{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"product":{"reference-bonus":{"_type":"localeString","en":"Offer a reference bonus","ru":"Предложить бонус за референс"},"configurator":{"ru":"Конфигуратор","_type":"localeString","en":"Сonfigurator"},"i-sell-it":{"_type":"localeString","en":"I sell it","ru":"I sell it"},"i-use-it":{"en":"I use it","ru":"I use it","_type":"localeString"},"roi-calculator":{"_type":"localeString","en":"ROI-calculator","ru":"ROI-калькулятор"},"selling":{"ru":"Продают","_type":"localeString","en":"Selling"},"using":{"_type":"localeString","en":"Using","ru":"Используют"},"show-more-button":{"ru":"Показать еще","_type":"localeString","en":"Show more"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"supplier-popover":{"_type":"localeString","en":"supplier","ru":"поставщик"},"implementation-popover":{"ru":"внедрение","_type":"localeString","en":"deployment"},"manufacturer-popover":{"ru":"производитель","_type":"localeString","en":"manufacturer"},"short-description":{"ru":"Краткое описание","_type":"localeString","en":"Pitch"},"i-use-it-popover":{"en":"Make your introduction and get a bonus from ROI4CIO or the supplier.","ru":"Внесите свое внедрение и получите бонус от ROI4CIO или поставщика.","_type":"localeString"},"details":{"_type":"localeString","en":"Details","ru":"Детальнее"},"description":{"en":"Description","ru":"Описание","_type":"localeString"},"product-features":{"en":"Product features","ru":"Особенности продукта","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"solutions":{"ru":"Проблемы которые решает","_type":"localeString","en":" Problems that solves"},"values":{"ru":"Ценности","_type":"localeString","en":"Values"},"сomparison-matrix":{"_type":"localeString","en":"Comparison matrix","ru":"Матрица сравнения"},"testing":{"en":"Testing","ru":"Тестирование","_type":"localeString"},"compare":{"en":"Compare with competitors","ru":"Сравнить с конкурентами","_type":"localeString"},"characteristics":{"ru":"Характеристики","_type":"localeString","en":" Characteristics"},"transaction-features":{"ru":"Особенности сделки","_type":"localeString","en":"Transaction Features"},"average-discount":{"_type":"localeString","en":"Partner average discount","ru":"Средняя скидка партнера"},"deal-protection":{"_type":"localeString","en":"Deal protection","ru":"Защита сделки"},"average-deal":{"ru":"Средний размер сделки","_type":"localeString","en":"Average deal size"},"average-time":{"en":"Average deal closing time","ru":"Средний срок закрытия сделки","_type":"localeString"},"login":{"ru":"Войти","_type":"localeString","en":"Login"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"to-know-more":{"_type":"localeString","en":"To know more","ru":"Чтобы узнать больше"},"scheme":{"ru":"Схема работы","_type":"localeString","en":" Scheme of work"},"competitive-products":{"en":" Competitive products","ru":"Конкурентные продукты","_type":"localeString"},"implementations-with-product":{"ru":"Внедрения с этим продуктом","_type":"localeString","en":"Deployments with this product"},"user-features":{"ru":"Особенности пользователей","_type":"localeString","en":"User features"},"job-roles":{"_type":"localeString","en":" Roles of Interested Employees","ru":"Роли заинтересованных сотрудников"},"organizational-features":{"en":"Organizational Features","ru":"Организационные особенности","_type":"localeString"},"calculate-price":{"ru":"Рассчитать цену продукта","_type":"localeString","en":" Calculate product price"},"selling-stories":{"ru":"Продающие истории","_type":"localeString","en":" Selling stories"},"materials":{"ru":"Материалы","_type":"localeString","en":"Materials"},"about-product":{"_type":"localeString","en":"About Product","ru":"О продукте"},"or":{"_type":"localeString","en":"or","ru":"или"},"program-sends-data":{"_type":"localeString","en":"Program Sends Data"},"calculate-roi":{"en":"Calculate Product ROI","ru":"Рассчитать ROI продукта","_type":"localeString"},"complementary-categories":{"_type":"localeString","en":"Complementary Categories","ru":"Схожие категории"},"program-receives-data":{"_type":"localeString","en":"Program Receives Data"},"rebate":{"en":"Bonus","ru":"Бонус","_type":"localeString"},"rebate-for-poc":{"ru":"Бонус 4 POC","_type":"localeString","en":"Bonus 4 POC"},"configurator-content":{"en":"Calculate price for this product here","ru":"Рассчитайте стоимость продукта","_type":"localeString"},"configurator-link":{"_type":"localeString","en":"here","ru":"тут"},"vendor-popover":{"ru":"производитель","_type":"localeString","en":"vendor"},"user-popover":{"ru":"пользователь","_type":"localeString","en":"user"},"select-for-presentation":{"ru":"выбрать продукт для презентации","_type":"localeString","en":"select product for presentation"},"auth-message":{"ru":"Вам нужно зарегистрироваться или войти.","_type":"localeString","en":"You have to register or login."},"add-to-comparison":{"_type":"localeString","en":"Add to comparison","ru":"Добавить в сравнение"},"added-to-comparison":{"ru":"Добавлено в сравнения","_type":"localeString","en":"Added to comparison"},"roi-calculator-content":{"ru":"Рассчитайте ROI для данного продукта","_type":"localeString","en":"Calculate ROI for this product here"},"not-yet-converted":{"_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время."},"videos":{"ru":"Видео","_type":"localeString","en":"Videos"},"vendor-verified":{"ru":"Подтверждено производителем","_type":"localeString","en":"Vendor verified"},"event-schedule":{"ru":"Расписание событий","_type":"localeString","en":"Events schedule"},"scheduling-tip":{"ru":"Выберите удобную дату и время и зарегистрируйтесь на ивент.","_type":"localeString","en":"Please, сhoose a convenient date and time and register for the event."