{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"comparison":{"compare":{"en":"Compare","ru":"Сравнить","_type":"localeString"},"characteristics":{"en":"Characteristics","ru":"Характеристики","_type":"localeString"},"additional_template":{"en":"Additional characteristics","ru":"Дополнительные характеристики","_type":"localeString"},"nothing_to_show":{"_type":"localeString","en":"No data to compare","ru":"Нет данных для отображения"}},"header":{"help":{"en":"Help","de":"Hilfe","ru":"Помощь","_type":"localeString"},"how":{"en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString"},"login":{"ru":"Вход","_type":"localeString","en":"Log in","de":"Einloggen"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"ru":"FAQ","_type":"localeString","en":"FAQ","de":"FAQ"},"references":{"_type":"localeString","en":"Requests","de":"References","ru":"Мои запросы"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find-it-product":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"autoconfigurator":{"en":" Price calculator","ru":"Калькулятор цены","_type":"localeString"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"_type":"localeString","en":"ROI calculators","ru":"ROI калькуляторы"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"en":"Catalogs","ru":"Каталоги","_type":"localeString"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"categories":{"en":"Categories","ru":"Категории","_type":"localeString"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"en":"Blog","ru":"Блог","_type":"localeString"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"_type":"localeString","en":"My account","ru":"Мой кабинет"},"register":{"ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"_type":"localeString","en":"Enter your search term","ru":"Введите поисковый запрос"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"en":"Create an avatar for the event","_type":"localeString"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"en":"Find vendor and company-supplier","_type":"localeString"},"it_categories":{"en":"Explore IT products by category","_type":"localeString"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"de":"Über die Firma","ru":"О компании","_type":"localeString","en":"My Company"},"about":{"_type":"localeString","en":"About us","de":"Über uns","ru":"О нас"},"infocenter":{"de":"Infocenter","ru":"Инфоцентр","_type":"localeString","en":"Infocenter"},"tariffs":{"_type":"localeString","en":"Subscriptions","de":"Tarife","ru":"Тарифы"},"contact":{"de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString","en":"Contact us"},"marketplace":{"_type":"localeString","en":"Marketplace","de":"Marketplace","ru":"Marketplace"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"en":"Pick and compare","de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString"},"calculate":{"en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString"},"get_bonus":{"de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString"},"subscribe":{"de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"_type":"localeString","en":"Privacy Policy","ru":"Политика конфиденциальности"},"user_agreement":{"_type":"localeString","en":"Agreement","ru":"Пользовательское соглашение "},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"en":"Price calculator","ru":"Калькулятор цены","_type":"localeString"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"ru":"блог","_type":"localeString","en":"blog"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"en":"categories","ru":"категории","_type":"localeString"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"en":"This field is required","ru":"Это поле обязательное","_type":"localeString"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"en":"Subscribe","ru":"Подписаться","_type":"localeString"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"_type":"localeString","en":"Last, first name","ru":"Имя Фамилия"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString","en":"Subscription is unsuccessful. Please, try again later."},"roi4presenter":{"ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter","de":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"_type":"localeString","en":"Home","ru":"Главная"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"en":"Leave comment","ru":"Оставить комментарий","_type":"localeString"},"firstname":{"_type":"localeString","en":"First name","ru":"Имя"},"lastname":{"_type":"localeString","en":"Last name","ru":"Фамилия"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"en":"Received ROI","ru":"Полученный ROI","_type":"localeString"},"saving-type":{"_type":"localeString","en":"Saving type","ru":"Тип экономии"},"comment":{"ru":"Комментарий","_type":"localeString","en":"Comment"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"en":"I agree","ru":"Я согласен","_type":"localeString"},"terms-of-use":{"en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString"},"send":{"en":"Send","ru":"Отправить","_type":"localeString"},"required-message":{"en":"{NAME} is required filed","ru":"{NAME} - это обязательное поле","_type":"localeString"}},"maintenance":{"title":{"_type":"localeString","en":"Site under maintenance","ru":"На сайте проводятся технические работы"},"message":{"ru":"Спасибо за ваше понимание","_type":"localeString","en":"Thank you for your understanding"}}},"translationsStatus":{"comparison":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"comparison":{"title":{"en":"Compare products","ru":"Сравнить продукты","_type":"localeString"}}},"pageMetaDataStatus":{"comparison":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{"73":{"id":73,"title":"Network Sandboxing","characteristics":[{"id":1112,"title":"Web traffic scan","required":0,"type":"binary"},{"id":1114,"title":"Email scan","required":0,"type":"select"},{"id":1116,"title":"Endpoint protection","required":0,"type":"binary"},{"id":1118,"title":"Mobile protection","required":0,"type":"binary"},{"id":1120,"title":"Malware Detection in files","required":0,"type":"binary"},{"id":1122,"title":"Encrypted traffic scan","required":0,"type":"select"},{"id":1124,"title":"Network shares scan","required":0,"type":"binary"},{"id":1126,"title":"YARA files scanning","required":0,"type":"binary"},{"id":1128,"title":"YARA implementation by customer","required":0,"type":"binary"},{"id":1130,"title":"Malware blocking by protocols","required":0,"type":"binary"},{"id":1132,"title":"CPU-level detection","required":0,"type":"binary"},{"id":1134,"title":"OS kernel level detection","required":0,"type":"binary"},{"id":1136,"title":"Malware Samples","required":0,"type":"binary"},{"id":1138,"title":"Zero-day threats protection","required":0,"type":"binary"},{"id":1140,"title":"Detecting C&C server","required":0,"type":"binary"},{"id":1142,"title":"Hardware Applience","required":0,"type":"binary"},{"id":1144,"title":"Working in in-band/out-of-band modes","required":0,"type":"binary"},{"id":1146,"title":"Cloud","required":0,"type":"binary"},{"id":1148,"title":"Threat Intelligence Feeds","required":0,"type":"binary"},{"id":1150,"title":"SIEM Integration","required":0,"type":"binary"},{"id":1151,"title":"Vulnerability manager","required":0,"type":"binary"},{"id":1154,"title":"Uploading \"Golden Image\"","required":0,"type":"binary"},{"id":1156,"title":"Using Multiple OSes","required":0,"type":"binary"},{"id":1158,"title":"Multiple Versions of Sandbox App","required":0,"type":"binary"},{"id":1160,"title":"Payload detonation","required":0,"type":"binary"},{"id":1162,"title":"Auto-uploading files","required":0,"type":"binary"},{"id":1164,"title":"URL analysis","required":0,"type":"binary"},{"id":1166,"title":"Analyst console","required":0,"type":"binary"},{"id":1168,"title":"Security Reports","required":0,"type":"multiselect"},{"id":1170,"title":"Alerts via Email","required":0,"type":"binary"},{"id":1172,"title":"Central Policy Management for Data Protection","required":0,"type":"binary"},{"id":1174,"title":"Forensic analysis of data history","required":0,"type":"binary"},{"id":1176,"title":"Automated remediation capabilities","required":0,"type":"binary"},{"id":1178,"title":"Auto Update of Signatures","required":0,"type":"binary"},{"id":1180,"title":"Trial","required":0,"type":"select"}]}},"comparisonByTemplateId":{},"products":[{"id":2170,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Big_Switch_Networks__logo_.png","logo":true,"scheme":false,"title":"Big Switch Networks Big Monitoring Fabric","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"big-switch-networks-big-monitoring-fabric","companyTypes":[],"description":"<p>Big Monitoring Fabric enables end-to-end visibility and security for applications, based on their networking behaviors, for both on-premises and public cloud deployments.</p>\r\n<p>Big Monitoring Fabric enables pervasive security and monitoring of network traffic for an organization and selectively delivers it to multiple security, monitoring, performance measurement and compliance tools&mdash;both Inline and Out-of-Band. Leveraging an Open Ethernet switch fabric and an SDN Big Tap Controller, Big Monitoring Fabric is a highly scalable and cost-effective network visibility solution. Using an SDN-centric architecture, Big Tap enables tapping traffic everywhere in the network and delivers it to any troubleshooting, network monitoring, application performance monitoring or security tools.</p>\r\n<p>The centralized Big Tap Controller software compiles user-defined policies into highly optimized flows that are programmed into the forwarding ASICs of bare metal Ethernet switches running production grade Switch Light Operating System.</p>\r\n<p>There are two versions of the product:<span style=\"font-weight: bold;\">Big Mon Fabric &mdash; Public Cloud</span> and <span style=\"font-weight: bold;\">Enterprise Cloud</span> &mdash; leverage the same technologies. These technologies offer best-in-class economics for any monitoring infrastructure today.</p>","shortDescription":"Big Monitoring Fabric enables end-to-end visibility and security for applications, based on their networking behaviors, for both on-premises and public cloud deployments.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":8,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Big Switch Networks Big Monitoring Fabric","keywords":"","description":"<p>Big Monitoring Fabric enables end-to-end visibility and security for applications, based on their networking behaviors, for both on-premises and public cloud deployments.</p>\r\n<p>Big Monitoring Fabric enables pervasive security and monitoring of network tra","og:title":"Big Switch Networks Big Monitoring Fabric","og:description":"<p>Big Monitoring Fabric enables end-to-end visibility and security for applications, based on their networking behaviors, for both on-premises and public cloud deployments.</p>\r\n<p>Big Monitoring Fabric enables pervasive security and monitoring of network tra","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Big_Switch_Networks__logo_.png"},"eventUrl":"","translationId":2171,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4883,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4884,"characteristicId":1114,"templateId":73,"value":"N/A"},"1116":{"id":4885,"characteristicId":1116,"templateId":73,"value":"N/A"},"1118":{"id":4886,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4887,"characteristicId":1120,"templateId":73,"value":"N/A"},"1122":{"id":4888,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4889,"characteristicId":1124,"templateId":73,"value":"N/A"},"1126":{"id":4890,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4891,"characteristicId":1128,"templateId":73,"value":"N/A"},"1130":{"id":4892,"characteristicId":1130,"templateId":73,"value":"N/A"},"1132":{"id":4893,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4894,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4895,"characteristicId":1136,"templateId":73,"value":"N/A"},"1138":{"id":4896,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4898,"characteristicId":1140,"templateId":73,"value":"N/A"},"1142":{"id":4899,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4900,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4901,"characteristicId":1146,"templateId":73,"value":"N/A"},"1148":{"id":4902,"characteristicId":1148,"templateId":73,"value":"N/A"},"1150":{"id":4903,"characteristicId":1150,"templateId":73,"value":"N/A"},"1151":{"id":4904,"characteristicId":1151,"templateId":73,"value":"N/A"},"1154":{"id":4905,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4906,"characteristicId":1156,"templateId":73,"value":"N/A"},"1158":{"id":4907,"characteristicId":1158,"templateId":73,"value":"N/A"},"1160":{"id":4908,"characteristicId":1160,"templateId":73,"value":"N/A"},"1162":{"id":4909,"characteristicId":1162,"templateId":73,"value":"N/A"},"1164":{"id":4910,"characteristicId":1164,"templateId":73,"value":"N/A"},"1166":{"id":4911,"characteristicId":1166,"templateId":73,"value":"N/A"},"1168":{"id":4912,"characteristicId":1168,"templateId":73,"value":"N/A"},"1170":{"id":4913,"characteristicId":1170,"templateId":73,"value":"N/A"},"1172":{"id":4914,"characteristicId":1172,"templateId":73,"value":"N/A"},"1174":{"id":4915,"characteristicId":1174,"templateId":73,"value":"N/A"},"1176":{"id":4916,"characteristicId":1176,"templateId":73,"value":"N/A"},"1178":{"id":4917,"characteristicId":1178,"templateId":73,"value":"N/A"},"1180":{"id":4918,"characteristicId":1180,"templateId":73,"value":"N/A"}}}},{"id":2164,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Blue_Coat__logo_.jpg","logo":true,"scheme":false,"title":"Blue Coat Systems Advanced Threat Protection","vendorVerified":0,"rating":"1.40","implementationsCount":0,"suppliersCount":0,"alias":"blue-coat-systems-advanced-threat-protection","companyTypes":[],"description":"<p>The Blue Coat Advanced Threat Protection solution integrates technologies from the Blue Coat Security and Policy Enforcement Center and the Resolution Center. It delivers a comprehensive, integrated and modern approach to advanced persistent threats, advanced targeted attacks, advanced malware, unknown malware and zero-day threats through its Advanced Threat Protection Lifecycle Defense.