of web traffic, including SSL.\r\n\r\nThreat information sharing\r\nMcAfee Web Gateway is integrated with the Security Connected platform to enable more effective threat detection, reduce incident response times, and improve operational efficiency. Learn about key integration points, McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange.\r\n\r\nPowerful rules-based policy engine\r\nTake action on any element of the web request-response cycle, allowing limitless flexibility and web security crafted for your organization.","shortDescription":"McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine. McAfee Web Gateway is part of the McAfee Web Protection solution alongside McAfee Web Gateway Cloud Service, available together to provide optimal protection for users everywhere.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Web Gateway","keywords":"McAfee, threat, Threat, Gateway, malware, security, more, information","description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can","og:title":"McAfee Web Gateway","og:description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can"},"eventUrl":"","translationId":432,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":217,"title":"Ukraine","name":"UKR"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":175,"title":"Aging IT infrastructure"}]}},"categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"http://www.issp.ua/resource_descr.php?l=en&id=209","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":1020,"title":"McAfee Web Gateway for large vertically integrated holding","description":"<span style=\"font-style: italic; \">Description is not ready yet</span>","alias":"mcafee-web-gateway-for-large-vertically-integrated-holding","roi":0,"seo":{"title":"McAfee Web Gateway for large vertically integrated holding","keywords":"","description":"<span style=\"font-style: italic; \">Description is not ready yet</span>","og:title":"McAfee Web Gateway for large vertically integrated holding","og:description":"<span style=\"font-style: italic; \">Description is not ready yet</span>"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":2701,"title":"VERNA","logoURL":"https://old.roi4cio.com/uploads/roi/company/VERNA.png","alias":"verna","address":"","roles":[],"description":"VERNA is one of the leading IT Integrators, specializing in design, implementation and support of technical solutions, aimed to improve the efficiency of corporate IT systems, - both on-site and on a remote basis. <br />VERNA has spent more than 15 successful years of dynamic development in the MSP area, having implemented 150 + projects for national-wide companies at Ukrainian market as well as outsourced projects for clients from USA and Western Europe.<br />The main customers are large geographically distributed enterprises: banks, retails, industrial enterprises (BNP Paribas Group, GlobalLogic, Volksbank, Kraft, ArcelorMittal, UniCredit Bank and others).<br />Technical expertise and skills of VERNA team are proven by certificates and partnership statuses with Cisco, Microsoft, HP, IBM, APC, Oracle, VMware, Citrix, Intel, Dell, Siemens, Systemax, etc.<br />VERNA specializes in planning, implementation and support of the following solutions:<br />- Virtualization (VMware,Hyper-V, Citrix, Dockers)<br />- Infrastructure (MS Active Directory, Office 365, Azure, AWS amazon)<br />- VoIP (Cisco, asterisk/FreePBX/Elastix)<br />- Unified Communications (Webex, Big Blue Button, Lync, Exchange, SharePoint)<br />- Networking (Cisco, FortiNet, OpenVPN, CheckPoint)<br />- Server & Storage (SAN, NAS, FAS)<br />- Business applications and databases (Microsoft, Oracle, IBM)<br />- VDI and terminal access solutions (Microsoft, VMware, Citrix)<br />- Storage virtualization (DataCore)<br />- DLP and Information Security (Antivirus systems, websence, Fortinet, DeviceLock e t.c.)<br />Source: https://www.linkedin.com/company/verna","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":205,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":41,"vendorImplementationsCount":0,"vendorPartnersCount":9,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.verna.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"VERNA","keywords":"solutions, infrastructure, providing, distributed, geographically, with, core, services","description":"VERNA is one of the leading IT Integrators, specializing in design, implementation and support of technical solutions, aimed to improve the efficiency of corporate IT systems, - both on-site and on a remote basis. <br />VERNA has spent more than 15 successful ","og:title":"VERNA","og:description":"VERNA is one of the leading IT Integrators, specializing in design, implementation and support of technical solutions, aimed to improve the efficiency of corporate IT systems, - both on-site and on a remote basis. <br />VERNA has spent more than 15 successful ","og:image":"https://old.roi4cio.com/uploads/roi/company/VERNA.png"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":431,"logo":false,"scheme":false,"title":"McAfee Web Gateway","vendorVerified":1,"rating":"2.70","implementationsCount":4,"suppliersCount":0,"alias":"mcafee-web-gateway","companyTypes":[],"description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can make other security tools more intelligent. None of this should disrupt the productivity of a large workforce.\r\n\r\nGateway technology for the world’s most demanding IT environments\r\n\r\nBest-in-class threat prevention\r\nProtect against highly sophisticated malware and targeted attacks that evade URL filtering and antivirus signatures. This secure web gateway provides industry-leading, proactive detection of zero-day malware with full coverage of web traffic, including SSL.\r\n\r\nThreat information sharing\r\nMcAfee Web Gateway is integrated with the Security Connected platform to enable more effective threat detection, reduce incident response times, and improve operational efficiency. Learn about key integration points, McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange.\r\n\r\nPowerful rules-based policy engine\r\nTake action on any element of the web request-response cycle, allowing limitless flexibility and web security crafted for your organization.","shortDescription":"McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine. McAfee Web Gateway is part of the McAfee Web Protection solution alongside McAfee Web Gateway Cloud Service, available together to provide optimal protection for users everywhere.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Web Gateway","keywords":"McAfee, threat, Threat, Gateway, malware, security, more, information","description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can","og:title":"McAfee Web Gateway","og:description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can"},"eventUrl":"","translationId":432,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":217,"title":"Ukraine","name":"UKR"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":336,"title":"Risk or Leaks of confidential information"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":378,"title":"Low employee productivity"},{"id":385,"title":"Risk of data loss or damage"},{"id":397,"title":"Insufficient risk management"}]}},"categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.verna.ua/projects/informatsionnaya-bezopasnost/item/305-vnedrenie-resheniya-po-filtratsii-veb-trafika-mcafee-web-gateway","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":72,"title":"McAfee Web Gateway for VTB Bank of Moscow","description":"Description is not ready yet","alias":"mcafee-web-gateway-for-vtb-bank-of-moscow","roi":0,"seo":{"title":"McAfee Web Gateway for VTB Bank of Moscow","keywords":"","description":"Description is not ready yet","og:title":"McAfee Web Gateway for VTB Bank of Moscow","og:description":"Description is not ready yet"},"deal_info":"","user":{},"supplier":{},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":""}],"products":[{"id":431,"logo":false,"scheme":false,"title":"McAfee Web Gateway","vendorVerified":1,"rating":"2.70","implementationsCount":4,"suppliersCount":0,"alias":"mcafee-web-gateway","companyTypes":[],"description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can make other security tools more intelligent. None of this should disrupt the productivity of a large workforce.\r\n\r\nGateway technology for the world’s most demanding IT environments\r\n\r\nBest-in-class threat prevention\r\nProtect against highly sophisticated malware and targeted attacks that evade URL filtering and antivirus signatures. This secure web gateway provides industry-leading, proactive detection of zero-day malware with full coverage of web traffic, including SSL.\r\n\r\nThreat information sharing\r\nMcAfee Web Gateway is integrated with the Security Connected platform to enable more effective threat detection, reduce incident response times, and improve operational efficiency. Learn about key integration points, McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange.\r\n\r\nPowerful rules-based policy engine\r\nTake action on any element of the web request-response cycle, allowing limitless flexibility and web security crafted for your organization.","shortDescription":"McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine. McAfee Web Gateway is part of the McAfee Web Protection solution alongside McAfee Web Gateway Cloud Service, available together to provide optimal protection for users everywhere.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Web Gateway","keywords":"McAfee, threat, Threat, Gateway, malware, security, more, information","description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can","og:title":"McAfee Web Gateway","og:description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can"},"eventUrl":"","translationId":432,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":180,"title":"Russia","name":"RUS"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"}]}},"categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"http://i-teco.ru/press/news/2796/","title":"Supplier's web site"}},"comments":[],"referencesCount":0}],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":110,"b4r":0,"categories":{"5":{"id":5,"title":"Security Software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png","alias":"security-software"},"34":{"id":34,"title":"ITSM - IT Service Management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li> Lower costs for IT operations</li><li> Higher returns on IT investments</li><li> Minimal service outages</li><li> Ability to establish well-defined, repeatable, and manageable IT processes</li><li> Efficient analysis of IT problems to reduce repeat incidents</li><li> Improved efficiency of IT help desk teams</li><li> Well-defined roles and responsibilities</li><li> Clear expectations on service levels and service availability</li><li> Risk-free implementation of IT changes</li><li> Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the "needs" primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png","alias":"itsm-it-service-management"},"40":{"id":40,"title":"Endpoint security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png","alias":"endpoint-security"},"77":{"id":77,"title":"SOC - Situation Centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png","alias":"soc-situation-centre"},"335":{"id":335,"title":"Secure Content and Threat Management","description":" Secure content management is the set of processes and technologies that supports the collection, managing, and publishing of information. It involves processes for protecting the company from viruses, spam and undesirable web pages to not only provide enhanced security but also address productivity and potential human resources issues. Even after controlling the number of avenues through which information can enter, after the implementation of perimeter security, the cyber attackers still find ways to piggyback across valid communication channels.\r\nSecure Content Management technologies have evolved rapidly over the last few years due to the complexity of threats associated with email and web gateways. Businesses are increasingly focusing on eliminating this threat by adopting the 2 gateways, rather than the purely productive driven anti-spam and web-filtering techniques.