},"register-to-schedule":{"en":"To register for the event please log in or register on the site.","ru":"Для того чтобы зарегистрироваться на ивент пожалуйста авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString"},"comparison-matrix":{"ru":"Матрица сравнений","_type":"localeString","en":"Comparison matrix"},"compare-with-competitive":{"en":" Compare with competitive","ru":"Сравнить с конкурентными","_type":"localeString"},"avg-deal-closing-unit":{"en":"months","ru":"месяцев","_type":"localeString"},"under-construction":{"en":"Current feature is still developing to become even more useful for you.","ru":"Данная услуга всё ещё находится в разработке.","_type":"localeString"},"product-presentation":{"en":"Product presentation","ru":"Презентация продукта","_type":"localeString"},"go-to-comparison-table":{"ru":"Перейти к таблице сравнения","_type":"localeString","en":" Go to comparison table"},"see-product-details":{"_type":"localeString","en":"See Details","ru":"Детали"}},"header":{"help":{"ru":"Помощь","_type":"localeString","en":"Help","de":"Hilfe"},"how":{"en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString"},"login":{"ru":"Вход","_type":"localeString","en":"Log in","de":"Einloggen"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"en":"FAQ","de":"FAQ","ru":"FAQ","_type":"localeString"},"references":{"_type":"localeString","en":"Requests","de":"References","ru":"Мои запросы"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"autoconfigurator":{"_type":"localeString","en":" Price calculator","ru":"Калькулятор цены"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"_type":"localeString","en":"Bonus for reference","ru":"Бонус за референс"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"categories":{"en":"Categories","ru":"Категории","_type":"localeString"},"for-suppliers":{"_type":"localeString","en":"For suppliers","ru":"Поставщикам"},"blog":{"en":"Blog","ru":"Блог","_type":"localeString"},"agreements":{"_type":"localeString","en":"Deals","ru":"Сделки"},"my-account":{"en":"My account","ru":"Мой кабинет","_type":"localeString"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"en":"Deletion","ru":"Удаление","_type":"localeString"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"en":"My profile","ru":"Мои данные","_type":"localeString"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"en":"Learn implementation reviews","_type":"localeString"},"it_companies":{"en":"Find vendor and company-supplier","_type":"localeString"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"en":"IT catalogs","_type":"localeString"}},"footer":{"copyright":{"en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString"},"company":{"en":"My Company","de":"Über die Firma","ru":"О компании","_type":"localeString"},"about":{"en":"About us","de":"Über uns","ru":"О нас","_type":"localeString"},"infocenter":{"_type":"localeString","en":"Infocenter","de":"Infocenter","ru":"Инфоцентр"},"tariffs":{"en":"Subscriptions","de":"Tarife","ru":"Тарифы","_type":"localeString"},"contact":{"_type":"localeString","en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами"},"marketplace":{"ru":"Marketplace","_type":"localeString","en":"Marketplace","de":"Marketplace"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche"},"calculate":{"en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString"},"get_bonus":{"_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix","de":"Vergleichsmatrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString","en":"Our social networks"},"subscribe":{"ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"en":"Agreement","ru":"Пользовательское соглашение ","_type":"localeString"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"en":"blog","ru":"блог","_type":"localeString"},"pay4content":{"_type":"localeString","en":"we pay for content","ru":"платим за контент"},"categories":{"en":"categories","ru":"категории","_type":"localeString"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"_type":"localeString","en":"This field is required","ru":"Это поле обязательное"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"en":"Last, first name","ru":"Имя Фамилия","_type":"localeString"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter","de":"roi4presenter","ru":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"}},"breadcrumbs":{"home":{"en":"Home","ru":"Главная","_type":"localeString"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"en":"Actual cost","ru":"Фактическая стоимость","_type":"localeString"},"received-roi":{"_type":"localeString","en":"Received ROI","ru":"Полученный ROI"},"saving-type":{"en":"Saving type","ru":"Тип экономии","_type":"localeString"},"comment":{"en":"Comment","ru":"Комментарий","_type":"localeString"},"your-rate":{"_type":"localeString","en":"Your rate","ru":"Ваша оценка"},"i-agree":{"en":"I agree","ru":"Я согласен","_type":"localeString"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}}},"translationsStatus":{"product":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"product":{"title":{"en":"ROI4CIO: Product","ru":"ROI4CIO: Продукт","_type":"localeString"},"meta":[{"name":"og:type","content":"website"},{"content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg","name":"og:image"}],"translatable_meta":[{"name":"og:title","translations":{"ru":"Конкретный