</p>\r\n<p>This defense is the first to integrate a business process view that aligns with how your security team operationalizes new intelligence and technologies to fortify your security infrastructure against future attacks.</p>\r\n<p>The Blue Coat Advanced Threat Protection Lifecycle Defense operates in three stages:</p>\r\n<p><span style=\"font-weight: bold;\">Detect and Protect for Ongoing Security Operations:</span> The Blue Coat Secure Web Gateway and Blue Coat Content Analysis System with malware scanning engines, protect in real-time against known threats, malicious sources, and malware delivery networks. Contextual information about new threats is shared locally and globally via the Blue Coat global intelligence network in a continuous feedback loop that extends threat knowledge and protection effectiveness.</p>\r\n<p><span style=\"font-weight: bold;\">Analyze and Mitigate for Incident Containment:</span> Unknown threats are escalated for incident containment using the Blue Coat Content Analysis System and Security Analytics Platform, which both use the Blue Coat Malware Analysis Appliance. As the behaviors and characteristics of unknown or advanced malware and zero-day threats are learned through automated analysis, that intelligence is shared across the security infrastructure, shifting protection to the gateway for a more scalable defense.</p>\r\n<p><span style=\"font-weight: bold;\">Investigate and Remediate for Incident Resolution:</span> The Security Analytics Platform allows security incident escalation for retrospective analysis to enable threat profiling and incident resolution. Intelligence of the now-known threat is used to investigate and remediate the full scope of the attack, including other instances of the threat already on the network. The intelligence on the full scope of the attack is shared locally across the security infrastructure as well as globally across Blue Coat&rsquo;s 15,000 customers and 75 million users to operationalize the new knowledge and fortify the security infrastructure.</p>\r\n<p>The Blue Coat Advanced Threat Protection solution is designed to integrate into your existing security infrastructure, including your IPS, NGFW, SIEM and malware sandbox solutions, allowing you to deploy a defense-in-depth approach that shares information to increase protection.</p>","shortDescription":"Blue Coat Advanced Threat Protection safeguards your organization from advanced persistent threats, detects sophisticated malware, and automates the containment and resolution of occured incidents.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Blue Coat Systems Advanced Threat Protection","keywords":"","description":"<p>The Blue Coat Advanced Threat Protection solution integrates technologies from the Blue Coat Security and Policy Enforcement Center and the Resolution Center. It delivers a comprehensive, integrated and modern approach to advanced persistent threats, advanc","og:title":"Blue Coat Systems Advanced Threat Protection","og:description":"<p>The Blue Coat Advanced Threat Protection solution integrates technologies from the Blue Coat Security and Policy Enforcement Center and the Resolution Center. It delivers a comprehensive, integrated and modern approach to advanced persistent threats, advanc","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Blue_Coat__logo_.jpg"},"eventUrl":"","translationId":2165,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4775,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4776,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4777,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4778,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4779,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4780,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4781,"characteristicId":1124,"templateId":73,"value":"N/A"},"1126":{"id":4782,"characteristicId":1126,"templateId":73,"value":true},"1128":{"id":4783,"characteristicId":1128,"templateId":73,"value":true},"1130":{"id":4784,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4785,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4786,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4787,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4788,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4790,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4791,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4792,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4793,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4794,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4795,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4796,"characteristicId":1151,"templateId":73,"value":true},"1154":{"id":4797,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4798,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4799,"characteristicId":1158,"templateId":73,"value":true},"1160":{"id":4800,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4801,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4802,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4803,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4804,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4805,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4806,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4807,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4808,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4809,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4810,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":2156,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Check_Point_Sandblast.png","logo":true,"scheme":false,"title":"Check Point SandBlast","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"check-point-sandblast","companyTypes":[],"description":"<p>Check Point SandBlast Agent provides purpose-built advanced Zero-Day Protection capabilities to protect web browsers and endpoints, leveraging Check Point&rsquo;s industry leading network protections.SandBlast Agent ensures complete real-time coverage across threat vectors, letting your employees work safely no matter where they are without compromising on productivity. Threat Emulation capability emulates unknown files in contained environment to detect malicious behaviors and prevent infections while Threat Extraction provides sanitized risk-free files to the users instantly.</p>\r\n<p>Anti-Ransomware protection stops ransomware in its tracks and reverses the damage automatically, ensures organizations are protected against malicious extortion attacks that encrypt business data and demand ransom payment for its retrieval. Zero Phishing proactively blocks access to new and unknown deceptive websites and safeguards user credentials by preventing the use of corporate passwords on external websites.</p>\r\n<p>SandBlast Agent captures forensics data with continuous collection of all relevant system events, and then provides actionable incident analysis to quickly understand complete attack lifecycle. With visibility into the scope, damage, and attack vectors, incident response teams maximize productivity and minimize organizational exposure.</p>\r\n<p><span style=\"font-weight: bold;\">Features:</span></p>\r\n<ul>\r\n<li><span style=\"font-weight: bold;\">Threat Emulation:</span> Evasion resistant sandbox technology</li>\r\n<li><span style=\"font-weight: bold;\">Threat Extraction:</span> Delivers sanitized risk-free files to users in real-time</li>\r\n<li><span style=\"font-weight: bold;\">Anti-ransomware:</span> Prevents and remediates evasive ransomware attacks</li>\r\n<li><span style=\"font-weight: bold;\">Zero-Phishing:</span> Blocks deceptive phishing sites and alerts on password reuse</li>\r\n<li><span style=\"font-weight: bold;\">Anti-Bot:</span> Identify and isolate infected hosts</li>\r\n<li><span style=\"font-weight: bold;\">Anti-Exploit:</span> Protects applications against exploit based attacks</li>\r\n<li><span style=\"font-weight: bold;\">Behavioral Guard:</span> Detects and blocks malicious behaviors</li>\r\n<li><span style=\"font-weight: bold;\">Endpoint Antivirus:</span> Protects against known malware</li>\r\n<li><span style=\"font-weight: bold;\">Forensics:</span> Records and analyzes all endpoint events to provide actionable attack forensics reports</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Benefits:</span></p>\r\n<ul>\r\n<li>Advanced threat protection and automated endpoint forensic analysis for all malware types</li>\r\n<li>Prevents and remediates evasive ransomware attacks</li>\r\n<li>Proactively blocks known, unknown and zero-day malware</li>\r\n<li>Provides instant actionable understanding of attacks</li>\r\n<li>Automatically remediates infections</li>\r\n<li>Protects users credentials</li>\r\n</ul>","shortDescription":"SandBlast protects users from advanced malware, phishing and zero-day attacks by performing real-time analysis.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Check Point SandBlast","keywords":"","description":"<p>Check Point SandBlast Agent provides purpose-built advanced Zero-Day Protection capabilities to protect web browsers and endpoints, leveraging Check Point&rsquo;s industry leading network protections.SandBlast Agent ensures complete real-time coverage acros","og:title":"Check Point SandBlast","og:description":"<p>Check Point SandBlast Agent provides purpose-built advanced Zero-Day Protection capabilities to protect web browsers and endpoints, leveraging Check Point&rsquo;s industry leading network protections.SandBlast Agent ensures complete real-time coverage acros","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Check_Point_Sandblast.png"},"eventUrl":"","translationId":2157,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4524,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4525,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4526,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4527,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4528,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4529,"characteristicId":1122,"templateId":73,"value":"Yes"},"1124":{"id":4530,"characteristicId":1124,"templateId":73,"value":true},"1126":{"id":4531,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4532,"characteristicId":1128,"templateId":73,"value":"N/A"},"1130":{"id":4533,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4534,"characteristicId":1132,"templateId":73,"value":true},"1134":{"id":4535,"characteristicId":1134,"templateId":73,"value":true},"1136":{"id":4536,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4537,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4539,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4540,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4541,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4542,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4543,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4544,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4545,"characteristicId":1151,"templateId":73,"value":"N/A"},"1154":{"id":4546,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4547,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4548,"characteristicId":1158,"templateId":73,"value":"N/A"},"1160":{"id":4549,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4550,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4551,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4552,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4553,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4554,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4555,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4556,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4557,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4558,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4559,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":2162,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Cisco_AMP_for_Endpoints.png","logo":true,"scheme":false,"title":"Cisco Advanced Malware Protection (Cisco AMP for Endpoints)","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"cisco-advanced-malware-protection","companyTypes":[],"description":"Cisco Advanced Malware Protection (AMP) - a system that protects your business before, during and after an attack, making it the most robust form of malware protection available. Cisco AMP employs global threat intelligence to fortify your network’s defenses before an infiltration even occurs. During a network breach, it identifies and blocks the attack using a powerful combination of intelligence, file signatures and advanced malware analysis. After an attacker infiltrates your network, Cisco AMP arms your security team with a clear view of the malware’s origin, its method and point of entry, where it’s been, and its current trajectory. This combination of point-in-time and retrospective security make it possible to discover, confine, and dissolve the threat fast enough to protect your business from irreversible damage.\r\nUsing Cisco AMP gives your business access to a wide selection of security features, including:\r\n<ul> <li>Filtering out policy-violating files from the Internet, e-mails, and more.</li> <li>Detecting and protecting against client-side exploit attempts and exploit attempts aimed at client applications like Java and Flash.</li> <li>Recognizing, blocking, and analyzing malicious files.</li> <li>Identifying malware patterns and anticipating potentially breached devices.</li> <li>Tracking malware’s spread and communications.</li> <li>Alleviating threats of reinfection.</li> </ul>","shortDescription":"Cisco Advanced Malware Protection - a system that protects your business before, during and after an attack, making it the most robust form of malware protection available.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cisco Advanced Malware Protection (Cisco AMP for Endpoints)","keywords":"","description":"Cisco Advanced Malware Protection (AMP) - a system that protects your business before, during and after an attack, making it the most robust form of malware protection available. Cisco AMP employs global threat intelligence to fortify your network’s defenses b","og:title":"Cisco Advanced Malware Protection (Cisco AMP for Endpoints)","og:description":"Cisco Advanced Malware Protection (AMP) - a system that protects your business before, during and after an attack, making it the most robust form of malware protection available. Cisco AMP employs global threat intelligence to fortify your network’s defenses b","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Cisco_AMP_for_Endpoints.png"},"eventUrl":"","translationId":2163,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time."