\r\nSecure Content Management solutions are gaining traction due to the increased need for handling voluminous content that is getting generated in organizations on a daily basis. The rising adoption of digitalization, Bring Your Own Device (BYOD), growth of e-commerce, and social media has increased the amount of content generated in inter-organizations and intra-organizations.\r\nSCM solutions offer clients with the benefit of paper-free workflow, accurate searching of the required information, and better information sharing, and also addresses required industry standards and regulations. SCM solutions enable clients with handling essential enterprise information and save time and cost associated with searching for the required business data for making key business decisions.\r\nThe solutions offered for Secure Content Management includes:\r\n<span style=\"font-style: italic;\">Anti-Spam:</span> Spam Filters are introduced for spam e-mail which not only consumes time and money but also network and mail server resources.\r\n<span style=\"font-style: italic;\">Web Surfing:</span> Limiting the websites that end-users are allowed to access will increase work productivity, ensure maximum bandwidth availability and lower the liability issues.\r\n<span style=\"font-style: italic;\">Instant Messaging:</span> Convenient and growing, but difficult to handle, this technology serves as a back door for viruses and worms to enter your network. It also provides a way for sensitive information to be shared over the network.<br /><br /><br />","materialsDescription":" <span style=\"font-weight: bold;\">What are the reasons for adopting secure content management?</span>\r\nFollowing are the reasons for creating the need for secure content management:\r\n<ul><li>Lost productivity</li><li>Introduction of malicious code</li><li>Potential liability</li><li>Wasted network resources</li><li>Control over intellectual property</li><li>Regulatory Compliance</li></ul>\r\nBecause of these reasons, there is rising concern over the security of the organization and creating the need for the adoption of Secure content Management from the clients.\r\n<span style=\"font-weight: bold;\">Strategy Adopted for implementing Secure Content Management</span>\r\nThe strategy applied for Secure Content Management includes the 4 step process including\r\n<span style=\"font-weight: bold;\">Discover</span> involves Identifying and Defining the process of Data Management and collecting the data created.\r\n<span style=\"font-weight: bold;\">Classify</span> is the process of identifying critical data and segregating between secure information and unstructured information.\r\n<span style=\"font-weight: bold;\">Control</span> involves the process of data cleansing, Encrypting the digital content and Securing critical information.\r\n<span style=\"font-weight: bold;\">Govern</span> is the process of creating Service Level Agreements for usage rules, retention rules.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Content_and_Threat_Management.png","alias":"secure-content-and-threat-management"},"832":{"id":832,"title":"CASB - Cloud Access Security Broker","description":"A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud-based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer a variety of services, including but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware.\r\nA CASB may deliver security, the management or both. Broadly speaking, "security" is the prevention of high-risk events, whilst "management" is the monitoring and mitigation of high-risk events.\r\nCASBs that deliver security must be in the path of data access, between the user and the cloud. Architecturally, this might be achieved with proxy agents on each end-point device, or in agentless fashion without requiring any configuration on each device. Agentless CASB allows for rapid deployment and delivers security on all devices, company-managed or unmanaged BYOD. Agentless CASB also respects user privacy, inspecting only corporate data. Agent-based CASB is difficult to deploy and effective only on devices that are managed by the corporation. Agent-based CASB typically inspects both corporate and personal data.\r\nCASBs that deliver management may use APIs to inspect data and activity in the cloud to alert of risky events after the fact. Another management capability of a CASB is to inspect firewall or proxy logs for the usage of cloud applications.","materialsDescription":"<span style=\"font-weight: bold;\">What is CASB?</span> A Cloud Access Security Broker (CASB) is a policy enforcement point that secures data & apps in the cloud and on any device, anywhere.\r\n<span style=\"font-weight: bold;\">What is the difference between security and management?</span> Security is preventing risky events from happening, management is cleaning up after high-risk events.\r\n<span style=\"font-weight: bold;\">What is Shadow IT?</span> Cloud applications used by business users without IT oversight, also known as unmanaged apps.\r\n<span style=\"font-weight: bold;\">What are managed apps?</span> Cloud Applications that are managed by IT, e.g.Office 365.\r\n<span style=\"font-weight: bold;\">What are the types of CASB?</span> Three types of Cloud Access Security Broker\r\n<ul><li>a) API-only CASB offer basic management</li><li>b) multi-mode first-gen CASB offer management & security</li><li>c) Next-Gen CASB deliver management, security & Zero-Day protection.</li></ul>\r\n<span style=\"font-weight: bold;\">What is a forward proxy?</span> A proxy where traffic must be forwarded by the end-point Such proxies requires agents and configuration on client devices.\r\n<span style=\"font-weight: bold;\">What is a reverse proxy?</span> A proxy where traffic is automatically routed, requiring no agent or configuration on the end-point.\r\n<span style=\"font-weight: bold;\">What is AJAX-VM?</span> Acronym for "Adaptive Javascript and XML- Virtual Machine." AJAX-VM virtualizes cloud apps on the fly so they can be proxied without agents. Reverse-proxy CASB are brittle without AJAX-VM and break frequently with app changes.\r\n<span style=\"font-weight: bold;\">What are the types of CASB architecture?</span> There are three types of CASB architecture: API-only, forward proxy, and reverse proxy. Some CASB are API-only, others API and forward proxy. Next-Gen CASBs offer all three with AJAX-VM.\r\n<span style=\"font-weight: bold;\">What is CASB encryption?</span> Encryption/decryption of data prior to upload/download to a cloud application.\r\n <span style=\"font-weight: bold;\">What is searchable encryption?</span> An encryption system that combines full encryption with a clear-text index to enable search and sort without compromising encryption strength.\r\n<span style=\"font-weight: bold;\">What is tokenization?</span> Obfuscation by encoding each input string as a unique output string.\r\n<span style=\"font-weight: bold;\">What is agentless MDM?</span> Mobile security for BYOD that does not require agents. Easy to deploy and has no access to personal data or apps, thereby preserving user privacy.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_CASB.png","alias":"casb-cloud-access-security-broker"},"838":{"id":838,"title":"Endpoint Detection and Response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png","alias":"endpoint-detection-and-response"},"852":{"id":852,"title":"Network security","description":" Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.\r\nNetwork security starts with authentication, commonly with a username and a password. Since this requires just one detail authenticating the user name — i.e., the password—this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g., a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g., a fingerprint or retinal scan).\r\nOnce authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network like wireshark traffic and may be logged for audit purposes and for later high-level analysis. Newer systems combining unsupervised machine learning with full network traffic analysis can detect active network attackers from malicious insiders or targeted external attackers that have compromised a user machine or account.\r\nCommunication between two hosts using a network may be encrypted to maintain privacy.\r\nHoneypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot. A honeypot can also direct an attacker's attention away from legitimate servers. A honeypot encourages attackers to spend their time and energy on the decoy server while distracting their attention from the data on the real server. Similar to a honeypot, a honeynet is a network set up with intentional vulnerabilities. Its purpose is also to invite attacks so that the attacker's methods can be studied and that information can be used to increase network security. A honeynet typically contains one or more honeypots.","materialsDescription":" <span style=\"font-weight: bold;\">What is Network Security?</span>\r\nNetwork security is any action an organization takes to prevent malicious use or accidental damage to the network’s private data, its users, or their devices. The goal of network security is to keep the network running and safe for all legitimate users.\r\nBecause there are so many ways that a network can be vulnerable, network security involves a broad range of practices. These include:\r\n<ul><li><span style=\"font-weight: bold;\">Deploying active devices:</span> Using software to block malicious programs from entering, or running within, the network. Blocking users from sending or receiving suspicious-looking emails. Blocking unauthorized use of the network. Also, stopping the network's users accessing websites that are known to be dangerous.</li><li><span style=\"font-weight: bold;\">Deploying passive devices:</span> For instance, using devices and software that report unauthorized intrusions into the network, or suspicious activity by authorized users.</li><li><span style=\"font-weight: bold;\">Using preventative devices:</span> Devices that help identify potential security holes, so that network staff can fix them.</li><li><span style=\"font-weight: bold;\">Ensuring users follow safe practices:</span> Even if the software and hardware are set up to be secure, the actions of users can create security holes. Network security staff is responsible for educating members of the organization about how they can stay safe from potential threats.</li></ul>\r\n<span style=\"font-weight: bold;\">Why is Network Security Important?</span>\r\nUnless it’s properly secured, any network is vulnerable to malicious use and accidental damage. Hackers, disgruntled employees, or poor security practices within the organization can leave private data exposed, including trade secrets and customers’ private details.\r\nLosing confidential research, for example, can potentially cost an organization millions of dollars by taking away competitive advantages it paid to gain. While hackers stealing customers’ details and selling them to be used in fraud, it creates negative publicity and public mistrust of the organization.\r\nThe majority of common attacks against networks are designed to gain access to information, by spying on the communications and data of users, rather than to damage the network itself.\r\nBut attackers can do more than steal data. They may be able to damage users’ devices or manipulate systems to gain physical access to facilities. This leaves the organization’s property and members at risk of harm.\r\nCompetent network security procedures keep data secure and block vulnerable systems from outside interference. This allows the network’s users to remain safe and focus on achieving the organization’s goals.\r\n<span style=\"font-weight: bold;\">Why Do I Need Formal Education to Run a Computer Network?</span>\r\nEven the initial setup of security systems can be difficult for those unfamiliar with the field. A comprehensive security system is made of many pieces, each of which needs specialized knowledge.