продукт","_type":"localeString","en":"Example product"}},{"name":"og:description","translations":{"ru":"Описание для конкретного продукта","_type":"localeString","en":"Description for one product"}},{"translations":{"ru":"Продукт","_type":"localeString","en":"Product"},"name":"title"},{"name":"description","translations":{"en":"Product description","ru":"Описание продукта","_type":"localeString"}},{"name":"keywords","translations":{"en":"Product keywords","ru":"Ключевые слова продукта","_type":"localeString"}}]}},"pageMetaDataStatus":{"product":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{"ctp-digital-innovation-solutions":{"id":3490,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/cloud_technology_partners_logo.png","logo":true,"scheme":false,"title":"CTP Digital Innovation Solutions","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"ctp-digital-innovation-solutions","companyTitle":"Cloud Technology Partners","companyTypes":["supplier"],"companyId":5193,"companyAlias":"cloud-technology-partners","description":"We specialize in building cloud-based software solutions that solve the most challenging problems today’s enterprises face. Whether it’s an IoT system that improves the reliability of locomotives or a big data analytics platform that predicts agricultural yields, the more complex and technology-intensive your project, the more we like working on it.\r\nCTP delivers a broad range of IoT consulting and implementation services that use the power of the cloud to solve today’s most challenging business problems.\r\n<span style=\"font-weight: bold;\">Cloud Native Development</span>\r\nBuild cloud-native software solutions that scales dynamically to meet your global business needs.\r\n<span style=\"font-weight: bold;\">Application Modernization</span>\r\nModernize your application for the cloud to improve performance, scalability and security.\r\n<span style=\"font-weight: bold;\">Big Data & Analytics</span>\r\nMake better decisions by leveraging the power of the cloud to turn data into insights.\r\n<span style=\"font-weight: bold;\">New Tools & Technologies</span>\r\nStay ahead of the technology curve using Blockchain, Machine Learning and more.","shortDescription":"Build cloud-native software to rapidly scale and grow your business.","type":"Service","isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CTP Digital Innovation Solutions","keywords":"","description":"We specialize in building cloud-based software solutions that solve the most challenging problems today’s enterprises face. Whether it’s an IoT system that improves the reliability of locomotives or a big data analytics platform that predicts agricultural yiel","og:title":"CTP Digital Innovation Solutions","og:description":"We specialize in building cloud-based software solutions that solve the most challenging problems today’s enterprises face. Whether it’s an IoT system that improves the reliability of locomotives or a big data analytics platform that predicts agricultural yiel","og:image":"https://old.roi4cio.com/fileadmin/user_upload/cloud_technology_partners_logo.png"},"eventUrl":"","translationId":3491,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":591,"title":"Software Development","alias":"software-development","description":" Software development is the process of conceiving, specifying, designing, programming, documenting, testing, and bug fixing involved in creating and maintaining applications, frameworks, or other software components. Software development is a process of writing and maintaining the source code, but in a broader sense, it includes all that is involved between the conception of the desired software through to the final manifestation of the software, sometimes in a planned and structured process. Therefore, software development may include research, new development, prototyping, modification, reuse, re-engineering, maintenance, or any other activities that result in software products.\r\nSoftware can be developed for a variety of purposes, the three most common being to meet specific needs of a specific client/business (the case with custom software), to meet a perceived need of some set of potential users (the case with commercial and open-source software), or for personal use (e.g. a scientist may write software to automate a mundane task). Embedded software development, that is, the development of embedded software, such as used for controlling consumer products, requires the development process to be integrated with the development of the controlled physical product. System software underlies applications and the programming process itself and is often developed separately.\r\nThe need for better quality control of the software development process has given rise to the discipline of software engineering, which aims to apply the systematic approach exemplified in the engineering paradigm to the process of software development.\r\nThere are many approaches to software project management, known as software development life cycle models, methodologies, processes, or models. The waterfall model is a traditional version, contrasted with the more recent innovation of agile software development.","materialsDescription":" <span style=\"font-weight: bold; \">What is software development?</span>\r\nSoftware itself is the set of instructions or programs that tell a computer what to do. It is independent of hardware and makes computers programmable. There are three basic types:\r\n<span style=\"font-weight: bold; \">System software</span> to provide core functions such as operating systems, disk management, utilities, hardware management, and other operational necessities.