},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices&nbsp; </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4632,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4633,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4634,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4635,"characteristicId":1118,"templateId":73,"value":true},"1120":{"id":4636,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4637,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4638,"characteristicId":1124,"templateId":73,"value":true},"1126":{"id":4639,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4640,"characteristicId":1128,"templateId":73,"value":"N/A"},"1130":{"id":4641,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4642,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4643,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4644,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4645,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4647,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4648,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4649,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4650,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4651,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4652,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4653,"characteristicId":1151,"templateId":73,"value":true},"1154":{"id":4654,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4655,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4656,"characteristicId":1158,"templateId":73,"value":"N/A"},"1160":{"id":4657,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4658,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4659,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4660,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4661,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4662,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4663,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4664,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4665,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4666,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4667,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":2166,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Digital_Guardian_Advanced_Threat_Protection.jpg","logo":true,"scheme":false,"title":"Digital Guardian Advanced Threat Protection","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"digital-guardian-advanced-threat-protection","companyTypes":[],"description":"Digital Guardian for Advanced Threat Protection is uniquely focused on understanding and preventing threats targeting your data and placing your systems at risk. It takes a data-centric approach to advanced threat detection, incident response and prevention that ensures security travels with the data. Adding DG for Advanced Threat Protection gives you the only security solution that protects sensitive data regardless of the source of attack.\r\n<span style=\"font-weight: bold;\">CAPABILITIES:</span>\r\n<span style=\"font-weight: bold;\">Protect the data, regardless of the attack vector</span>\r\n<ul> <li>Detect in real-time behaviors indicative of attacks targeting your systems, users and data via Digital Guardian’s attack sequencing approach.</li> <li>Set rules to alert the user to the presence of an attack (via prompts) stop the attack in progress; notify IT in near real time and initiate collection of artifacts for forensic validation.</li> </ul>\r\n<span style=\"font-weight: bold;\">Cut analyst workload, improve workflow, increase incident handling capacity</span>\r\n<ul> <li>Expedite delivery of critical alerts to speed response time and containment.</li> <li>View correlated events and individual alerts for visibility of an attack or malicious activity by highlighting the individual rules which triggered the correlated event.</li> <li>Automate collection of artifacts to reduce response time and enhance the ability to stop an attack in progress.</li> <li>See all systems that are at risk or infected by using Digital Guardian’s automated binary analysis to track any file determined to be malicious or suspicious.</li> </ul>\r\n<span style=\"font-weight: bold;\">Maxmize the return on your security investments</span>\r\n<ul> <li>Protect your endpoints from threats discovered at the network layer using DG’s integration with existing malware protection systems (FireEye and Palo Alto).</li> <li>Download threat information from third party threat feed sources you define, directly to the DG agent to block agent execution within minutes of identification of known threats.</li> <li>Use network security infrastructure to gather and submit suspicious files for detonation before they execute.</li> <li>Get additional analysis and guidance on what action to take as a result of direct integration with VirusTotal. For example, automate the submission of a file hash for immediate analysis or industry reputation and if deemed to be a threat, all endpoints can be informed of the threat and set to block and alert should the threat be seen by any system whether on or off your network.</li> </ul>\r\n<span style=\"font-weight: bold;\">BENEFITS:</span>\r\n<ol> <li><span style=\"font-weight: bold;\">Real-time visibility.</span> To avoid the risk of missing critical artifacts and to maintain a full narrative of an attack you need real-time visibility. Digital Guardian includes real-time and historic visibility into more than 200+ parameters associated with system activities. This includes: process activity, user-mode and kernel execution events, file system activity, network and registry activity, and user-logon activity. Deep visibility ensures you have all the critical information needed to identify patient zero and drastically reduce your overall response time while validating the impact the attack had on your data.</li> <li><span style=\"font-weight: bold;\">Context.</span> Security teams today are overwhelmed with alerts from ineffective products that lack any context or prioritization of attacks; so they end up missing the real threats targeting their data. Digital Guardian provides host visibility as well as contextual intelligence about attacks targeting your data. Our solution gives you the context required to prioritize your response and answer the crucial who, what, why, and how questions.</li> <li><span style=\"font-weight: bold;\">Data awareness.</span> Advanced threats are intent on compromising your systems in order to gain access to your data. To protect your most critical data you must first understand it. New advanced threat protection products have no concept of data and traditional DLP products lack the understanding of threats. Digital Guardian is the first product to bridge the gap between system security and data protection by delivering a single solution combining threat prevention with context based data protection from a single agent.</li> <li><span style=\"font-weight: bold;\">Flexible deployment.</span> Only Digital Guardian offers complete data protection through an on premise, cloud-based managed service, or a hybrid of both. Our cloud-based managed services are the answer if you have more IP than IT. As an extension of your team, we’ll expertly develop, deploy, and manage all of your policies enterprise-wide as if they were our own.</li> </ol>","shortDescription":"Digital Guardian for Advanced Threat Protection is uniquely focused on understanding and preventing threats targeting your data and placing your systems at risk.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":16,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Digital Guardian Advanced Threat Protection","keywords":"","description":"Digital Guardian for Advanced Threat Protection is uniquely focused on understanding and preventing threats targeting your data and placing your systems at risk. It takes a data-centric approach to advanced threat detection, incident response and prevention th","og:title":"Digital Guardian Advanced Threat Protection","og:description":"Digital Guardian for Advanced Threat Protection is uniquely focused on understanding and preventing threats targeting your data and placing your systems at risk. It takes a data-centric approach to advanced threat detection, incident response and prevention th","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Digital_Guardian_Advanced_Threat_Protection.jpg"},"eventUrl":"","translationId":2167,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."},{"id":824,"title":"ATP - Advanced Threat Protection","alias":"atp-advanced-threat-protection","description":" Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.\r\nThe primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.\r\nAdvanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.\r\nEnterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.","materialsDescription":" <span style=\"font-weight: bold;\">How Advanced Threat Protection Works?</span>\r\nThere are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:\r\n<ul><li><span style=\"font-weight: bold;\">Real-time visibility</span> – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.</li><li><span style=\"font-weight: bold;\">Context</span> – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.</li><li><span style=\"font-weight: bold;\">Data awareness</span> – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.</li></ul>\r\nWhen a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:\r\n<ul><li>Halting attacks in progress or mitigating threats before they breach systems</li><li>Disrupting activity in progress or countering actions that have already occurred as a result of a breach</li><li>Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed</li></ul>"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4811,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4812,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4813,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4814,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4815,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4816,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4817,"characteristicId":1124,"templateId":73,"value":"N/A"},"1126":{"id":4818,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4819,"characteristicId":1128,"templateId":73,"value":"N/A"},"1130":{"id":4820,"characteristicId":1130,"templateId":73,"value":"N/A"},"1132":{"id":4821,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4822,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4823,"characteristicId":1136,"templateId":73,"value":"N/A"},"1138":{"id":4824,"characteristicId":1138,"templateId":73,"value":"N/A"},"1140":{"id":4826,"characteristicId":1140,"templateId":73,"value":"N/A"},"1142":{"id":4827,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4828,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4829,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4830,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4831,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4832,"characteristicId":1151,"templateId":73,"value":"N/A"},"1154":{"id":4833,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4834,"characteristicId":1156,"templateId":73,"value":"N/A"},"1158":{"id":4835,"characteristicId":1158,"templateId":73,"value":"N/A"},"1160":{"id":4836,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4837,"characteristicId":1162,"templateId":73,"value":"N/A"},"1164":{"id":4838,"characteristicId":1164,"templateId":73,"value":"N/A"},"1166":{"id":4839,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4840,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4841,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4842,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4843,"characteristicId":1174,"templateId":73,"value":"N/A"},"1176":{"id":4844,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4845,"characteristicId":1178,"templateId":73,"value":"N/A"},"1180":{"id":4846,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":2172,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Malware_Analysis.png","logo":true,"scheme":false,"title":"FireEye Malware Analysis (AX)","vendorVerified":0,"rating":"1.40","implementationsCount":0,"suppliersCount":0,"alias":"fireeye-malware-analysis-ax","companyTypes":[],"description":"<p>FireEye Malware Analysis is a forensic analysis solution that gives security analysts hands-on control over powerful auto-configured test environments to safely execute and inspect advanced malware, zero-day and advanced persistent threat (APT) attacks embedded in web pages, email attachments and files.</p>\r\n<p>As cyber criminals tailor attacks to penetrate a specific business, user account or system, analysts need easy-to-use forensic tools that help them rapidly address targeted malicious activities.</p>\r\n<p><span style=\"font-weight: bold;\">HIGHLIGHTS:</span></p>\r\n<ul>\r\n<li>Performs deep forensic analysis through the full attack life cycle, using the FireEye MVX engine</li>\r\n<li>Streamlines and batches analysis of suspicious web code, executables and files</li>\r\n<li>Reports in-depth on system-level OS and application changes to file systems, memory and registries</li>\r\n<li>Offers live-mode or sandbox analysis to confirm zero-day exploits</li>\r\n<li>Dynamically generates threat intelligence for immediate local protection via integration with FireEye Central Management</li>\r\n<li>Captures packets to allow analysis of malicious URL session and code execution</li>\r\n<li>Includes the FireEye AV-Suite to streamline incident response prioritization</li>\r\n<li>Includes support for Windows and MacOS X environments</li>\r\n</ul>","shortDescription":"Malware Analysis provides a secure environment to test, replay, characterize, and document advanced malicious activities.