\r\nBeyond setup, each aspect of security is constantly evolving. New technology creates new opportunities for accidental security leaks, while hackers take advantage of holes in security to do damage as soon as they find them. Whoever is in charge of the network’s security needs to be able to understand the technical news and changes as they happen, so they can implement safety strategies right away.\r\nProperly securing your network using the latest information on vulnerabilities helps minimize the risk that attacks will succeed. Security Week reported that 44% of breaches in 2014 came from exploits that were 2-4 years old.\r\nUnfortunately, many of the technical aspects of network security are beyond those who make hiring decisions. So, the best way an organization can be sure that their network security personnel are able to properly manage the threats is to hire staff with the appropriate qualifications.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_security.png","alias":"network-security"}},"branches":"Information Technology","companySizes":"1001 to 2000 Employees","companyUrl":"https://www.mcafee.com/","countryCodes":[],"partnerTypes":"Distributor and Reseller","certifications":[{"id":506,"company_id":184,"title":"McAfee Product Specialist—ENS","type":"technical"},{"id":507,"company_id":184,"title":"McAfee Product Specialist—ATD","type":"technical"},{"id":508,"company_id":184,"title":"McAfee Product Specialist—ePO","type":"technical"},{"id":509,"company_id":184,"title":"McAfee Product Specialist—NSP","type":"technical"},{"id":510,"company_id":184,"title":"McAfee Product Specialist—HIPs","type":"technical"},{"id":511,"company_id":184,"title":"McAfee Product Specialist—DLPe","type":"technical"},{"id":512,"company_id":184,"title":"McAfee Product Specialist—SIEM","type":"technical"}],"isSeller":true,"isSupplier":false,"isVendor":true,"presenterCodeLng":"","seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://old.roi4cio.com/uploads/roi/company/McAfee-TM-s-logo-red-rgb.jpg"},"eventUrl":"","vendorPartners":[],"supplierPartners":[{"supplier":"ISSP","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"BMS Consulting","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Allta","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"MMI Group","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Avalis","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"AMI","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"I.T.Pro","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"SI Center","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"E-consulting","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"IT INTEGRATOR","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Integrity Systems","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Infobezpeka","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"IT Land","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"NAVIGATOR","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"ASSOCIATION YUG","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"RIM2000","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"SVIT IT","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Wise IT","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Softlist","partnershipLevel":"","countries":"","partnersType":""},{"supplier":"Bell Integrator","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Corporate Business Systems (CBS)","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"S&T Ukraine","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Winncom Technologies","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"ATINUM","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Sharifa.Com","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"MARS SOLUTIONS","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Light Technology","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"ALSI (User)","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Life2Win","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Technoservice group","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"NEWTECH DISTRIBUTION","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Asia InterCommunications","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"UTeL.KZ","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Global Services International","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Halyk Telecom","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"InSpe","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Drakar","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"UGT","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Orient Logic","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Asseco Group","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"GREENNET","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"SOLVIT","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"CASPEL","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"AtaTechnology","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Bakinity","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Unicomp","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Bi Line","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"R.I.S.K.","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"IT Solutions Azerbaijan","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"IBA Group","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Delta-Comm","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"BAS (Business Applications Solutions)","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Astana-New Technologies-2008","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Corvus Technologies","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"ITECO","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"IFS","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"MONT","partnershipLevel":"Distributor","countries":"Russian Federation","partnersType":"Distributor and Reseller"},{"supplier":"SoftwareONE","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Atos","partnershipLevel":"Platinum","countries":"","partnersType":""},{"supplier":"Insight","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"MICROS","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"BTS Pro","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"INFOTRADE","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"High Tech for Human","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Kvarta (kvarta.kz)","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Seabak","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Bever","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"ASBIS","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"SPro","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Turkmen Transit","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Green Light","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Pixel","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"SEMTEC","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"NGS Group","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Orange Business Services","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Reliable Solutions Distributor","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Sintegra Group","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"GHESAR","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"RTSolutions","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Dom-Daniel","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"REDINET","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"CyberSec","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"AZEL Systems","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Varzia","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"GRENA","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"ITCS","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"R.I.S.K. Georgia","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"SYNTAX","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Pacifica Kazakhstan","partnershipLevel":"Platinum","countries":"","partnersType":""},{"supplier":"Esentai System Integration","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"LimeOn Global Company","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Keremet","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"ALATAU INNOVATIONS","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Comp Solutions","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"ICORE-Integration","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"KMA","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"MS MAX","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Norsec Delta Projects","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Trisad","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Data Expert","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"Center of System Integration","partnershipLevel":"Gold","countries":"","partnersType":""},{"supplier":"BITCOM SOFTware","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"","partnershipLevel":"Silver","countries":"","partnersType":""},{"supplier":"Indegy","partnershipLevel":"","countries":"","partnersType":""},{"supplier":"CyberX Labs","partnershipLevel":"","countries":"","partnersType":""}],"vendoredProducts":[{"id":3336,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/large-logo-mcafee.png","logo":true,"scheme":false,"title":"McAfee MVISION Mobile","vendorVerified":1,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-mvision-mobile","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"<h2>Always-on defense for on-the-go devices</h2>\r\nUnlike cloud-based mobile security solutions that rely on app sandboxing or traffic tunneling, McAfee MVISION Mobile sits directly on mobile devices to provide always-on protection no matter how a device is connected—via a corporate network, public access point, or cellular carrier—and even offline.\r\n<h2>Advanced analysis thwarts advanced attacks</h2>\r\nMachine learning algorithms analyze deviations to device behavior and make determinations about indicators of compromise to accurately identify advanced device, application, and network-based attacks.\r\n<h2>A single console for all devices—including mobile</h2>\r\nAs an integrated component of McAfee Device Security, McAfee MVISION Mobile extends visibility and control of your mobile assets from the same single console of all your McAfee-managed devices, including OS-based endpoints, servers, containers, and embedded IoT devices.","shortDescription":"McAfee MVISION Mobile defends your employees and their devices from the boardroom to the coffeehouse.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":19,"sellingCount":9,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee MVISION Mobile","keywords":"","description":"<h2>Always-on defense for on-the-go devices</h2>\r\nUnlike cloud-based mobile security solutions that rely on app sandboxing or traffic tunneling, McAfee MVISION Mobile sits directly on mobile devices to provide always-on protection no matter how a device is con","og:title":"McAfee MVISION Mobile","og:description":"<h2>Always-on defense for on-the-go devices</h2>\r\nUnlike cloud-based mobile security solutions that rely on app sandboxing or traffic tunneling, McAfee MVISION Mobile sits directly on mobile devices to provide always-on protection no matter how a device is con","og:image":"https://old.roi4cio.com/fileadmin/user_upload/large-logo-mcafee.png"},"eventUrl":"","translationId":3341,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":3,"title":"MDM - Mobile Device Management","alias":"mdm-mobile-device-management","description":" <span style=\"font-weight: bold; \">Mobile device management (MDM)</span> is an industry term for the administration of mobile devices, such as smartphones, tablet computers and laptops. Device management system is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices.\r\nMDM is typically a deployment of a combination of on-device applications and configurations, corporate policies and certificates, and backend infrastructure, for the purpose of simplifying and enhancing the IT management of end user devices. In modern corporate IT environments, the sheer number and diversity of managed devices (and user behavior) has motivated device management tools that allow the management of devices and users in a consistent and scalable way. The overall role of MDM is to increase device supportability, security, and corporate functionality while maintaining some user flexibility.