\r\n<span style=\"font-weight: bold; \">Programming software</span> to give programmers tools such as text editors, compilers, linkers, debuggers and other tools to create code.\r\n<span style=\"font-weight: bold; \">Application software</span> (applications or apps) to help users perform tasks. Office productivity suites, data management software, media players and security programs are examples. Applications also refer to web and mobile applications like those used to shop on Amazon.com, socialize with Facebook or post pictures to Instagram.\r\nA possible fourth type is <span style=\"font-weight: bold; \">embedded software.</span> Embedded systems software is used to control machines and devices not typically considered computers — telecommunications networks, cars, industrial robots and more. These devices, and their software, can be connected as part of the Internet of Things (IoT).\r\nSoftware development is primarily conducted by programmers, software engineers, and software developers. These roles interact and overlap, and the dynamics between them vary greatly across development departments and communities.\r\n<span style=\"font-weight: bold; \">Programmers, or coders,</span> write source code to program computers for specific tasks like merging databases, processing online orders, routing communications, conducting searches or displaying text and graphics. Programmers typically interpret instructions from software developers and engineers and use programming languages like C++ or Java to carry them out.\r\n<span style=\"font-weight: bold; \">Software engineers</span> apply engineering principles to build software and systems to solve problems. They use modeling language and other tools to devise solutions that can often be applied to problems in a general way, as opposed to merely solving for a specific instance or client. Software engineering solutions adhere to the scientific method and must work in the real world, as with bridges or elevators.\r\n<span style=\"font-weight: bold; \">Software developers</span> have a less formal role than engineers and can be closely involved with specific project areas — including writing code. At the same time, they drive the overall software development lifecycle — including working across functional teams to transform requirements into features, managing development teams and processes, and conducting software testing and maintenance.\r\nThe work of software development isn’t confined to coders or development teams. Professionals such as scientists, device fabricators, and hardware makers also create software code even though they are not primarily software developers. Nor is it confined to traditional information technology industries such as software or semiconductor businesses. In fact, according to the Brookings Institute, those businesses “account for less than half of the companies performing software development.”\r\nAn important distinction is custom software development as opposed to commercial software development. Custom software development is the process of designing, creating, deploying and maintaining software for a specific set of users, functions or organizations. In contrast, commercial off-the-shelf software (COTS) is designed for a broad set of requirements, allowing it to be packaged and commercially marketed and distributed.\r\n<span style=\"font-weight: bold;\">Steps in the software development process</span>\r\nDeveloping software typically involves the following steps:\r\n<ul><li><span style=\"font-weight: bold;\">Selecting a methodology</span> to establish a framework in which the steps of software development are applied. It describes an overall work process or roadmap for the project. Methodologies can include Agile development, DevOps, Rapid Application Development (RAD), Scaled Agile Framework (SAFe), Waterfall and others.</li><li><span style=\"font-weight: bold;\">Gathering requirements</span> to understand and document what is required by users and other stakeholders.</li><li><span style=\"font-weight: bold;\">Choosing or building architecture</span> as the underlying structure within which the software will operate.</li><li><span style=\"font-weight: bold;\">Developing a design</span> around solutions to the problems presented by requirements, often involving process models and storyboards.</li><li><span style=\"font-weight: bold;\">Constructing code</span> in the appropriate programming language. Involves peer and team review to eliminate problems early and produce quality software faster.</li><li><span style=\"font-weight: bold;\">Testing</span> with pre-planned scenarios as part of software design and coding — and conducting performance testing to simulate load testing on the application.</li><li><span style=\"font-weight: bold;\">Managing configuration and defects</span> to understand all the software artifacts (requirements, design, code, test) and build distinct versions of the software. Establish quality assurance priorities and release criteria to address and track defects.</li><li><span style=\"font-weight: bold;\">Deploying</span> the software for use and responding to and resolving user problems.</li><li><span style=\"font-weight: bold;\">Migrating data</span> to the new or updated software from existing applications or data sources if necessary.