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":19,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"FireEye Malware Analysis (AX)","keywords":"","description":"<p>FireEye Malware Analysis is a forensic analysis solution that gives security analysts hands-on control over powerful auto-configured test environments to safely execute and inspect advanced malware, zero-day and advanced persistent threat (APT) attacks embe","og:title":"FireEye Malware Analysis (AX)","og:description":"<p>FireEye Malware Analysis is a forensic analysis solution that gives security analysts hands-on control over powerful auto-configured test environments to safely execute and inspect advanced malware, zero-day and advanced persistent threat (APT) attacks embe","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Malware_Analysis.png"},"eventUrl":"","translationId":2173,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4704,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4705,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4706,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4707,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4708,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4709,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4710,"characteristicId":1124,"templateId":73,"value":"N/A"},"1126":{"id":4711,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4712,"characteristicId":1128,"templateId":73,"value":true},"1130":{"id":4713,"characteristicId":1130,"templateId":73,"value":"N/A"},"1132":{"id":4714,"characteristicId":1132,"templateId":73,"value":true},"1134":{"id":4715,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4716,"characteristicId":1136,"templateId":73,"value":"N/A"},"1138":{"id":4717,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4719,"characteristicId":1140,"templateId":73,"value":"N/A"},"1142":{"id":4720,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4721,"characteristicId":1144,"templateId":73,"value":"N/A"},"1146":{"id":4722,"characteristicId":1146,"templateId":73,"value":"N/A"},"1148":{"id":4723,"characteristicId":1148,"templateId":73,"value":"N/A"},"1150":{"id":4724,"characteristicId":1150,"templateId":73,"value":"N/A"},"1151":{"id":4725,"characteristicId":1151,"templateId":73,"value":"N/A"},"1154":{"id":4726,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4727,"characteristicId":1156,"templateId":73,"value":"N/A"},"1158":{"id":4728,"characteristicId":1158,"templateId":73,"value":"N/A"},"1160":{"id":4729,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4730,"characteristicId":1162,"templateId":73,"value":"N/A"},"1164":{"id":4731,"characteristicId":1164,"templateId":73,"value":"N/A"},"1166":{"id":4732,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4733,"characteristicId":1168,"templateId":73,"value":"N/A"},"1170":{"id":4734,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4735,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4736,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4737,"characteristicId":1176,"templateId":73,"value":"N/A"},"1178":{"id":4738,"characteristicId":1178,"templateId":73,"value":"N/A"},"1180":{"id":4739,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":1719,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/FireEye_NX.png","logo":true,"schemeURL":"https://old.roi4cio.com/fileadmin/user_upload/FireEyeNX.JPG","scheme":true,"title":"FireEye Network Security (NX)","vendorVerified":0,"rating":"1.40","implementationsCount":1,"suppliersCount":0,"alias":"fireeye-nx","companyTypes":[],"description":"\r\nBy leveraging FireEye’s unique technologies and threat intelligence, FireEye Network Security detects what other security solutions miss, providing holistic security from the perimeter to the network core.\r\n\r\nIdeal for next-generation networks that need flexible and scalable deployment options, FireEye Network Security offerings provide strong security for a myriad of environments and customer needs.\r\n\r\nFireEye Network Security is designed for high-performance, pervasive and consistent protection against threats across your organization with integrated security workflow and actionable contextual intelligence. It enables you to:\r\n\r\n<ul> <li>Accurately detect and immediately stop attacks that evade other security devices, including file-based sandboxes</li> <li>Understand and prioritize critical alerts with reliable execution evidence and contextual insights</li> <li>Proactively defend and investigate threats with tactical intelligence from FireEye or a third party using the Structured Threat Information eXpression (STIX) format as well as contextual and strategic threat intelligence</li> <li>Deploy Network Security with integrated all-in-one hardware appliances or with a scalable and flexible on-premise or cloud-based distributed model</li> <li>Future-proof your investment with an extensible, modular architecture</li> <li>Provide your Microsoft Windows and Apple OS X users with the same level of threat protection</li> <li>Achieve quick protection with machine-, attacker- and victim-based intelligence applied as updates to your defenses every 60 minutes</li> <li>Shorten the solution payback period by eliminating the operational cost of triaging alerts manually</li> <li>Integrate and automate your security workflow to easily prioritize, investigate and respond to alerts across different threat vectors</li> </ul>","shortDescription":"FireEye Network Security is an advanced threat protection and breach detection platform that provides industry leading threat visibility and protection against the world’s most sophisticated attacks","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":19,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"FireEye Network Security (NX)","keywords":"","description":"\r\nBy leveraging FireEye’s unique technologies and threat intelligence, FireEye Network Security detects what other security solutions miss, providing holistic security from the perimeter to the network core.\r\n\r\nIdeal for next-generation networks that need flex","og:title":"FireEye Network Security (NX)","og:description":"\r\nBy leveraging FireEye’s unique technologies and threat intelligence, FireEye Network Security detects what other security solutions miss, providing holistic security from the perimeter to the network core.\r\n\r\nIdeal for next-generation networks that need flex","og:image":"https://old.roi4cio.com/fileadmin/user_upload/FireEye_NX.png"},"eventUrl":"","translationId":1720,"dealDetails":{"avgPartnerDiscount":20,"dealProtection":1,"avgDealSize":120000,"dealSizeCurrency":"","avgDealClosing":6},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"It is required to get the FireEye partner status. The request for 30 days testing is carried out through the partner portal","categories":[{"id":50,"title":"IPC - Information Protection and Control","alias":"ipc-information-protection-and-control","description":"Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information. For example, removing a hard drive from a personal computer, an insider will not be able to read the information on it. This allows you to prevent the compromise of confidential data even in the event of loss, theft or seizure (for example, when organizing operational events by special services specialists, unscrupulous competitors or raiders).\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":"<span style=\"font-weight: bold; \">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold; \">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold; \">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold; \">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups."},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI."},{"id":550,"title":"Web filtering - Appliance","alias":"web-filtering-appliance","description":" <span style=\"font-weight: bold; \">A web filter appliance</span> is a device that allows the user to filter all online content for censorship purposes, such that any links, downloads, and email containing offensive materials or pornography is outright blocked or removed. Web filtering appliance can also help you prevent malware infection because, more often than not, malware is usually hidden within links that promise porn or controversial content. Moreover, because the number of online hazards is un stopped increasing every day, it's always prudent to get a web filter appliance that can adapt to the changing times and the ever-evolving hazards posed by the Internet.\r\nAt any rate, content filtering appliance has a distinct advantage over their software counterparts in terms of stable restriction features, unrestricted monitoring, no platform-based limitations, easy upgrades and improvements, and so on. That's because the best web filters are fully integrated software and hardware systems that optimize their hybrid attributes when it comes to content filtering by gaining full, unmitigated control over online usage through well-defined policies as mandated by the owner of the network or the IT security administrator.\r\nGetting a web content filtering appliance that has a list of premium-grade and detailed content analysis with predefined categories (which includes keywords for pornography, game downloads, drugs, violence, adult content, offensive content, racist content, controversial content, and the like) is a must for any major network. All of the items you'll ever need to block should be easily selectable with a click of your mouse as well; after all, sophisticated technology aside, a good web filter appliance should also be intuitive and practical to use as well.<br />&nbsp;","materialsDescription":"<h1 class=\"align-center\">How a Web Content Filter Appliance Works</h1>\r\n<p class=\"align-left\">Typically a web content filter appliance protects Internet users and networks by using a combination of blacklists, URIBL and SURBL filters, category filters and keyword filters. Blacklists, URIBL and SURBL filters work together to prevent users visiting websites known to harbor malware, those that have been identified as fake phishing sites, and those who hid their true identity by using the whois privacy feature or a proxy server. Genuine websites have no reason to hide their true identity.</p>\r\n<p class=\"align-left\">In the category filtering process, the content of millions of webpages are analyzed and assigned a category. System administrators can then choose which categories to block access to (i.e. online shopping, alcohol, pornography, gambling, etc.) depending on whether the web content filter appliance is providing a service to a business, a store, a school, a restaurant, or a workplace. Most appliances for filtering web content also offer the facility to create bespoke categories.</p>\r\n<p class=\"align-left\">Keyword filters have multiple uses. They can be used to block access to websites containing specific words (for example the business name of a competitor), specific file extensions (typically those most commonly used for deploying malware and ransomware), and specific web applications; if, for example, a business wanted to allow its marketing department access to Facebook, but not FaceTime. Effectively, the keyword filters fine-tune the category settings, enhance security and increase productivity.</p>\r\n<h1 class=\"align-center\">Are there any home web filter appliance?</h1>\r\nFor children today, the Internet has always existed. To them, it’s second nature to pop online and watch a funny video, find a fact, or chat with a friend. But, of course, the Internet is also filled with a lot of dark corners (It’s a hop, skip, and a click to adult content). Parents, then, are presented with the daunting task of not only monitoring what sites their children visit but also their screen time consumption. There are a number of home content filtering appliance that allow parents to do just this. The best parental control apps and devices, be they hardware or software, not only put parents in command of such things as the content their children can view and the amount of time they can spend online but help restore a parent’s sense of control. With them, parents, from can restrict access to only specific sites and apps, filter dangerous or explicit web-content, manage time, and even track their location.\r\n\r\n"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force &quot;catch it as you can&quot; and a more intelligent &quot;stop look listen&quot; method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as &quot;the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents&quot;.\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>&quot;Catch-it-as-you-can&quot; – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>&quot;Stop, look and listen&quot; – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques."},{"id":335,"title":"Secure Content and Threat Management","alias":"secure-content-and-threat-management","description":" Secure content management is the set of processes and technologies that supports the collection, managing, and publishing of information. It involves processes for protecting the company from viruses, spam and undesirable web pages to not only provide enhanced security but also address productivity and potential human resources issues. Even after controlling the number of avenues through which information can enter, after the implementation of perimeter security, the cyber attackers still find ways to piggyback across valid communication channels.\r\nSecure Content Management technologies have evolved rapidly over the last few years due to the complexity of threats associated with email and web gateways. Businesses are increasingly focusing on eliminating this threat by adopting the 2 gateways, rather than the purely productive driven anti-spam and web-filtering techniques.\r\nSecure Content Management solutions are gaining traction due to the increased need for handling voluminous content that is getting generated in organizations on a daily basis. The rising adoption of digitalization, Bring Your Own Device (BYOD), growth of e-commerce, and social media has increased the amount of content generated in inter-organizations and intra-organizations.