\r\nMany organizations administer devices and applications using MDM products/services. Mobile device management software primarily deals with corporate data segregation, securing emails, securing corporate documents on devices, enforcing corporate policies, integrating and managing mobile devices including laptops and handhelds of various categories. MDM implementations may be either on-premises or cloud-based.\r\nMDM functionality can include over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. Most recently laptops and desktops have been added to the list of systems supported as Mobile Device Management becomes more about basic device management and less about the mobile platform itself. \r\nSome of the <span style=\"font-weight: bold; \">core functions</span> of mobile management software include:\r\n<ul><li>Ensuring that diverse user equipment is configured to a consistent standard/supported set of applications, functions, or corporate policies</li><li>Updating equipment, applications, functions, or policies in a scalable manner</li><li>Ensuring that users use applications in a consistent and supportable manner</li><li>Ensuring that equipment performs consistently</li><li>Monitoring and tracking equipment (e.g. location, status, ownership, activity)</li><li>Being able to efficiently diagnose and troubleshoot equipment remotely</li></ul>\r\nDevice management solutions are leveraged for both company-owned and employee-owned (Bring Your Own Device) devices across the enterprise or mobile devices owned by consumers. Consumer demand for BYOD is now requiring a greater effort for MDM and increased security for both the devices and the enterprise they connect to, especially since employers and employees have different expectations concerning the types of restrictions that should be applied to mobile devices.\r\nBy controlling and protecting the data and configuration settings of all mobile devices in a network, enterprise device management software can reduce support costs and business risks. The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime.\r\nWith mobile devices becoming ubiquitous and applications flooding the market, mobile monitoring is growing in importance. The use of mobile device management across continues to grow at a steady pace, and is likely to register a compound annual growth rate (CAGR) of nearly 23% through 2028. The US will continue to be the largest market for mobile device management globally. ","materialsDescription":"<h1 class=\"align-center\">How Mobile Device Management works?</h1>\r\nMobile device management relies on endpoint software called an MDM agent and an MDM server that lives in a data center. IT administrators configure policies through the MDM server's management console, and the server then pushes those policies over the air to the MDM agent on the device. The agent applies the policies to the device by communicating with application programming interfaces (APIs) built directly into the device operating system.\r\nSimilarly, IT administrators can deploy applications to managed devices through the MDM server. Mobile software management emerged in the early 2000s as a way to control and secure the personal digital assistants and smartphones that business workers began to use. The consumer smartphone boom that started with the launch of the Apple iPhone in 2007 led to the bring your own device trend, which fueled further interest in MDM.\r\nModern MDM management software supports not only smartphones but also tablets, Windows 10 and macOS computers and even some internet of things devices. The practice of using MDM to control PCs is known as unified endpoint management.\r\n<h1 class=\"align-center\">Key Benefits of Mobile Device Management Software</h1>\r\n<span style=\"font-weight: bold;\">Reduce IT Administration.</span> Instead of manually configuring and testing each new mobile device, mobile device software takes care of the repetitive tasks for you. That gives IT staff more time to work on challenging projects that improve productivity.<span style=\"font-weight: bold;\"></span> \r\n<span style=\"font-weight: bold;\">Improve End-user Productivity. </span>Mobile device management helps end users become more productive because the process of requesting new mobile devices can be cut down from days to hours. Once end users have the device in their hands, mobile device management program helps them get set up on their corporate network much faster. That means less time waiting to get access to email, internal websites, and calendars.<span style=\"font-weight: bold;\"></span> \r\n<span style=\"font-weight: bold;\">Reduce IT Risk.</span> Mobile devices, especially if your organization allows “Bring Your Own Device” (BYOD), create increased risk exposures. Typically, IT managers respond to these risks in one of two ways, neither of which help. First, you may say “no” to mobile device requests. That’s a fast way to become unpopular. Second, you may take a manual approach to review and oversee each device.<span style=\"font-weight: bold;\"></span> \r\n<span style=\"font-weight: bold;\">Enable Enterprise Growth. </span>If your enterprise added a thousand employees this quarter through hiring, acquisition, or other changes, could IT handle the challenge? If you’re honest, you can probably imagine going through plenty of struggles and missing SLAs. That kind of disappointment and missed service expectations make end users respect IT less. \r\nBy using enterprise device management thoroughly, you'll enable enterprise growth. You'll have the systems and processes to manage 100 users or 10,000 users. That means IT will be perceived as enabling growth not standing in the way.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_MDM_Mobile_Device_Management.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3408,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg","logo":true,"scheme":false,"title":"McAfee Active Response","vendorVerified":1,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-active-response","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security posture, improve threat detection, and expand incident response capabilities through forward-looking discovery, detailed analysis, forensic investigation, comprehensive reporting, and prioritized alerts and actions.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response is proof of the effectiveness of the integrated McAfee security architecture, which is designed to resolve more threats faster and with fewer resources in a more complex world. McAfee Active Response gives you continuous visibility and powerful insights into your endpoints so you can identify breaches faster. And it provides you with the tools you need to correct issues faster and in the way that makes the most sense for your business. All of this power is managed via McAfee® ePolicy Orchestrator® (McAfee ePO™) software leveraging McAfee Data Exchange Layer—this provides unified scalability and extensibility without the need for incremental staff to administer the product.<br /><br /><span style=\"font-weight: bold;\">Key Advantages</span><br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Automated: Capture and monitor context and system state for changes that may be IoAs, as well as find dormant attack components, and send intelligence to analytics, operations, and forensic teams.</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Adaptable: When alerted, you can adjust to changes in attack methodologies; automate data collection, alerts, and responses to objects of interest; and customize your configuration to customer workflows.</span></li></ul>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Continuous: Persistent collectors activate triggers on detection of attack events, alerting you and your systems to attack activity that you</span></li></ul>\r\n<span style=\"color: rgb(97, 97, 97); \"><br /><br /><br /><br /></span>\r\n<br /><br />","shortDescription":"McAfee Active Response is a leading innovation in finding and responding to advanced threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Active Response","keywords":"","description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security po","og:title":"McAfee Active Response","og:description":"McAfee Active Response - Comprehensive endpoint detection and response.\r\n<span style=\"color: rgb(97, 97, 97); \">McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security po","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg"},"eventUrl":"","translationId":3409,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3410,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg","logo":true,"scheme":false,"title":"McAfee Cloud Workload Security","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-cloud-workload-security","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it possible for a single, automated policy to effectively secure your workloads as they transition through your virtual private, public, and multicloud environments, enabling operational excellence for your cybersecurity teams.\r\n<span style=\"font-weight: bold; \">Automate discovery and deployment</span>\r\nContinuous workload discovery gives you a centralized perspective of all instances across your Amazon Web Services (AWS), Microsoft Azure, and VMware accounts, while automation templates ensure your workloads are protected from the start.\r\n<span style=\"font-weight: bold; \">Visualize and control network threats</span>\r\nTraditional perimeter-based security doesn’t work across hybrid workloads due to their amorphous and decentralized nature. Cloud-native network visualization, prioritized risk alerting, and micro-segmentation deliver awareness and control to prevent both lateral attacks in the data center and external threats\r\n<span style=\"font-weight: bold; \">Defend workloads against advanced attacks</span>\r\nIntegrated countermeasures spanning machine learning, application containment, virtual machine-optimized anti-malware, whitelisting, file integrity monitoring, and micro-segmentation, protect workloads from threats like ransomware and targeted attacks.\r\n<span style=\"font-weight: bold; \">Simplify cloud security management</span>\r\nA single-pane console consolidates security policy and management across physical endpoints, servers, virtual servers and desktops, and hybrid and multi-cloud environments. Isolation allows you to use micro-segmentation to quarantine workloads and containers with a single click.\r\n\r\n<span style=\"font-weight: bold; \">SECURITY BUILD FOR THE CLOUD</span>\r\n<span style=\"text-decoration: underline; \">Cloud and DevOps integration</span>\r\nMcAfee Cloud Workload Security works directly with AWS, Microsoft Azure, and VMware environments to provide continuous visibility, while delivering deployment automation through common DevOps tool support (Chef, Puppet, and shell scripts).\r\n<span style=\"text-decoration: underline; \">Optimized for virtual workloads</span>\r\nLeverage advanced host-based workload defense optimized specifically for virtual instances to avoid resource storms that can strain underlying infrastructure.<br /><br /><span style=\"text-decoration: underline; \">Cloud-native network control</span>\r\nWith increased awareness and control of your cloud workloads you can prevent both lateral attacks in the data center and external threats.<br /><br /><span style=\"text-decoration: underline; \">Cloud provider direct integration</span>\r\nAdditional capabilities are enabled through direct integration with cloud providers such as AWS. For example, AWS GuardDuty alerts integrate directly into McAfee ePO, displaying network connections, port probes, and DNS requests for EC2 instances.