</li><li><span style=\"font-weight: bold;\">Managing and measuring the project</span> to maintain quality and delivery over the application lifecycle, and to evaluate the development process with models such as the Capability Maturity Model (CMM).</li></ul>\r\nThe steps of the software development process fit into application lifecycle management.\r\n<ul><li>Requirements analysis and specification</li><li>Design and development</li><li>Testing</li><li>Deployment</li><li>Maintenance and support</li></ul>\r\nSoftware development process steps can be grouped into the phases of the lifecycle, but the importance of the lifecycle is that it recycles to enable continuous improvement. For example, user issues that surface in the maintenance and support phase can become requirements at the beginning of the next cycle.\r\n<span style=\"font-weight: bold;\">Why is software development important?</span>\r\nSoftware development is important because it helps businesses differentiate themselves and be more competitive. It can improve customer experiences, bring more innovative, feature-rich products to market faster, and make operations more efficient, safe and productive.\r\nSoftware development is also important because it is pervasive.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Software_Development.png"},{"id":717,"title":"Consulting","alias":"consulting","description":" Even large international companies often face difficulties in their work. This may be due to both external factors and internal problems. Most often, problems arise because of price fluctuations in the market, the appearance or departure of a competitor, but firms also have difficulties with the relations themselves between employees within the enterprise. Because of this, there is no opportunity and strength within the company to fight for their survival, therefore an excellent solution, in this case, would be to use consulting services.\r\nConsulting is a type of service, which essentially means consulting. One company or person provides services in solving certain problems to another company.\r\nThe issues that can be solved with the help of consulting are very diverse. Sometimes it can be a whole complex of tasks, and sometimes it is provided only in a narrow area. For example, accounting consulting is the involvement of a specialized company or employee to solve accounting problems. That is why, when they talk about the concept of consulting, there is no clear definition.\r\nConsulting services are the solution of organizational or managerial tasks within a firm with the help of external specialists. Professional consultants in a particular area are invited to work at a company. Experts evaluate the condition, see the cause of the problems and create a system for solving these errors.\r\nThe company turns to consulting, not only in the case when experiencing difficulties in development. Often the manager decides on the expansion, so an urgent need to increase the number of specialists. But even if hiring them to work, then it will be necessary to spend more months on training, control over the execution of tasks, and only after that set challenging tasks for them. And in a developing company there is not so much time.<br />Consulting firms are specialized companies that provide consulting services. There can work a staff of staff who simultaneously collaborate with different organizations.","materialsDescription":" <span style=\"font-weight: bold;\">What are the types of consulting services?</span>\r\nThere are basic types of consulting services:\r\n<link https://roi4cio.com/en/categories/category/it-Consulting/ - external-link-new-window \"Opens internal link in current window\"><span style=\"font-weight: bold;\">IT consulting</span></link> is one of the newest and most sought-after types of consulting in Ukraine. This advice and assistance in the field of information technology. In fact, IT-consulting solves all the issues related to the Internet and information business processes.\r\n<span style=\"font-weight: bold;\">Marketing consulting.</span> Not all companies can afford to open a marketing department or hire a professional employee who will solve these issues. And today it is necessary to engage in advertising, because this is the only way to stay on the market and be a leader. In many cases, marketing consulting services are provided along with IT consulting.\r\n<span style=\"font-weight: bold;\">Legal consulting</span> is related to the solution of current tasks that are related to the state law. This will allow to properly evaluate the activities of the company and make the most profitable decisions. Legal advice is especially important during the expansion of the enterprise when it is necessary to open new branches or enter into agreements with intermediaries and suppliers.\r\n<span style=\"font-weight: bold;\">Financial consulting</span> - services that are associated with the effective management of funds, the distribution of the budget within the company, as well as proper external investments.\r\n<span style=\"font-weight: bold;\">Personnel consulting</span> assumes the establishment of internal relations between employees, the selection of new professionals who will meet the requirements of the company.\r\n<span style=\"font-weight: bold;\">Who is engaged in consulting services?</span>\r\nThe task of consultants consulting firms include:\r\n<ul><li>Search for problems within the company.</li><li>Analysis of the enterprise.