\r\nSCM solutions offer clients with the benefit of paper-free workflow, accurate searching of the required information, and better information sharing, and also addresses required industry standards and regulations. SCM solutions enable clients with handling essential enterprise information and save time and cost associated with searching for the required business data for making key business decisions.\r\nThe solutions offered for Secure Content Management includes:\r\n<span style=\"font-style: italic;\">Anti-Spam:</span> Spam Filters are introduced for spam e-mail which not only consumes time and money but also network and mail server resources.\r\n<span style=\"font-style: italic;\">Web Surfing:</span> Limiting the websites that end-users are allowed to access will increase work productivity, ensure maximum bandwidth availability and lower the liability issues.\r\n<span style=\"font-style: italic;\">Instant Messaging:</span> Convenient and growing, but difficult to handle, this technology serves as a back door for viruses and worms to enter your network. It also provides a way for sensitive information to be shared over the network.<br /><br /><br />","materialsDescription":" <span style=\"font-weight: bold;\">What are the reasons for adopting secure content management?</span>\r\nFollowing are the reasons for creating the need for secure content management:\r\n<ul><li>Lost productivity</li><li>Introduction of malicious code</li><li>Potential liability</li><li>Wasted network resources</li><li>Control over intellectual property</li><li>Regulatory Compliance</li></ul>\r\nBecause of these reasons, there is rising concern over the security of the organization and creating the need for the adoption of Secure content Management from the clients.\r\n<span style=\"font-weight: bold;\">Strategy Adopted for implementing Secure Content Management</span>\r\nThe strategy applied for Secure Content Management includes the 4 step process including\r\n<span style=\"font-weight: bold;\">Discover</span> involves Identifying and Defining the process of Data Management and collecting the data created.\r\n<span style=\"font-weight: bold;\">Classify</span> is the process of identifying critical data and segregating between secure information and unstructured information.\r\n<span style=\"font-weight: bold;\">Control</span> involves the process of data cleansing, Encrypting the digital content and Securing critical information.\r\n<span style=\"font-weight: bold;\">Govern</span> is the process of creating Service Level Agreements for usage rules, retention rules."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4740,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4741,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4742,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4743,"characteristicId":1118,"templateId":73,"value":true},"1120":{"id":4744,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4745,"characteristicId":1122,"templateId":73,"value":"Yes"},"1124":{"id":4746,"characteristicId":1124,"templateId":73,"value":true},"1126":{"id":4747,"characteristicId":1126,"templateId":73,"value":true},"1128":{"id":4748,"characteristicId":1128,"templateId":73,"value":true},"1130":{"id":4749,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4750,"characteristicId":1132,"templateId":73,"value":true},"1134":{"id":4751,"characteristicId":1134,"templateId":73,"value":true},"1136":{"id":4752,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4753,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4754,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4755,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4756,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4757,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4758,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4759,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4760,"characteristicId":1151,"templateId":73,"value":"N/A"},"1154":{"id":4761,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4762,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4763,"characteristicId":1158,"templateId":73,"value":true},"1160":{"id":4764,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4765,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4766,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4767,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4768,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4769,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4770,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4771,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4772,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4773,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4774,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":954,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/forcepoint_logo.png","logo":true,"schemeURL":"https://old.roi4cio.com/fileadmin/user_upload/Forcepoint_Advanced_Malware_Detection_scheme.png","scheme":true,"title":"Forcepoint Advanced Malware Detection","vendorVerified":0,"rating":"2.00","implementationsCount":1,"suppliersCount":0,"alias":"forcepoint-advanced-malware-detection","companyTypes":[],"description":"<strong>DETECT EVASIVE MALWARE OTHERS CANNOT SEE</strong>\r\nIt&rsquo;s become increasingly difficult to identify the malware components of advanced threats, mostly due to the evolution of evasion tactics and technology by criminal and nation-state threat actors.\r\n<strong>Unmatched Accuracy</strong>\r\nForcepoint Advanced Malware Detection technology is unmatched in security efficacy. Even highly evasive threats are revealed through Deep Content Inspection of activity at multiple levels, dormant code, and other indicators often overlooked by traditional sandbox technologies.\r\n<strong>Zero-False Positives</strong>\r\nEliminate the distraction of False Positive results with AMD. This means your incident response team can spend its limited time responding to actual threats, not chasing down false positives and searching for indicators of compromise (IOCs).\r\n<strong>Global Threat Intelligence</strong>\r\nForcepoint sends threat intelligence updates containing the characteristics, behaviors and associated IOCs of every malicious object curated and analyzed within the global service. This allows for faster identification of previously-seen threats, new threats that reuse objects, and streamlines the analysis, detection and response to previously unseen threats.\r\n<strong>DEEP CONTENT INSPECTION &ndash; A STEP BEYOND SANDBOXING</strong>\r\nAs with sandboxing, Forcepoint Advanced Malware Detection provides a simulated environment for malware execution; that is where any similarity ends.\r\n<strong>A Complete Environment</strong>\r\nTraditional sandboxes have visibility down to the operating system level only. Forcepoint offers a unique isolation and inspection environment that simulates an entire host including the CPU, system memory and all devices. Deep Content Inspection interacts with malware to observe all the actions it might take within this complete environment, and even identifies &lsquo;dormant code&rsquo; for special analysis.\r\n<strong>Malware Interaction</strong>\r\nSandbox-only solutions provide a relatively static environment, limiting the malicious &lsquo;behavior&rsquo; they may uncover. Because Forcepoint Advanced Malware Detection interacts with malware, it observes every action that it might take, even when those actions are delegated to the operating system or other programs. In addition, this tool identifies potentially malicious &lsquo;dormant code&rsquo; that the malware does not execute.\r\n<strong>Extensive Malware Detail Exposure</strong>\r\nA comprehensive solution must do more than just stop advanced malware. Correlated incident information prioritizes the most significant threats in your network without combing through massive log files. Full attack chain visibility enables your incident response team to quickly understand the nature of the attack, making your scarce security resources more efficient.\r\n<strong>MALWARE DETECTION ACROSS CHANNELS</strong>\r\nThreat actors will find and exploit any available point of entry. Forcepoint Advanced Malware Detection integrates with other defenses, complimenting their own security capabilities to frustrate attacker efforts across multiple channels. The resulting shared intelligence improves overall visibility and strengthens each point of defense.\r\nForcepoint Web Security is a (cloud or hybrid deployed) Secure Web Gateway that stops advanced threats from getting in and sensitive data from getting out &ndash; whether an organization&rsquo;s users are in the office, working from home or on the road. Forcepoint Advanced Malware Detection integrates with Web Security as an additional defense against zero-day and other advanced, evasive malware.\r\nIts cutting-edge classification engine, global threat intelligence, advanced malware detection and enterprise-class DLP work together to make strong security easy to deploy. It delivers real-time web protection for increasingly mobile workforces and can share policies and context with Email Security to thwart advanced, coordinated web and email attacks with complete inbound and outbound defenses.\r\nForcepoint Email Security stops spam and phishing emails that introduce ransomware and other advanced threats before they can infect systems with malware. Forcepoint Advanced Malware Detection integrates with Email Security as an additional defense against zero-day and other advanced, evasive malware.\r\nThe comprehensive defenses of Forcepoint Email Security integrate: highly effective analytics, URL Wrapping, Phishing education, and advanced malware detection for inbound protection&mdash;as well as integrated DLP as an outbound control and email encryption for secure communications.\r\nOperating on the security industry&rsquo;s most secure cloud infrastructure, Forcepoint Email Security delivers unparalleled phishing, malware and DLP protection for Microsoft Office 365 and other popular email systems.\r\nForcepoint Next Generation Firewall (NGFW) connects and protects people and their data throughout offices, branches, and the cloud &ndash; all with the greatest efficiency, availability and security. It applies multiple scanning techniques to files found in network traffic, allowing administrators to tailor granular levels of security to the specific needs of each connection. Forcepoint Advanced Malware Detection integrates with Forcepoint NGFW as an additional defense against zero-day and other advanced, evasive malware.\r\nForcepoint NGFW can deploy, monitor, and update thousands of firewalls, VPNs and IPSs from a single console &ndash; cutting network operating expenses up to 50%. It eliminates downtime with high-availability clustering and Multi-Link networking, block attacks, and manages encrypted traffic without hurting performance. As the pioneer in Advanced Evasion Technique (AET) defenses and proxy technologies for mission-critical applications, Forcepoint NGFW gives you security without compromise.\r\nForcepoint CASB delivers visibility and control over cloud applications and helps eliminate the security and compliance blind spots created in a cloud-first world. It quickly discovers unsanctioned cloud applications and assesses their associated risks, as well as the ability to control how sanctioned cloud applications such as Office 365, Google Suite, Salesforce, Box, Dropbox and others are used in order to prevent the loss of critical intellectual property.\r\nWith Forcepoint CASB, organizations can truly embrace the Cloud by ensuring that their users are not engaging in risky behaviors - without slowing them down.\r\n&nbsp;","shortDescription":"Forcepoint Advanced Malware Detection - detecting and stoping the most evasive, Advanced Malware Threats","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Forcepoint Advanced Malware Detection","keywords":"Forcepoint, malware, with, Malware, advanced, security, threats, Advanced","description":"<strong>DETECT EVASIVE MALWARE OTHERS CANNOT SEE</strong>\r\nIt&rsquo;s become increasingly difficult to identify the malware components of advanced threats, mostly due to the evolution of evasion tactics and technology by criminal and nation-state threat actors","og:title":"Forcepoint Advanced Malware Detection","og:description":"<strong>DETECT EVASIVE MALWARE OTHERS CANNOT SEE</strong>\r\nIt&rsquo;s become increasingly difficult to identify the malware components of advanced threats, mostly due to the evolution of evasion tactics and technology by criminal and nation-state threat actors","og:image":"https://old.roi4cio.com/fileadmin/user_upload/forcepoint_logo.png"},"eventUrl":"","translationId":955,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4668,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4669,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4670,"characteristicId":1116,"templateId":73,"value":"N/A"},"1118":{"id":4671,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4672,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4673,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4674,"characteristicId":1124,"templateId":73,"value":"N/A"},"1126":{"id":4675,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4676,"characteristicId":1128,"templateId":73,"value":"N/A"},"1130":{"id":4677,"characteristicId":1130,"templateId":73,"value":"N/A"},"1132":{"id":4678,"characteristicId":1132,"templateId":73,"value":true},"1134":{"id":4679,"characteristicId":1134,"templateId":73,"value":true},"1136":{"id":4680,"characteristicId":1136,"templateId":73,"value":"N/A"},"1138":{"id":4681,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4683,"characteristicId":1140,"templateId":73,"value":"N/A"},"1142":{"id":4684,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4685,"characteristicId":1144,"templateId":73,"value":"N/A"},"1146":{"id":4686,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4687,"characteristicId":1148,"templateId":73,"value":"N/A"},"1150":{"id":4688,"characteristicId":1150,"templateId":73,"value":"N/A"},"1151":{"id":4689,"characteristicId":1151,"templateId":73,"value":"N/A"},"1154":{"id":4690,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4691,"characteristicId":1156,"templateId":73,"value":"N/A"},"1158":{"id":4692,"characteristicId":1158,"templateId":73,"value":"N/A"},"1160":{"id":4693,"characteristicId":1160,"templateId":73,"value":"N/A"},"1162":{"id":4694,"characteristicId":1162,"templateId":73,"value":"N/A"},"1164":{"id":4695,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4696,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4697,"characteristicId":1168,"templateId":73,"value":"N/A"},"1170":{"id":4698,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4699,"characteristicId":1172,"templateId":73,"value":"N/A"},"1174":{"id":4700,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4701,"characteristicId":1176,"templateId":73,"value":"N/A"},"1178":{"id":4702,"characteristicId":1178,"templateId":73,"value":"N/A"},"1180":{"id":4703,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":2150,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Fortinet.png","logo":true,"schemeURL":"https://old.roi4cio.com/fileadmin/user_upload/sandbox.JPG","scheme":true,"title":"Fortinet FortiSandbox","vendorVerified":0,"rating":"2.00","implementationsCount":1,"suppliersCount":0,"alias":"fortinet-fortisandbox","companyTypes":[],"description":"With the increasing volume and sophistication of cyber-attacks, it takes only one threat to slip through security for a data breach to occur. CISOs have adopted sandboxing as an essential component of their security strategies to help combat previously unknown threats.