\r\n\r\nMcAfee Cloud Workload Security:\r\n<ul><li>McAfee Cloud Workload Security Basic</li></ul>\r\n<ul><li>McAfee Cloud Workload Security Essentials</li></ul>\r\n<ul><li>McAfee Cloud Workload Security Advanced</li></ul>","shortDescription":"McAfee Cloud Workload Security secures your hybrid infrastructure workloads","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Cloud Workload Security","keywords":"","description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it ","og:title":"McAfee Cloud Workload Security","og:description":" McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg"},"eventUrl":"","translationId":3411,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3449,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg","logo":true,"scheme":false,"title":"McAfee Complete Data Protection","vendorVerified":1,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-complete-data-protection","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"<span style=\"color: rgb(97, 97, 97); \">Secure your confidential data with an enterprise-grade security solution that is FIPS 140-2 and Common Criteria EAL2+ certified, and accelerated with the Intel® Advanced Encryption Standard—New Instructions (Intel AES-NI) set. McAfee Complete Data Protection uses drive encryption combined with strong access control via two-factor pre-boot authentication to prevent unauthorized access to confidential data on endpoints, including desktops, virtual desktop infrastructure (VDI) workstations, laptops, Microsoft Windows tablets, USB drives, and more.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold;\">Key Features</span><br />■ Drive encryption<br />■ File and removable media protection<br />■ Management of native encryption<br /><br /><span style=\"font-weight: bold;\">Key Advantages</span><br />■ Stop data loss initiated by sophisticated malware that hijacks sensitive and personal information.<br />■ Secure data when it’s stored on desktops, laptops, tablets, and cloud storage.<br />■ Manage Apple FileVault and Microsoft BitLocker native encryption on endpoints directly from McAfee ePO software.<br />■ Communicate with and take control of your endpoints at the hardware level, whether they are powered off, disabled, or encrypted to halt desk-side visits and endless helpdesk calls due to security incidents, outbreaks, or forgotten encryption passwords.<br />■ Prove compliance with advanced reporting and auditing capabilities and monitor events and generate detailed reports that show auditors and other stakeholders your compliance with internal and regulatory privacy requirements.<br /></span>","shortDescription":"McAfee Complete Data Protection is a comprehensive endpoint encryption solution","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Data Protection","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">Secure your confidential data with an enterprise-grade security solution that is FIPS 140-2 and Common Criteria EAL2+ certified, and accelerated with the Intel® Advanced Encryption Standard—New Instructions (Intel AES-NI)","og:title":"McAfee Complete Data Protection","og:description":"<span style=\"color: rgb(97, 97, 97); \">Secure your confidential data with an enterprise-grade security solution that is FIPS 140-2 and Common Criteria EAL2+ certified, and accelerated with the Intel® Advanced Encryption Standard—New Instructions (Intel AES-NI)","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg"},"eventUrl":"","translationId":3450,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":43,"title":"Data Encryption","alias":"data-encryption","description":"<span style=\"font-weight: bold;\">Data encryption</span> translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext. Currently, encryption is one of the most popular and effective data security methods used by organizations. \r\nTwo main types of data encryption exist - <span style=\"font-weight: bold;\">asymmetric encryption</span>, also known as public-key encryption, and <span style=\"font-weight: bold;\">symmetric encryption</span>.<br />The purpose of data encryption is to protect digital data confidentiality as it is stored on computer systems and transmitted using the internet or other computer networks. The outdated data encryption standard (DES) has been replaced by modern encryption algorithms that play a critical role in the security of IT systems and communications.\r\nThese algorithms provide confidentiality and drive key security initiatives including authentication, integrity, and non-repudiation. Authentication allows for the verification of a message’s origin, and integrity provides proof that a message’s contents have not changed since it was sent. Additionally, non-repudiation ensures that a message sender cannot deny sending the message.\r\nData protection software for data encryption can provide encryption of devices, email, and data itself. In many cases, these encryption functionalities are also met with control capabilities for devices, email, and data. \r\nCompanies and organizations face the challenge of protecting data and preventing data loss as employees use external devices, removable media, and web applications more often as a part of their daily business procedures. Sensitive data may no longer be under the company’s control and protection as employees copy data to removable devices or upload it to the cloud. As a result, the best data loss prevention solutions prevent data theft and the introduction of malware from removable and external devices as well as web and cloud applications. In order to do so, they must also ensure that devices and applications are used properly and that data is secured by auto-encryption even after it leaves the organization.\r\nEncryption software program encrypts data or files by working with one or more encryption algorithms. Security personnel use it to protect data from being viewed by unauthorized users.\r\nTypically, each data packet or file encrypted via data encryption programs requires a key to be decrypted to its original form. This key is generated by the software itself and shared between the data/file sender and receiver. Thus, even if the encrypted data is extracted or compromised, its original content cannot be retrieved without the encryption key. File encryption, email encryption, disk encryption and network encryption are widely used types of data encryption software.<br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is Encryption software?</span></h1>\r\nEncryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.There are many software products which provide encryption. Software encryption uses a cipher to obscure the content into ciphertext. One way to classify this type of software is by the type of cipher used. Ciphers can be divided into two categories: <span style=\"font-weight: bold;\">public key ciphers</span> (also known as asymmetric ciphers), and <span style=\"font-weight: bold;\">symmetric key ciphers</span>. Encryption software can be based on either public key or symmetric key encryption.\r\nAnother way to classify crypto software is to categorize its purpose. Using this approach, software encryption may be classified into software which encrypts "<span style=\"font-weight: bold;\">data in transit</span>" and software which encrypts "<span style=\"font-weight: bold;\">data at rest</span>". Data in transit generally uses public key ciphers, and data at rest generally uses symmetric key ciphers.\r\nSymmetric key ciphers can be further divided into stream ciphers and block ciphers. Stream ciphers typically encrypt plaintext a bit or byte at a time, and are most commonly used to encrypt real-time communications, such as audio and video information. The key is used to establish the initial state of a keystream generator, and the output of that generator is used to encrypt the plaintext. Block cipher algorithms split the plaintext into fixed-size blocks and encrypt one block at a time. For example, AES processes 16-byte blocks, while its predecessor DES encrypted blocks of eight bytes.<br />There is also a well-known case where PKI is used for data in transit of data at rest.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">How Data Encryption is used?</span></h1>\r\nThe purpose of data encryption is to deter malicious or negligent parties from accessing sensitive data. An important line of defense in a cybersecurity architecture, encryption makes using intercepted data as difficult as possible. It can be applied to all kinds of data protection needs ranging from classified government intel to personal credit card transactions. Data encryption software, also known as an encryption algorithm or cipher, is used to develop an encryption scheme which theoretically can only be broken with large amounts of computing power.\r\nEncryption is an incredibly important tool for keeping your data safe. When your files are encrypted, they are completely unreadable without the correct encryption key. If someone steals your encrypted files, they won’t be able to do anything with them.\r\nThere different types of encryption: hardware and software. Both offer different advantages. So, what are these methods and why do they matter?\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Software Encryption</span></h1>\r\n<p class=\"align-left\">As the name implies, software encryption uses features of encryption software to encrypt your data. Cryptosoft typically relies on a password; give the right password, and your files will be decrypted, otherwise they remain locked. With encryption enabled, it is passed through a special algorithm that scrambles your data as it is written to disk. The same software then unscrambles data as it is read from the disk for an authenticated user.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Pros.</span>Crypto programs is typically quite cheap to implement, making it very popular with developers. In addition, software-based encryption routines do not require any additional hardware.<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Cons.</span>Types of encryption software is only as secure as the rest of your computer or smartphone. If a hacker can crack your password, the encryption is immediately undone.<br />Software encryption tools also share the processing resources of your computer, which can cause the entire machine to slow down as data is encrypted/decrypted. You will also find that opening and closing encrypted files is much slower than normal because the process is relatively resource intensive, particularly for higher levels of encryption</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Hardware encryption</span></h1>\r\n<p class=\"align-left\">At the heart of hardware encryption is a separate processor dedicated to the task of authentication and encryption. Hardware encryption is increasingly common on mobile devices. <br />The encryption protection technology still relies on a special key to encrypt and decrypt data, but this is randomly generated by the encryption processor. Often times, hardware encryption devices replace traditional passwords with biometric logons (like fingerprints) or a PIN number that is entered on an attached keypad<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Pros.</span>Hardware offers strong encryption, safer than software solutions because the encryption process is separate from the rest of the machine. This makes it much harder to intercept or break. </p>\r\n<p class=\"align-left\">The use of a dedicated processor also relieves the burden on the rest of your device, making the encryption and decryption process much faster.<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Cons.</span>Typically, hardware-based encrypted storage is much more expensive than a software encryption tools. <br />If the hardware decryption processor fails, it becomes extremely hard to access your information.<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">The Data Recovery Challenge. </span>Encrypted data is a challenge to recover. Even by recovering the raw sectors from a failed drive, it is still encrypted, which means it is still unreadable. </p>\r\n<p class=\"align-left\">Hardware encrypted devices don’t typically have these additional recovery options. Many have a design to prevent decryption in the event of a component failure, stopping hackers from disassembling them. The fastest and most effective way to deal with data loss on an encrypted device is to ensure you have a complete backup stored somewhere safe. For your PC, this may mean copying data to another encrypted device. For other devices, like your smartphone, backing up to the Cloud provides a quick and simple economy copy that you can restore from. As an added bonus, most Cloud services now encrypt their users’ data too. <br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Encryption.