</li><li>Development of strategies and programs to solve the problems found.</li><li>Advice on any issues: management, accounting, logistics, finance, etc.</li></ul>\r\nConsultants have all the necessary knowledge to help small, medium or large businesses solve problems and quickly adapt to a constantly changing market or regularly growing competition.\r\nIn particular, consultants of consulting companies have the following knowledge:\r\n<ul><li>computer science (computer skills and various software);</li><li>marketing and advertising;</li><li>finance and accounting;</li><li>sales and management;</li><li>logistics and investment.</li></ul>\r\nThey must also understand personnel issues, environmental issues, as well as computer technology, basic software and more.\r\n<span style=\"font-weight: bold;\">When it is advisable to resort to consulting services:</span>\r\n<ol><li>If there are disagreements between partners in the business regarding the further development of the company, production, marketing, investments, etc.</li><li>When a business is in a critical situation, for example, on the verge of bankruptcy or bankruptcy, and the manager or entrepreneur is not able to solve the problems and save the company.</li><li>With the expansion of the business and its scaling. When work is planned on other regions of the country or even entering the international market.</li><li>When you need to find fresh ideas for the rapid promotion of a new service, product or product.</li><li>When the need arises to conduct an audit of a business to understand how effective it is and what are the future prospects in the current state of affairs.</li><li>When you plan to sell a business and you need to check all the important points.</li><li>In the absence of new ideas for the promotion of business, products, services or goods. Or to develop a new product, instead of an outdated or lost consumer demand.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Consulting.png"},{"id":718,"title":"IT Consulting","alias":"it-consulting","description":" In management, information technology consulting (also called IT consulting, computer consultancy, business and technology services, computing consultancy, technology consulting, and IT advisory) as a field of activity focuses on advising organizations on how best to use information technology (IT) in achieving their business objectives.\r\nThe IT consulting industry can be viewed as a Four-tier system:\r\n<ul><li>Professional services firms which maintain large professional workforces and command high bill rates.</li><li>Staffing firms, which place technologists with businesses on a temporary basis, typically in response to employee absences, temporary skill shortages and technical projects.</li><li>Independent consultants, who are self-employed or who function as employees of staffing firms (for US tax purposes, employed on Form W-2), or as independent contractors in their own right (for US tax purposes, on "1099").</li><li>Information Technology security consultants</li></ul>\r\nThere are different reasons why consultants are called in:\r\n<ul><li>To gain external, objective advice and recommendations</li><li>To gain access to the consultants' specialized expertise</li><li>Temporary help during a one-time project where the hiring of a permanent employee(s) is not required or necessary</li><li>To outsource all or part of the IT services from a specific company.</li></ul>\r\nThere is a relatively unclear line between management consulting and IT consulting. There are sometimes overlaps between the two fields, but IT consultants often have degrees in computer science, electronics, technology, or management information systems while management consultants often have degrees in accounting, economics, Industrial Engineering, finance, or a generalized MBA (Masters in Business Administration).\r\nAccording to the Institute for Partner Education & Development, IT consultants' revenues come predominantly from design and planning based consulting with a mixture of IT and business consulting. This is different from a systems integrator in that you do not normally take title to product. Their value comes from their ability to integrate and support technologies as well as determining product and brands. ","materialsDescription":"<span style=\"font-weight: bold; \">Who is an information technology (IT) consultant?</span>\r\nAn information technology consultant is a third-party service provider who is qualified to advise clients on the best use of IT to meet specific business requirements. IT consultants may work with a professional IT consultancy firm or as independent contractors. They may conduct a business needs assessment and develop an information systems solution that meets the organization's objectives.\r\nSome information technology consultants emphasize technical issues while others help organizations use IT to manage business processes. Still others specialize in a specific IT area such as information security.\r\nIT consultants need a deep knowledge of both business and information technology. A bachelor's degree in management information systems, computer science, or information science is the typical path into a technical consultancy career. IT certifications supplement this foundation with specialized technical training. Information technology degree and certification programs are available online to accommodate working IT professionals.\r\n<span style=\"font-weight: bold; \">What are the prerequisites and major obstacles?