\r\nWhile attack surfaces are becoming more dynamic due to the rise of IoT and cloud-based services, a continuing shortage of cyber security talent is driving organizations to integrate sandboxing with greater controls and a high degree of automation.\r\nToday’s threats are increasingly sophisticated and often bypass traditional malware security by masking their malicious activity. A sandbox augments your security architecture by validating threats in a separate, secure environment. FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss. It's also a key component of our Advanced Threat Protection solution.\r\n<span style=\"font-weight: bold;\">Features and Benefits:</span>\r\n<span style=\"font-weight: bold;\">Independently top-rated.</span> NSS Labs &quot;Recommended&quot; for breach detection and breach prevention, and ICSA labs certified for advanced threat defense.\r\n<span style=\"font-weight: bold;\">Broad integration.</span> Extends advanced threat protection to your next-generation firewall, web application firewall, secure email gateway, and endpoint protection platform.\r\n<span style=\"font-weight: bold;\">Intelligent automation.</span> Speeds mitigation by sharing real-time updates to disrupt threats at the origin and subsequent immunization across the entire organization and the global community.\r\n<span style=\"font-weight: bold;\">All-in-one.</span> Simplifies deployment and reduces complexity by covering all protocols in a single common sandbox platform.\r\n<span style=\"font-weight: bold;\">Flexible deployment.</span> Available as a physical or virtual appliance on premises, as well as a cloud-based or managed service.\r\n<span style=\"font-weight: bold;\">Open extensibility.</span> Flexible APIs for easy third-party integration and available day-zero integration with Fabric-Ready partners.","shortDescription":"FortiSandbox delivers real-time actionable intelligence through the automation of zero-day, advanced malware detection and mitigation.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Fortinet FortiSandbox","keywords":"","description":"With the increasing volume and sophistication of cyber-attacks, it takes only one threat to slip through security for a data breach to occur. CISOs have adopted sandboxing as an essential component of their security strategies to help combat previously unknown","og:title":"Fortinet FortiSandbox","og:description":"With the increasing volume and sophistication of cyber-attacks, it takes only one threat to slip through security for a data breach to occur. CISOs have adopted sandboxing as an essential component of their security strategies to help combat previously unknown","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Fortinet.png"},"eventUrl":"","translationId":2151,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4416,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4417,"characteristicId":1114,"templateId":73,"value":"Yes (must be integrated with FortiMail for threats blocking)"},"1116":{"id":4418,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4419,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4420,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4421,"characteristicId":1122,"templateId":73,"value":"Yes (with FortiGate and FortiWeb integrations)"},"1124":{"id":4422,"characteristicId":1124,"templateId":73,"value":true},"1126":{"id":4423,"characteristicId":1126,"templateId":73,"value":true},"1128":{"id":4424,"characteristicId":1128,"templateId":73,"value":true},"1130":{"id":4425,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4426,"characteristicId":1132,"templateId":73,"value":true},"1134":{"id":4427,"characteristicId":1134,"templateId":73,"value":true},"1136":{"id":4428,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4429,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4431,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4432,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4433,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4434,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4435,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4436,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4437,"characteristicId":1151,"templateId":73,"value":true},"1154":{"id":4438,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4439,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4440,"characteristicId":1158,"templateId":73,"value":true},"1160":{"id":4441,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4442,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4443,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4444,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4445,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4446,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4447,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4448,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4449,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4450,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4451,"characteristicId":1180,"templateId":73,"value":"N/A"}}}},{"id":2168,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Lookingglass_ScoutShield.jpg","logo":true,"scheme":false,"title":"LookingGlass ScoutShield","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"lookingglass-scoutshield","companyTypes":[],"description":"<p>ScoutShield Threat Intelligence Gateway is a high-assurance, low-touch security appliance designed to work with firewalls to identify and block phishing, malware, and malicious Command-and-Control (C2) domains &ndash; disrupting or stopping these threats.</p>\r\n<p>The ScoutShield solution ingests LookingGlass Automated Data Services&rsquo; machine-readable threat intelligence to automatically block known phishing URLs, malicious URLs, and malicious C2 Domains.</p>\r\n<ul>\r\n<li>Malicious C2 Domains Feed - Daily updated blacklist of all known C2 botnet servers</li>\r\n<li>Phishing URL Feed - Real-time feed of global phishing URLs</li>\r\n<li>Malicious URL Feed - Real-time feed of global malicious URLs</li>\r\n</ul>\r\n<p>ScoutShield&rsquo;s automated response mechanism allows organizations to respond more efficiently and effectively to threats, so you can combat data breaches, ransomware, and stolen credentials in real-time. Using ScoutShield&rsquo;s multiple Monitoring and Reporting Dashboards enable your security team to easily determine the effectiveness of policy enforcement, the health of the entire system, and if threat intelligence rule sets have been deployed successfully.</p>\r\n<p><span style=\"font-weight: bold;\">Use ScoutShield to:</span></p>\r\n<ul>\r\n<li>Protect against known malicious web pages and phishing attacks with 99.99% accuracy</li>\r\n<li>Prevent infected devices from communicating with C2 servers automatically</li>\r\n<li>Enable your security analysts to mitigate threats in real-time, increasing productivity</li>\r\n<li>Deliver digestible insights on using its multiple dashboards: Appliance, System, Threat Intelligence,&nbsp;&nbsp;&nbsp;&nbsp; <br />and Threat Mitigation.</li>\r\n<li>Alert your organization of compromises on the network</li>\r\n</ul>","shortDescription":"LookingGlass ScoutShield is a high-assurance, low-touch security appliance designed to work with firewalls to identify and block phishing, malware, and malicious Command-and-Control (C2) domains.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"LookingGlass ScoutShield","keywords":"","description":"<p>ScoutShield Threat Intelligence Gateway is a high-assurance, low-touch security appliance designed to work with firewalls to identify and block phishing, malware, and malicious Command-and-Control (C2) domains &ndash; disrupting or stopping these threats.</","og:title":"LookingGlass ScoutShield","og:description":"<p>ScoutShield Threat Intelligence Gateway is a high-assurance, low-touch security appliance designed to work with firewalls to identify and block phishing, malware, and malicious Command-and-Control (C2) domains &ndash; disrupting or stopping these threats.</","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Lookingglass_ScoutShield.jpg"},"eventUrl":"","translationId":2169,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4847,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4848,"characteristicId":1114,"templateId":73,"value":"N/A"},"1116":{"id":4849,"characteristicId":1116,"templateId":73,"value":"N/A"},"1118":{"id":4850,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4851,"characteristicId":1120,"templateId":73,"value":"N/A"},"1122":{"id":4852,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4853,"characteristicId":1124,"templateId":73,"value":"N/A"},"1126":{"id":4854,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4855,"characteristicId":1128,"templateId":73,"value":"N/A"},"1130":{"id":4856,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4857,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4858,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4859,"characteristicId":1136,"templateId":73,"value":"N/A"},"1138":{"id":4860,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4862,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4863,"characteristicId":1142,"templateId":73,"value":"N/A"},"1144":{"id":4864,"characteristicId":1144,"templateId":73,"value":"N/A"},"1146":{"id":4865,"characteristicId":1146,"templateId":73,"value":"N/A"},"1148":{"id":4866,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4867,"characteristicId":1150,"templateId":73,"value":"N/A"},"1151":{"id":4868,"characteristicId":1151,"templateId":73,"value":true},"1154":{"id":4869,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4870,"characteristicId":1156,"templateId":73,"value":"N/A"},"1158":{"id":4871,"characteristicId":1158,"templateId":73,"value":"N/A"},"1160":{"id":4872,"characteristicId":1160,"templateId":73,"value":"N/A"},"1162":{"id":4873,"characteristicId":1162,"templateId":73,"value":"N/A"},"1164":{"id":4874,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4875,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4876,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4877,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4878,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4879,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4880,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4881,"characteristicId":1178,"templateId":73,"value":"N/A"},"1180":{"id":4882,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":2160,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg","logo":true,"schemeURL":"https://old.roi4cio.com/fileadmin/user_upload/mcaffeeatdrus.JPG","scheme":true,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&amp;CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:image":"https://old.roi4cio.com/fileadmin/user_upload/McAfee__logo_.jpg"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4596,"characteristicId":1112,"templateId":73,"value":"N/A"},"1114":{"id":4597,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4598,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4599,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4600,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4601,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4602,"characteristicId":1124,"templateId":73,"value":"N/A"},"1126":{"id":4603,"characteristicId":1126,"templateId":73,"value":true},"1128":{"id":4604,"characteristicId":1128,"templateId":73,"value":true},"1130":{"id":4605,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4606,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4607,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4608,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4609,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4611,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4612,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4613,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4614,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4615,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4616,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4617,"characteristicId":1151,"templateId":73,"value":"N/A"},"1154":{"id":4618,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4619,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4620,"characteristicId":1158,"templateId":73,"value":true},"1160":{"id":4621,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4622,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4623,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4624,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4625,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4626,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4627,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4628,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4629,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4630,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4631,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":2158,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/palo-alto-wildfire-logo.png","logo":true,"scheme":false,"title":"Palo Alto Networks WildFire","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"alias":"palo-alto-networks-wildfire","companyTypes":[],"description":"<p>Palo Alto Networks WildFire cloud-based threat analysis service is the industry&rsquo;s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The service employs a unique multi-technique approach, combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.