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3456,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg","logo":true,"scheme":false,"title":"McAfee Network Security Platform","vendorVerified":1,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-network-security-platform","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emulation techniques, moving beyond mere pattern matching to defend against stealthy attacks with a high degree of accuracy. To meet the needs of demanding networks, the platform can scale to more than 40 Gbps with a single device. The integrated McAfee solution portfolio streamlines security operations by combining real-time McAfee Global Threat Intelligence feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.<br /><br /><span style=\"font-weight: bold;\">Key Advantages</span><br />■ Quickly detects and blocks threats to protect applications and data<br />■ High-performance, scalable solution for dynamic environments<br />■ Centralized management for visibility and control<br />■ Advanced detection, including signature-less malware analysis<br />■ Inbound and outbound SSL decryption to inspect network traffic<br />■ High-availability and disaster recovery protection<br />■ Virtual appliances also available<br />■ Integrates with McAfee solution portfolio for device-to-cloud security<br /></span><br />","shortDescription":"McAfee Network Security Platform is a next-generation intrusion prevention system (IPS) that redefines how organizations block advanced threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Network Security Platform","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emu","og:title":"McAfee Network Security Platform","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee® Network Security Platform (McAfee NSP) is a next-generation intrusion prevention system (IPS) that discovers and blocks sophisticated malware threats across the network.<br />It utilizes advanced detection and emu","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg"},"eventUrl":"","translationId":3457,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3589,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/large-logo-mcafee.png","logo":true,"scheme":false,"title":"McAfee MVISION EDR","vendorVerified":1,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-mvision-edr","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"<span style=\"font-weight: bold;\">Avoid the high-volume, fatigue-inducing approach of traditional EDR solutions!</span>\r\n<span style=\"font-weight: bold;\">McAfee MVISION Endpoint Detection and Response (EDR)</span> helps you get ahead of modern threats with AI-guided investigations that surface relevant risks and automate and remove the manual labor of gathering and analyzing evidence.\r\n<span style=\"font-weight: bold;\">Reduce alert noise</span>\r\nGain visibility into emerging threats with continuous monitoring of endpoint activity, detect suspicious behavior, make sense of high-value data, and understand context. Analysts can quickly prioritize threats for action and minimize disruption from threats.\r\n<span style=\"font-weight: bold;\">Do more with existing resources</span>\r\nSecurity expertise is in short supply. Guided investigation automatically asks and answers questions while gathering, summarizing, and visualizing evidence from multiple sources to mount a more resilient defense and minimize the impact of breaches. While analysts go through guided investigations, they are constantly learning and fine-tuning their skills, reducing the need for additional SOC resources.\r\n<span style=\"font-weight: bold;\">Low-maintenance cloud solution</span>\r\nCloud-based deployment and analytics lets your skilled analysts focus on strategic defense — freeing them from tedious tool maintenance and fire drills. Users can leverage their existing McAfee ePolicy Orchestrator (McAfee ePO) on-premises management platform or SaaS-based McAfee MVISION ePO to reduce infrastructure maintenance. Either way, you benefit from implementing the right solution for your organization.","shortDescription":"McAfee MVISION EDR - powerful threat detection, investigation, and response - simplified.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee MVISION EDR","keywords":"","description":"<span style=\"font-weight: bold;\">Avoid the high-volume, fatigue-inducing approach of traditional EDR solutions!</span>\r\n<span style=\"font-weight: bold;\">McAfee MVISION Endpoint Detection and Response (EDR)</span> helps you get ahead of modern threats with AI-g","og:title":"McAfee MVISION EDR","og:description":"<span style=\"font-weight: bold;\">Avoid the high-volume, fatigue-inducing approach of traditional EDR solutions!</span>\r\n<span style=\"font-weight: bold;\">McAfee MVISION Endpoint Detection and Response (EDR)</span> helps you get ahead of modern threats with AI-g","og:image":"https://old.roi4cio.com/fileadmin/user_upload/large-logo-mcafee.png"},"eventUrl":"","translationId":3590,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":107,"title":"Endpoint Detection and Response"}],"testingArea":"","categories":[{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":538,"logoURL":"https://old.roi4cio.com/fileadmin/content/csm_McAfee.png","logo":true,"scheme":false,"title":"McAfee Complete Endpoint Threat Protection","vendorVerified":1,"rating":"2.00","implementationsCount":3,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-complete-endpoint-threat-protection","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.</p>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.</p>","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Endpoint Threat Protection","keywords":"McAfee, Complete, defenses, your, Threat, Endpoint, Protection, zero-day","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:title":"McAfee Complete Endpoint Threat Protection","og:description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:image":"https://old.roi4cio.com/fileadmin/content/csm_McAfee.png"},"eventUrl":"","translationId":595,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3360,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_MVISION_Cloud.png","logo":true,"scheme":false,"title":"McAfee MVISION Cloud","vendorVerified":1,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-mvision-cloud","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"McAfee MVISION Cloud is a cloud access security broker (CASB) that protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It’s cloud-native data security.\r\n<span style=\"font-weight: bold;\">Detect</span>\r\nGain complete visibility into data, context, and user behavior across all cloud services, users, and devices.\r\n<span style=\"font-weight: bold;\">Protect</span>\r\nApply persistent protection to sensitive information wherever it goes inside or outside the cloud.\r\n<span style=\"font-weight: bold;\">Correct</span>\r\nTake real-time actions deep within cloud services to correct policy violations and stop security threats.\r\n\r\n<span style=\"font-weight: bold;\">Featured McAfee MVISION Cloud products</span>\r\n<ul> <li>McAfee MVISION Cloud for Office 365</li> <li>McAfee MVISION Cloud for AWS</li> <li>McAfee MVISION Cloud for Box</li> <li>McAfee MVISION Cloud for Salesforce</li> <li>McAfee MVISION Cloud for Azure</li> <li>McAfee MVISION Cloud for Shadow IT</li> </ul>","shortDescription":"McAfee MVISION Cloud is a cloud access security broker (CASB) that protects data where it lives today, with a solution that was built natively in the cloud, for the cloud.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee MVISION Cloud","keywords":"","description":"McAfee MVISION Cloud is a cloud access security broker (CASB) that protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It’s cloud-native data security.\r\n<span style=\"font-weight: bold;\">Detect</span>\r\nGain c","og:title":"McAfee MVISION Cloud","og:description":"McAfee MVISION Cloud is a cloud access security broker (CASB) that protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It’s cloud-native data security.\r\n<span style=\"font-weight: bold;\">Detect</span>\r\nGain c","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_MVISION_Cloud.png"},"eventUrl":"","translationId":3361,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":95,"title":"Cloud Access Security Broker (CASB)"}],"testingArea":"","categories":[{"id":832,"title":"CASB - Cloud Access Security Broker","alias":"casb-cloud-access-security-broker","description":"A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud-based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer a variety of services, including but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware.\r\nA CASB may deliver security, the management or both. Broadly speaking, "security" is the prevention of high-risk events, whilst "management" is the monitoring and mitigation of high-risk events.\r\nCASBs that deliver security must be in the path of data access, between the user and the cloud. Architecturally, this might be achieved with proxy agents on each end-point device, or in agentless fashion without requiring any configuration on each device. Agentless CASB allows for rapid deployment and delivers security on all devices, company-managed or unmanaged BYOD. Agentless CASB also respects user privacy, inspecting only corporate data. Agent-based CASB is difficult to deploy and effective only on devices that are managed by the corporation. Agent-based CASB typically inspects both corporate and personal data.\r\nCASBs that deliver management may use APIs to inspect data and activity in the cloud to alert of risky events after the fact. Another management capability of a CASB is to inspect firewall or proxy logs for the usage of cloud applications.","materialsDescription":"<span style=\"font-weight: bold;\">What is CASB?</span> A Cloud Access Security Broker (CASB) is a policy enforcement point that secures data & apps in the cloud and on any device, anywhere.\r\n<span style=\"font-weight: bold;\">What is the difference between security and management?</span> Security is preventing risky events from happening, management is cleaning up after high-risk events.\r\n<span style=\"font-weight: bold;\">What is Shadow IT?</span> Cloud applications used by business users without IT oversight, also known as unmanaged apps.\r\n<span style=\"font-weight: bold;\">What are managed apps?</span> Cloud Applications that are managed by IT, e.g.Office 365.\r\n<span style=\"font-weight: bold;\">What are the types of CASB?</span> Three types of Cloud Access Security Broker\r\n<ul><li>a) API-only CASB offer basic management</li><li>b) multi-mode first-gen CASB offer management & security</li><li>c) Next-Gen CASB deliver management, security & Zero-Day protection.</li></ul>\r\n<span style=\"font-weight: bold;\">What is a forward proxy?</span> A proxy where traffic must be forwarded by the end-point Such proxies requires agents and configuration on client devices.\r\n<span style=\"font-weight: bold;\">What is a reverse proxy?</span> A proxy where traffic is automatically routed, requiring no agent or configuration on the end-point.\r\n<span style=\"font-weight: bold;\">What is AJAX-VM?</span> Acronym for "Adaptive Javascript and XML- Virtual Machine." AJAX-VM virtualizes cloud apps on the fly so they can be proxied without agents. Reverse-proxy CASB are brittle without AJAX-VM and break frequently with app changes.\r\n<span style=\"font-weight: bold;\">What are the types of CASB architecture?</span> There are three types of CASB architecture: API-only, forward proxy, and reverse proxy. Some CASB are API-only, others API and forward proxy. Next-Gen CASBs offer all three with AJAX-VM.\r\n<span style=\"font-weight: bold;\">What is CASB encryption?</span> Encryption/decryption of data prior to upload/download to a cloud application.\r\n <span style=\"font-weight: bold;\">What is searchable encryption?