</p>\r\n<p>WildFire changes the equation for adversaries, turning every Palo Alto Networks platform deployment into a distributed sensor and enforcement point to stop zero-day malware and exploits before they can spread and become successful.Within the WildFire environment, threats are detonated, intelligence is extracted and preventions are automatically orchestrated across Palo Alto Networks Next-Generation Security Platform in as few as five minutes of first discovery anywhere in the world.</p>\r\n<p>WildFire goes beyond traditional approaches used to detect unknown threats, bringing together the benefits of four independent techniques for high-fidelity and evasion-resistant discovery, including:</p>\r\n<p><span style=\"font-weight: bold;\">Dynamic analysis</span> &ndash; observes files as they detonate in a purpose-built, evasion-resistant virtual environment, enabling detection of zero-day exploits and malware using hundreds of behavioral characteristics.</p>\r\n<p><span style=\"font-weight: bold;\">Static analysis</span> &ndash; highly effective detection of malware and exploits that attempt to evade dynamic analysis, as well as instant identification of variants of existing malware.</p>\r\n<p><span style=\"font-weight: bold;\">Machine learning</span> &ndash; extracts thousands of unique features from each file, training a predictive machine learning model to identify new malware &ndash; which is not possible with static or dynamic analysis alone.</p>\r\n<p><span style=\"font-weight: bold;\">Bare metal analysis</span> &ndash; evasive threats are automatically sent to a real hardware environment for detonation, entirely removing an adversary&rsquo;s ability to deploy anti-VM analysis techniques.</p>\r\n<p>Together, these four unique techniques allow WildFire to discover and prevent unknown malware and exploits with high efficacy and near-zero false positives.</p>\r\n<p><span style=\"font-weight: bold;\">WildFire threat analysis service:</span></p>\r\n<ul>\r\n<li>Detects evasive zero-day exploits and malware with a unique combination of dynamic and static analysis, novel machine learning techniques, and an industry-first bare metal analysis environment.</li>\r\n<li>Orchestrates automated prevention for unknown threats in as few as five minutes from first discovery anywhere in the world, without requiring manual response.</li>\r\n<li>Builds collective immunity for unknown malware and exploits with shared real-time intelligence from approximately 17,000 subscribers.</li>\r\n<li>Provides highly relevant threat analysis and context with AutoFocus.</li>\r\n</ul>","shortDescription":"WildFire uses data and threat intelligence from the industry’s largest global community, and applies advanced analysis to automatically identify unknown threats and stop attackers in their tracks.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":9,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Palo Alto Networks WildFire","keywords":"","description":"<p>Palo Alto Networks WildFire cloud-based threat analysis service is the industry&rsquo;s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The service employs a unique multi-technique approach, combining dynamic a","og:title":"Palo Alto Networks WildFire","og:description":"<p>Palo Alto Networks WildFire cloud-based threat analysis service is the industry&rsquo;s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The service employs a unique multi-technique approach, combining dynamic a","og:image":"https://old.roi4cio.com/fileadmin/user_upload/palo-alto-wildfire-logo.png"},"eventUrl":"","translationId":2159,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4560,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4561,"characteristicId":1114,"templateId":73,"value":"N/A"},"1116":{"id":4562,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4563,"characteristicId":1118,"templateId":73,"value":true},"1120":{"id":4564,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4565,"characteristicId":1122,"templateId":73,"value":"Yes"},"1124":{"id":4566,"characteristicId":1124,"templateId":73,"value":true},"1126":{"id":4567,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4568,"characteristicId":1128,"templateId":73,"value":true},"1130":{"id":4569,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4570,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4571,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4572,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4573,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4575,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4576,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4577,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4578,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4579,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4580,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4581,"characteristicId":1151,"templateId":73,"value":true},"1154":{"id":4582,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4583,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4584,"characteristicId":1158,"templateId":73,"value":true},"1160":{"id":4585,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4586,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4587,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4588,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4589,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4590,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4591,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4592,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4593,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4594,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4595,"characteristicId":1180,"templateId":73,"value":"Yes"}}}},{"id":2152,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Proofpoint__logo_.jpg","logo":true,"scheme":false,"title":"Proofpoint Targeted Attack Protection","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"proofpoint-targeted-attack-protection","companyTypes":[],"description":"<p>Proofpoint Targeted Attack Protection (TAP) helps detect, mitigate, and block advanced threats that target people through email. We detect both known and new, never-before-seen attacks that use malicious attachments and URLs to install malware on a device or trick users to share their passwords or other sensitive information. TAP is unmatched in stopping targeted attacks that use polymorphic malware, weaponized documents, and credential phishing to access sensitive information or steal money.</p>\r\n<p><span style=\"font-weight: bold;\">TAP provides the first line of defense at the email gateway. TAP has two components:</span></p>\r\n<p><span style=\"font-weight: bold;\">Attachment Defense:</span> TAP can hold messages until a verdict is received after analysing the attachment. Clean ones are delivered to the inbox and threats are quarantined.</p>\r\n<p><span style=\"font-weight: bold;\">URL Defense:</span> Messages containing URLs that are known to be malicious are immediately quarantined. TAP rewrites all other URLs in order to track and block clicks. When users click on the rewritten URLs, TAP redirects them &mdash; based on the verdict from inspection &mdash; to either the original webpage or a customizable block page that prevents access to compromised site.</p>\r\n<p>TAP is built on the Proofpoint next-generation email security platform, which offers clear visibility into all email communications. This means that TAP has greater context to extract threat intelligence, quickly mitigate the attack surface by blocking malicious messages, and reduce your security risk.</p>\r\n<p>Our advanced threat solutions continually adapt to detect new attack patterns. TAP inspects the entire attack chain using static and dynamic techniques. We analyse potential threats in several stages using multiple approaches to examine behavior, code, and protocol. TAP uses unique features, such as predictive analysis to identify and sandbox suspicious URLs before users can click on them.</p>\r\n<p>Proofpoint TAP includes a web-based graphical dashboard that provides data at organizational, threat, and user levels to help you prioritize alerts and take action. Detailed forensic information on both individual threats and campaigns is provided to you in real time.</p>\r\n<p>Proofpoint TAP is easily configured as add-on modules to the Proofpoint email security platform, which can be deployed as a cloud service, virtual appliance, or hardware appliance. Proofpoint also uses the cloud to instantly update our software every day to quickly incorporate new features and help you stay ahead of attackers.</p>","shortDescription":"Proofpoint Targeted Attack Protection (TAP) helps you stay ahead of attackers with an innovative approach that detects, analyzes and blocks advanced threats before they reach your inbox.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":7,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Proofpoint Targeted Attack Protection","keywords":"","description":"<p>Proofpoint Targeted Attack Protection (TAP) helps detect, mitigate, and block advanced threats that target people through email. We detect both known and new, never-before-seen attacks that use malicious attachments and URLs to install malware on a device o","og:title":"Proofpoint Targeted Attack Protection","og:description":"<p>Proofpoint Targeted Attack Protection (TAP) helps detect, mitigate, and block advanced threats that target people through email. We detect both known and new, never-before-seen attacks that use malicious attachments and URLs to install malware on a device o","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Proofpoint__logo_.jpg"},"eventUrl":"","translationId":2153,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4452,"characteristicId":1112,"templateId":73,"value":"N/A"},"1114":{"id":4453,"characteristicId":1114,"templateId":73,"value":"Yes"},"1116":{"id":4454,"characteristicId":1116,"templateId":73,"value":"N/A"},"1118":{"id":4455,"characteristicId":1118,"templateId":73,"value":true},"1120":{"id":4456,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4457,"characteristicId":1122,"templateId":73,"value":"N/A"},"1124":{"id":4458,"characteristicId":1124,"templateId":73,"value":"N/A"},"1126":{"id":4459,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4460,"characteristicId":1128,"templateId":73,"value":"N/A"},"1130":{"id":4461,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4462,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4463,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4464,"characteristicId":1136,"templateId":73,"value":"N/A"},"1138":{"id":4465,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4467,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4468,"characteristicId":1142,"templateId":73,"value":"N/A"},"1144":{"id":4469,"characteristicId":1144,"templateId":73,"value":"N/A"},"1146":{"id":4470,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4471,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4472,"characteristicId":1150,"templateId":73,"value":"N/A"},"1151":{"id":4473,"characteristicId":1151,"templateId":73,"value":"N/A"},"1154":{"id":4474,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4475,"characteristicId":1156,"templateId":73,"value":"N/A"},"1158":{"id":4476,"characteristicId":1158,"templateId":73,"value":"N/A"},"1160":{"id":4477,"characteristicId":1160,"templateId":73,"value":"N/A"},"1162":{"id":4478,"characteristicId":1162,"templateId":73,"value":"N/A"},"1164":{"id":4479,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4480,"characteristicId":1166,"templateId":73,"value":"N/A"},"1168":{"id":4481,"characteristicId":1168,"templateId":73,"value":"N/A"},"1170":{"id":4482,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4483,"characteristicId":1172,"templateId":73,"value":"N/A"},"1174":{"id":4484,"characteristicId":1174,"templateId":73,"value":"N/A"},"1176":{"id":4485,"characteristicId":1176,"templateId":73,"value":"N/A"},"1178":{"id":4486,"characteristicId":1178,"templateId":73,"value":"N/A"},"1180":{"id":4487,"characteristicId":1180,"templateId":73,"value":"Yes (30 days)"}}}},{"id":2148,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Trend_Micro.png","logo":true,"scheme":false,"title":"Trend Micro Deep Discovery Analyzer","vendorVerified":0,"rating":"1.40","implementationsCount":0,"suppliersCount":0,"alias":"trend-micro-deep-discovery-analyzer","companyTypes":[],"description":"<p>Deep Discovery Analyzer extends the value of existing security investments from Trend Micro and third-parties (through a web services API) by providing custom sandboxing and advanced analysis. It can also provide expanded sandboxing capabilities to other Trend Micro products. Suspicious objects can be sent to the Analyzer sandbox&nbsp; for&nbsp; advanced analysis using multiple detection methods. If a threat is discovered, security solutions can be updated automatically.</p>\r\n<p><span style=\"font-weight: bold;\">KEY CAPABILITIES:</span></p>\r\n<p><span style=\"font-weight: bold;\">Custom Sandbox Analysis</span> uses virtual images that are tuned to precisely match your system configurations, drivers, installed applications, and language versions. This approach improves the detection rate of advanced threats that are designed to evade standard virtual images. The custom sandbox environment includes safe external access to identify and analyze multi-stage downloads, URLs, command and control (C&amp;C), and more, as well as supporting manual or automated file and URL submission.