</span> An encryption system that combines full encryption with a clear-text index to enable search and sort without compromising encryption strength.\r\n<span style=\"font-weight: bold;\">What is tokenization?</span> Obfuscation by encoding each input string as a unique output string.\r\n<span style=\"font-weight: bold;\">What is agentless MDM?</span> Mobile security for BYOD that does not require agents. Easy to deploy and has no access to personal data or apps, thereby preserving user privacy.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_CASB.png"},{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2084,"logoURL":"https://old.roi4cio.com/fileadmin/content/MCAfee_Email.jpg","logo":true,"scheme":false,"title":"McAfee Email Gateway","vendorVerified":1,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-email-gateway","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"McAfee Email Gateway consolidates inbound threat protection, outbound data loss prevention, encryption, advanced compliance, and administration into a single, easy-to-deploy and user-friendly appliance. As a comprehensive email security solution, Email Gateway can stand alone or work in tandem with McAfee SaaS Email Protection & Continuity. It eliminates ineffective piecemeal defenses, simplifies multivendor security environments, and reduces operating costs — while significantly strengthening email security. Email Gateway delivers:\r\n<span style=\"font-weight: bold;\">Total inbound protection</span> — Email Gateway provides the most complete protection available against inbound threats. Powerful antispam scanning technologies identify and block incoming spam with over 99% accuracy. And it protects your network from viruses, malware, phishing, directory harvest, denial of service (DoS), bounceback attacks, zero-hour threats, and spam surges.\r\n<span style=\"font-weight: bold;\">Total outbound protection</span> — Available at no extra charge are push, pull, and TLS encryption and built-in data loss prevention (DLP) capabilities that utilize the same text-matching dictionaries found in McAfee Data Loss Prevention. These DLP capabilities are fully administrable from the Email Gateway user interface or McAfee ePolicy Orchestrator (ePO). Using sophisticated content-scanning technologies, multiple encryption techniques, and granular, policy-based message handling, Email Gateway prevents outbound data loss and keeps sensitive data secure.\r\n<span style=\"font-weight: bold;\">Simple, powerful administration from within McAfee ePO</span> — With Email Gateway, administrators can deliver superior email protection and document it with customizable, enterprise-class reporting, exportable report logs, real-time dashboards, and alerts. Email Gateway combines performance, scalability, and stability with a flexible delivery model to ensure maximum ROI.\r\n<span style=\"font-weight: bold;\">A virtualized solution</span> — The Email Gateway appliance is also available as a virtual appliance, so you can reap the benefits of virtualization. With lower costs than a physical appliance, a virtual appliance also provides maximum flexibility, including the ability to consolidate solutions on a single server.\r\n<span style=\"font-weight: bold;\">Enhanced security powered by McAfee Global Threat Intelligence (GTI)</span> — McAfee GTI is a comprehensive cloud-based threat intelligence service. Integrated into McAfee security products, it works in real time, 24 hours a day, to protect customers against cyberthreats across all vectors — file, web, message, and network. McAfee GTI offers the broadest threat data, most robust data correlation, and most complete product integration in the industry. McAfee’s GTI network allows enabled products to evaluate threats on multiple vectors in real time, leading to faster identification of threats and higher capture rates. Email Gateway uses the message reputation service to identify email messages carrying malicious payloads.","shortDescription":"MEG consolidates inbound threat protection, outbound data loss prevention, encryption, advanced compliance, and administration into a single, easy-to-deploy and user-friendly appliance.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Email Gateway","keywords":"","description":"McAfee Email Gateway consolidates inbound threat protection, outbound data loss prevention, encryption, advanced compliance, and administration into a single, easy-to-deploy and user-friendly appliance. As a comprehensive email security solution, Email Gateway","og:title":"McAfee Email Gateway","og:description":"McAfee Email Gateway consolidates inbound threat protection, outbound data loss prevention, encryption, advanced compliance, and administration into a single, easy-to-deploy and user-friendly appliance. As a comprehensive email security solution, Email Gateway","og:image":"https://old.roi4cio.com/fileadmin/content/MCAfee_Email.jpg"},"eventUrl":"","translationId":2085,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":38,"title":"Secure E-mail Gateway"}],"testingArea":"","categories":[{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"},{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":832,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_Complete_EndPoint_Protection_-_Business__CEB_.png","logo":true,"scheme":false,"title":"McAfee Complete EndPoint Protection - Business (CEB)","vendorVerified":1,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-complete-endpoint-protection-business-ceb","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"Core endpoint protection\r\nMcAfee Complete Endpoint Threat Protection includes anti-malware, firewall, device control, and email and web security.\r\nPowered by machine learning\r\nWith integrated machine learning and dynamic application containment, detect zero-day threats in near real time, and classify and halt them before they can execute on your systems.\r\nActionable forensic data\r\nEasy-to-read reports help you make the move from responding to outbreaks to investigating and hardening your defenses.\r\nAn adaptable security framework\r\nMcAfee Complete Endpoint Threat Protection is built using an extensible framework, so you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.\r\n\r\nIntegrated, advanced threat defenses built with productivity in mind\r\nAutomate advanced threat defenses\r\nStay ahead of threats with reputation analysis and machine learning that evolves to pinpoint and streamline responses to zero-day threats by automatically stopping and containing greyware, ransomware, and other advanced threats.\r\nReduce security complexity\r\nEliminate multiple security management consoles and user interfaces. One console provides a single pane of glass to manage your environment so you can rapidly ramp up deployments and leverage cross-platform policies for Windows, Mac, and Linux environments.\r\nBuild a flexible and collaborative security framework\r\nEnsure your defenses work together to defeat threats and provide actionable threat forensics. Our purpose-built framework connects multiple defenses and allows for easy adoption of new advanced security technologies as the threat landscape changes.\r\n\r\nSystem requirements\r\nMcAfee Complete Endpoint Threat Protection is a suite that is supported on Windows, Mac, and Linux systems. For complete technical specifications for all of the products included in this suite, please review the minimum system requirements.","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate and contain zero-day threats and sophisticated attacks.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":16,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete EndPoint Protection - Business (CEB)","keywords":"security, threat, defenses, your, advanced, threats, McAfee, framework","description":"Core endpoint protection\r\nMcAfee Complete Endpoint Threat Protection includes anti-malware, firewall, device control, and email and web security.\r\nPowered by machine learning\r\nWith integrated machine learning and dynamic application containment, detect zero-da","og:title":"McAfee Complete EndPoint Protection - Business (CEB)","og:description":"Core endpoint protection\r\nMcAfee Complete Endpoint Threat Protection includes anti-malware, firewall, device control, and email and web security.\r\nPowered by machine learning\r\nWith integrated machine learning and dynamic application containment, detect zero-da","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_Complete_EndPoint_Protection_-_Business__CEB_.png"},"eventUrl":"","translationId":833,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":834,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_Endpoint_Protection_-_Advanced_Suite.jpg","logo":true,"scheme":false,"title":"McAfee Endpoint Protection — Advanced Suite","vendorVerified":1,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-endpoint-protection-advanced-suite","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"Обеспечение всесторонней защиты конечных точек\r\nВы сможете защитить от угроз системы, данные, электронную почту, веб-трафик и сети. Средства защиты от вредоносных программ в режиме реального времени позволяют блокировать вирусы, троянских коней, червей, рекламные, шпионские и другие потенциально нежелательные программы.\r\nОбеспечение безопасности и нормативно-правового соответствия систем\r\nИспользование централизованного механизма управления и аудита на основе политик позволяет повысить надежность защиты.\r\nОбеспечение комплексного контроля над устройствами\r\nМониторинг и ограничение копирования данных на съемные устройства и носители позволяет упреждать утечки данных и обеспечивать сохранность конфиденциальной информации.\r\nСкорость и легкость развертывания\r\nНаличие единой консоли централизованного управления позволяет устанавливать средства защиты за считанные минуты всего несколькими щелчками мышью, а также обеспечивать более подробный сбор информации о происходящем и более эффективный контроль над средствами защиты и мерами обеспечения нормативно-правового соответствия.\r\nОптимизация процессов управления защитой конечных точек\r\n\r\nБлокирование угроз «нулевого дня»\r\nИнтегрированная в данное решение технология McAfee Host Intrusion Prevention for Desktop обеспечивает защиту от новых уязвимостей и сокращает необходимость срочной установки исправлений.\r\nКонтроль за использованием сети Интернет\r\nАдминистраторы могут ограничивать доступ пользователей, находящихся в корпоративной сети и вне ее, к веб-сайтам неуместного содержания и запрещать запуск нежелательных программ на системах путем блокирования приложений.\r\nАвтоматизация выполнения требований политик\r\nMcAfee Policy Auditor позволяет интегрировать отчеты о соответствии требованиям стандартов HIPAA, PCI и других нормативно-правовых документов.\r\n\r\nТребования к системе\r\nКомплект McAfee Endpoint Protection — Advanced Suite поддерживается в операционных системах Windows и Mac.","shortDescription":"Комплексная система упреждающей защиты, позволяющая блокировать вредоносные программы и угрозы «нулевого дня»","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Protection — Advanced Suite","keywords":"защиты, McAfee, позволяет, сети, управления, Обеспечение, политик, точек","description":"Обеспечение всесторонней защиты конечных точек\r\nВы сможете защитить от угроз системы, данные, электронную почту, веб-трафик и сети. Средства защиты от вредоносных программ в режиме реального времени позволяют блокировать вирусы, троянских коней, червей, реклам","og:title":"McAfee Endpoint Protection — Advanced Suite","og:description":"Обеспечение всесторонней защиты конечных точек\r\nВы сможете защитить от угроз системы, данные, электронную почту, веб-трафик и сети. Средства защиты от вредоносных программ в режиме реального времени позволяют блокировать вирусы, троянских коней, червей, реклам","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_Endpoint_Protection_-_Advanced_Suite.jpg"},"eventUrl":"","translationId":7007,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3161,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg","logo":true,"scheme":false,"title":"McAfee Total Protection for Data Loss Prevention (DLP)","vendorVerified":1,"rating":"2.00","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-total-protection-dlja-data-loss-prevention-dlp","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives—on premises, in the cloud, or at the endpoints.