</p>\r\n<p><span style=\"font-weight: bold;\">Flexible Deployment</span> Analyzer can be deployed as a standalone sandbox or alongside a larger Deep Discovery deployment to add additional sandbox capacity. It is scalable to support up to 60 sandboxes in a single appliance, and multiple appliances can be clustered for high availability or configured for a hot or cold backup.</p>\r\n<p><span style=\"font-weight: bold;\">Advanced Detection Methods</span> such as static analysis, heuristic analysis, behavior analysis, web reputation, and file reputation ensure threats are discovered quickly. Analyzer also detects multi-stage malicious files, outbound connections, and repeated C&amp;C from suspicious files.</p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-weight: bold;\">Broad file analysis range</span> Examines a wide range of Windows executables, Microsoft Office, PDF, web content, and compressed file types using multiple detection engines and sandboxing. Custom policies can be defined by file type.</p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-weight: bold;\">Document exploit detection</span> Discovers malware and exploits delivered in common document formats by using specialized detection and sandboxing.</p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-weight: bold;\">URL analysis</span> Performs sandbox analysis of URLs contained in emails or manually submitted samples.</p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-weight: bold;\">Web services API and manual submission</span> Enables any product or malware analyst to submit suspicious samples. Shares new IOC detection intelligence automatically with Trend Micro and third-party products.</p>\r\n<p style=\"padding-left: 30px;\"><span style=\"font-weight: bold;\">Support for Windows, Mac, and Android operating systems.</span></p>\r\n<p><span style=\"font-weight: bold;\">Detect ransomware</span> Detects script emulation, zero-day exploits, targeted and password-protected malware commonly associated with ransomware. IT also uses information on known threats to discover ransomware through pattern and reputation-based analysis. The custom sandbox can detect mass file modifications, encryption behavior, and modifications to backup and restore.</p>","shortDescription":"Deep Discovery Analyzer provides custom sandbox analysis to extend the value of security products, such as endpoint protection, web and email gateways, network security and other offerings.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Trend Micro Deep Discovery Analyzer","keywords":"","description":"<p>Deep Discovery Analyzer extends the value of existing security investments from Trend Micro and third-parties (through a web services API) by providing custom sandboxing and advanced analysis. It can also provide expanded sandboxing capabilities to other Tr","og:title":"Trend Micro Deep Discovery Analyzer","og:description":"<p>Deep Discovery Analyzer extends the value of existing security investments from Trend Micro and third-parties (through a web services API) by providing custom sandboxing and advanced analysis. It can also provide expanded sandboxing capabilities to other Tr","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Trend_Micro.png"},"eventUrl":"","translationId":2149,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4380,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4381,"characteristicId":1114,"templateId":73,"value":"N/A"},"1116":{"id":4382,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4383,"characteristicId":1118,"templateId":73,"value":"N/A"},"1120":{"id":4384,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4385,"characteristicId":1122,"templateId":73,"value":"Yes (using a third-party solutions)"},"1124":{"id":4386,"characteristicId":1124,"templateId":73,"value":true},"1126":{"id":4387,"characteristicId":1126,"templateId":73,"value":true},"1128":{"id":4388,"characteristicId":1128,"templateId":73,"value":true},"1130":{"id":4389,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4390,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4391,"characteristicId":1134,"templateId":73,"value":true},"1136":{"id":4392,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4393,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4395,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4396,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4397,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4398,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4399,"characteristicId":1148,"templateId":73,"value":"N/A"},"1150":{"id":4400,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4401,"characteristicId":1151,"templateId":73,"value":true},"1154":{"id":4402,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4403,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4404,"characteristicId":1158,"templateId":73,"value":true},"1160":{"id":4405,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4406,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4407,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4408,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4409,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4410,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4411,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4412,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4413,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4414,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4415,"characteristicId":1180,"templateId":73,"value":"N/A"}}}},{"id":2154,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/zscaler__logo_.png","logo":true,"scheme":false,"title":"Zscaler Cloud Sandbox","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"zscaler-cloud-sandbox","companyTypes":[],"description":"<p>Zscaler Cloud Sandbox uses advanced behavioral analysis techniques to find and block zero-day threats. Delivered as a service from the Zscaler global security cloud, Zscaler Cloud Sandbox provides a higher level of threat protection than any other solution.</p>\r\n<p>With Zscaler, you can sandbox any suspicious or unknown file without backhauling traffic to the data center. Since Zscaler Cloud Sandbox is implemented from the cloud, it protects all of your users, regardless of their locations. This means that remote office workers and mobile users get the same level of protection as the users at your headquarters, without costly MPLS links or cumbersome VPN connections. Zscaler Cloud Sandbox is architected to provide inline protection to block threats before they enter your network. Malicious files are instantly blocked, quarantined, or flagged based on your defined policies.</p>\r\n<p>Unlike appliances, which work in isolation, Zscaler Cloud Sandbox is fully integrated into the Zscaler Cloud Security Platform to deliver maximum threat visibility and multilevel protection. Because Zscaler is delivered as a service, there is no hardware deploy and manage, and no software to update.</p>\r\n<p>The processing power of Zscaler Cloud Sandbox lets us inspect all suspicious and unknown files with efficiency. Data is correlated across multiple security engines to identify and block sophisticated threats that go undetected by traditional appliances. By performing this in-depth level of sandbox pre-processing, we streamline the detection of suspicious files and improve the user experience. And because SSL inspection is native to the cloud security platform, the tactic of hiding attacks behind encryption fails as well. Malicious files are instantly blocked, quarantined, or flagged based on your defined policy, which can be easily scaled across all users.</p>\r\n<p>Zscaler Cloud Sandbox uses cloud intelligence gained from more than 60 billion transactions processed every day at peak periods and more than 120,000 unique security updates. Once a threat is identified anywhere in the Zscaler cloud, it is immediately blocked for all customers. By default, the Zscaler security cloud sandboxes all executables and libraries to improve the protection to all customers. Zscaler also incorporates over 40 partner threat feeds to make sure the latest threat intelligence is applied across the cloud, which minimizes the number of files that need to be sandboxed.</p>\r\n<p><span style=\"font-weight: bold;\">Zscaler Cloud Sandbox provides:</span></p>\r\n<p><span style=\"font-style: italic;\">Integrated platform service</span></p>\r\n<ul>\r\n<li>Pre-filters all known threats using threat feeds from 40+ security partners</li>\r\n<li>Offers native SSL inspection to close security gaps</li>\r\n<li>Provides APT protection &mdash; for both inbound and outbound traffic</li>\r\n<li>Delivers rich forensics &mdash; including intelligence on users, locations, origins, and evasive tactics</li>\r\n</ul>\r\n<p><span style=\"font-style: italic;\">Inline inspection of all suspicious and unknown files</span></p>\r\n<ul>\r\n<li>Fully analyzes executables, libraries, Office documents, archives, and web and mobile content</li>\r\n<li>Enforces patient-zero quarantines</li>\r\n<li>Enables manual file submission via a sandbox scanning portal</li>\r\n</ul>\r\n<p><span style=\"font-style: italic;\">Uniform policies across all users and locations</span></p>\r\n<ul>\r\n<li>Defines global policies from a single console</li>\r\n<li>Enforces policy changes immediately across all users, regardless of location</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Benefits:</span></p>\r\n<p><span style=\"font-weight: bold;\">Simply Scalable.</span> Break free from costly gateway-based architectures. Scale protection across all users and all locations with ease from the cloud.</p>\r\n<p><span style=\"font-weight: bold;\">Better Protection.</span> Deliver a fully integrated sandbox solution that can inspect all traffic, including SSL, without performance limitations.</p>\r\n<p><span style=\"font-weight: bold;\">Cost-Effective.</span> Minimize IT procurement and administration costs with protection that easily grows with your needs.</p>\r\n<p><span style=\"font-weight: bold;\">Cloud Intelligence.</span> Empower your sandbox with the power and visibility of the world&rsquo;s largest security cloud.</p>","shortDescription":"The Zscaler Cloud Sandbox service delivers full inline protection and provides a complete picture of the threats targeting your users.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Zscaler Cloud Sandbox","keywords":"","description":"<p>Zscaler Cloud Sandbox uses advanced behavioral analysis techniques to find and block zero-day threats. Delivered as a service from the Zscaler global security cloud, Zscaler Cloud Sandbox provides a higher level of threat protection than any other solution.","og:title":"Zscaler Cloud Sandbox","og:description":"<p>Zscaler Cloud Sandbox uses advanced behavioral analysis techniques to find and block zero-day threats. Delivered as a service from the Zscaler global security cloud, Zscaler Cloud Sandbox provides a higher level of threat protection than any other solution.","og:image":"https://old.roi4cio.com/fileadmin/user_upload/zscaler__logo_.png"},"eventUrl":"","translationId":2155,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a &quot;sandbox&quot; is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - &quot;ping&quot;). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN."}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[],"valuesByTemplateId":{"73":{"1112":{"id":4488,"characteristicId":1112,"templateId":73,"value":true},"1114":{"id":4489,"characteristicId":1114,"templateId":73,"value":"N/A"},"1116":{"id":4490,"characteristicId":1116,"templateId":73,"value":true},"1118":{"id":4491,"characteristicId":1118,"templateId":73,"value":true},"1120":{"id":4492,"characteristicId":1120,"templateId":73,"value":true},"1122":{"id":4493,"characteristicId":1122,"templateId":73,"value":"Yes"},"1124":{"id":4494,"characteristicId":1124,"templateId":73,"value":true},"1126":{"id":4495,"characteristicId":1126,"templateId":73,"value":"N/A"},"1128":{"id":4496,"characteristicId":1128,"templateId":73,"value":"N/A"},"1130":{"id":4497,"characteristicId":1130,"templateId":73,"value":true},"1132":{"id":4498,"characteristicId":1132,"templateId":73,"value":"N/A"},"1134":{"id":4499,"characteristicId":1134,"templateId":73,"value":"N/A"},"1136":{"id":4500,"characteristicId":1136,"templateId":73,"value":true},"1138":{"id":4501,"characteristicId":1138,"templateId":73,"value":true},"1140":{"id":4503,"characteristicId":1140,"templateId":73,"value":true},"1142":{"id":4504,"characteristicId":1142,"templateId":73,"value":true},"1144":{"id":4505,"characteristicId":1144,"templateId":73,"value":true},"1146":{"id":4506,"characteristicId":1146,"templateId":73,"value":true},"1148":{"id":4507,"characteristicId":1148,"templateId":73,"value":true},"1150":{"id":4508,"characteristicId":1150,"templateId":73,"value":true},"1151":{"id":4509,"characteristicId":1151,"templateId":73,"value":true},"1154":{"id":4510,"characteristicId":1154,"templateId":73,"value":"N/A"},"1156":{"id":4511,"characteristicId":1156,"templateId":73,"value":true},"1158":{"id":4512,"characteristicId":1158,"templateId":73,"value":true},"1160":{"id":4513,"characteristicId":1160,"templateId":73,"value":true},"1162":{"id":4514,"characteristicId":1162,"templateId":73,"value":true},"1164":{"id":4515,"characteristicId":1164,"templateId":73,"value":true},"1166":{"id":4516,"characteristicId":1166,"templateId":73,"value":true},"1168":{"id":4517,"characteristicId":1168,"templateId":73,"value":"Periodic reports, Contextual reports on threats"},"1170":{"id":4518,"characteristicId":1170,"templateId":73,"value":true},"1172":{"id":4519,"characteristicId":1172,"templateId":73,"value":true},"1174":{"id":4520,"characteristicId":1174,"templateId":73,"value":true},"1176":{"id":4521,"characteristicId":1176,"templateId":73,"value":true},"1178":{"id":4522,"characteristicId":1178,"templateId":73,"value":true},"1180":{"id":4523,"characteristicId":1180,"templateId":73,"value":"Yes"}}}}],"selectedTemplateId":73},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}