\r\n<span style=\"font-weight: bold;\">Gain visibility</span>\r\nOur capture technology allows you to see how your data is being used and how it is leaking out.\r\n<span style=\"font-weight: bold;\">Quickly identify data</span>\r\nStronger data classification identifies and classifies data that is important to your specific organization.\r\n<span style=\"font-weight: bold;\">Ensure you remain compliant</span>\r\nPrioritize the remediation of critical compliance information and highly sensitive data over less critical data.\r\n<span style=\"font-weight: bold;\">Simplify deployment and management</span>\r\nMcAfee Total Protection for DLP is available through physical or virtual low-maintenance appliances, and uses McAfee ePolicy Orchestrator for streamlined deployment, management, updates, and reports.\r\n<span style=\"font-weight: bold;\">Easily synchronize on-prem and Cloud DLP policies</span>\r\nBy leveraging McAfee ePO, existing McAfee DLP customers can easily extend current enterprise DLP policies to the cloud. Connecting the two components can be as easy as one click and can be as fast as under a minute.\r\n<span style=\"font-weight: bold;\">Universal device-to-cloud data protection</span>\r\nAll McAfee DLP components leverage a common policy engine across endpoints, networks, and the cloud. There’s no need to recreate policies to protect the same piece of data in different environments, or to make the same change in more than one console.\r\n<span style=\"font-weight: bold;\">Centralized incident management and reporting</span>\r\nMcAfee offers users a single pane of glass experience when it comes to managing all DLP violations and reporting via McAfee ePO. There is no need to switch consoles to view incidents and generate reports regardless if the DLP violations are coming from corporate devices or cloud applications.","shortDescription":"McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Total Protection for Data Loss Prevention (DLP)","keywords":"","description":"McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives—on premises, in the cloud, or at the endpoints.\r\n<span style=\"font-weight: bold;\">Gain visibility</spa","og:title":"McAfee Total Protection for Data Loss Prevention (DLP)","og:description":"McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives—on premises, in the cloud, or at the endpoints.\r\n<span style=\"font-weight: bold;\">Gain visibility</spa","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg"},"eventUrl":"","translationId":3162,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":83,"title":"Data Loss Prevention"}],"testingArea":"","categories":[{"id":544,"title":"DLP - Appliance","alias":"dlp-appliance","description":"DLP (Data Loss Prevention) is a technology for preventing leakage of confidential information from an information system to the outside, as well as technical software and hardware devices for such prevention of leakage. According to most definitions, information leakage is the unauthorized distribution of restricted access data that is not controlled by the owner of this data. This implies that the person who committed the leak has the rights to access information.\r\nThe most effective way to ensure data security on corporate computers today is to use specialized data leakage prevention tools (Data Leak Prevention or DLP). DLP solutions are designed to eliminate the “human factor” and prevent misconduct by preventing (and fixing) data leaks from a computer for as many scripts as possible.\r\nEmail and webmail services, instant messaging services, social networks and forums, cloud file storages, FTP servers - all these benefits of the Internet can at any moment be a channel for leaking corporate information, disclosure of which may be undesirable or even dangerous for business.\r\nYou shouldn’t disregard traditional local channels - data storage devices (flash drives, disks, memory cards), printers and data transfer interfaces and synchronization with smartphones.\r\nAn effective DLP solution should control the widest possible range of network communications channels, local devices, and interfaces. At the same time, the effectiveness of a DLP solution is determined by the flexibility of the settings and the ability to ensure a successful combination of business interests and security.\r\nToday, DLP products are a rapidly growing information security industry, and new products are released very often. Installing a DLP system will allow you to distinguish confidential information from the usual, which in turn will reduce the cost of the entire complex for the protection of information and resources in general. No unimportant moment when choosing a DLP-system is its price, but Data Leak Prevention has a modularity that allows you to protect the channels you need and not pay extra for protecting unnecessary ones.","materialsDescription":"<span style=\"font-weight: bold;\">What Is Data Loss Prevention (DLP)?</span>\r\nData loss prevention, or DLP, is a set of technologies, products, and techniques that are designed to stop sensitive information from leaving an organization.\r\nData can end up in the wrong hands whether it’s sent through email or instant messaging, website forms, file transfers, or other means. DLP strategies must include solutions that monitor for, detect, and block the unauthorized flow of information.\r\n<span style=\"font-weight: bold;\">How does DLP work?</span>\r\nDLP technologies use rules to look for sensitive information that may be included in electronic communications or to detect abnormal data transfers. The goal is to stop information such as intellectual property, financial data, and employee or customer details from being sent, either accidentally or intentionally, outside the corporate network.\r\n<span style=\"font-weight: bold;\">Why do organizations need DLP solutions?</span>\r\nThe proliferation of business communications has given many more people access to corporate data. Some of these users can be negligent or malicious. The result: a multitude of insider threats that can expose confidential data with a single click. Many government and industry regulations have made DLP a requirement.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DLP_Appliance.png"},{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg","logo":true,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-advanced-threat-defense","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":73,"title":"Network Sandboxing"}],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":429,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_ePolicy_Orchestrator__McAfee_ePO_.jpg","logo":true,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks. \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_ePolicy_Orchestrator__McAfee_ePO_.jpg"},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":431,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_Web_Gateway.jpg","logo":true,"scheme":false,"title":"McAfee Web Gateway","vendorVerified":1,"rating":"2.70","implementationsCount":4,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-web-gateway","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can make other security tools more intelligent. None of this should disrupt the productivity of a large workforce.\r\n\r\nGateway technology for the world’s most demanding IT environments\r\n\r\nBest-in-class threat prevention\r\nProtect against highly sophisticated malware and targeted attacks that evade URL filtering and antivirus signatures. This secure web gateway provides industry-leading, proactive detection of zero-day malware with full coverage of web traffic, including SSL.\r\n\r\nThreat information sharing\r\nMcAfee Web Gateway is integrated with the Security Connected platform to enable more effective threat detection, reduce incident response times, and improve operational efficiency. Learn about key integration points, McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange.\r\n\r\nPowerful rules-based policy engine\r\nTake action on any element of the web request-response cycle, allowing limitless flexibility and web security crafted for your organization.","shortDescription":"McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine. McAfee Web Gateway is part of the McAfee Web Protection solution alongside McAfee Web Gateway Cloud Service, available together to provide optimal protection for users everywhere.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Web Gateway","keywords":"McAfee, threat, Threat, Gateway, malware, security, more, information","description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can","og:title":"McAfee Web Gateway","og:description":"Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee_Web_Gateway.jpg"},"eventUrl":"","translationId":432,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":79,"logoURL":"https://old.roi4cio.com/fileadmin/content/McAfee_Enterprise_Security_Manager.png","logo":true,"scheme":false,"title":"McAfee Enterprise Security Manager (SIEM)","vendorVerified":1,"rating":"2.80","implementationsCount":3,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-enterprise-security-manager","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Advanced threat intelligence</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Get actionable information on all collected events with contextual information, such as vendor threat feeds and shared indicators of compromise (IOC), to deliver prioritized, actionable information in minutes.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Critical facts in minutes, not hours</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for indications of advanced persistent threats (APTs) or IOC, and remediate a failed compliance audit.</p>\r\n<h3 style=\"margin: 0px 10px 5px 0px; padding: 0px; border: 0px; outline: 0px; font-weight: normal; font-family: intel_clear_wbold, Tahoma, Arial, Helvetica, sans-serif; font-size: 15px; line-height: 20px; color: #53565a;\">Optimize security management and operations</h3>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Centralize the view of your organization’s security posture, compliance status, and prioritized security issues that require investigation. Access hundreds of reports, views, rules, alerts, and dashboards.</p>","shortDescription":"McAfee Enterprise Security Manager delivers real-time visibility into all activity on systems, networks, databases, and applications","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Enterprise Security Manager (SIEM)","keywords":"compliance, information, security, McAfee, data, actionable, Security, Enterprise","description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px","og:title":"McAfee Enterprise Security Manager (SIEM)","og:description":"McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.\r\n<p style=\"margin: 0px 10px","og:image":"https://old.roi4cio.com/fileadmin/content/McAfee_Enterprise_Security_Manager.png"},"eventUrl":"","translationId":84,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":144,"title":"SIEM - Security information and event management"}],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg","logo":true,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"suppliersCount":0,"supplierPartnersCount":110,"alias":"mcafee-endpoint-security","companyTitle":"McAfee","companyTypes":["vendor"],"companyId":184,"companyAlias":"mcafee","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":36,"title":"Endpoint Security"}],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"suppliedProducts":[],"partnershipProgramme":{"levels":[{"id":433,"level":"Silver"},{"id":435,"level":"Gold"},{"id":437,"level":"Platinum"},{"id":439,"level":"Distributor"}],"partnerDiscounts":{"Silver":"","Gold":"","Platinum":"","Distributor":""},"registeredDiscounts":{"Silver":"","Gold":"","Platinum":"","Distributor":""},"additionalBenefits":[],"salesPlan":{"Silver":"","Gold":"","Platinum":"","Distributor":""},"additionalRequirements":[]}}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}