</span>\r\nOnce a business owner defined the needs to take a business to the next level, a decision maker will define a scope, cost and a time-frame of the project. The role of the IT consultancy company is to support and nurture the company from the very beginning of the project until the end, and deliver the project not only in the scope, time and cost but also with complete customer satisfaction.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Project scoping and planning</span></span>\r\nThe usual problem is that a business owner doesn't know the detail of what the project is going to deliver until it starts the process. In many cases, the incremental effort in some projects can lead to significant financial loss.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Business process and system design</span></span>\r\nThe scope of a project is linked intimately to the proposed business processes and systems that the project is going to deliver. Regardless of whether the project is to launch a new product range or discontinue unprofitable parts of the business, the change will have some impact on business processes and systems. The documentation of your business processes and system requirements are as fundamental to project scoping as an architects plans would be to the costing and scoping of the construction of a building.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Project management support</span></span>\r\nThe most successful business projects are always those that are driven by an employee who has the authority, vision and influence to drive the required changes in a business. It is highly unlikely that a business owner (decision maker or similar) will realize the changes unless one has one of these people in the employment. However, the project leadership role typically requires significant experience and skills which are not usually found within a company focused on day-to-day operations. Due to this requirement within more significant business change projects/programs, outside expertise is often sought from firms which can bring this specific skill set to the company.\r\n<span style=\"font-weight: bold;\">What are the skills of IT-consulting?</span>\r\nAn IT consultant needs to possess the following skills:\r\n<ul><li>Advisory skills</li><li>Technical skills</li><li>Business skills</li><li>Communication skills</li><li>Management skills</li><li>Advisory language skills</li><li>Business and management language skills</li><li>Technical language skills</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IT_Consulting.png"},{"id":538,"title":"Services","alias":"services","description":" Service - any activity or work that one party can offer the other, characterized by the absence of the proposed material tangibility of such activities and not expressed in possession of something.\r\nA service from the point of view of marketing is a sale object in the form of an artist’s action, bringing benefits to the consumer or a useful result. In the process of providing services, a new, previously non-existent material product is not created, but the quality of an existing, created product changes. These are goods provided not in the form of commodities or exchange, but in the form of activities. The very provision of services creates the desired result for the consumer.\r\nServices have four main characteristics that significantly affect the development of marketing programs:\r\n<ul><li>intangibility - it is impossible to demonstrate, see, try, transport, store, pack or study. All this is possible only in relation to the final result (it was - it became);</li><li>inseparability - a service can be provided only when an order arrives or a client appears, i.e. services are provided and consumed simultaneously;</li><li>variability (non-standardization) - customers are direct participants in the service process and affect its final result;</li><li>impossibility of storage - unlike tangible goods, they cannot be made for future use.</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">What are the types of services?</span>\r\nThe provision (provision) of services may include, for example, the following:\r\n<ul><li>activities carried out on material products supplied by the consumer (for example, repair of a faulty car);</li><li>activities carried out on intangible products supplied by the consumer (for example, preparing a statement of income required to determine the amount of tax);</li><li>the provision of intangible products (for example, information in the sense of knowledge transfer);</li><li>creating favorable conditions for consumers (for example, in hotels and restaurants).</li></ul>\r\nThe services provided to the population, by appointment, are divided into material and socio-cultural:\r\n<ul><li>Material service - a service to satisfy the material and domestic needs of a consumer of services. It provides restoration (change, preservation) of consumer properties of products or the manufacture of new products by orders of citizens, as well as the movement of goods and people, the creation of conditions for consumption. In particular, material services may include household services related to the repair and manufacture of products, housing and communal services, catering services, transportation services, etc.</li><li>Socio-cultural service (intangible service) - a service to satisfy spiritual, intellectual needs and the maintenance of normal consumer life. Provides maintenance and restoration of health, spiritual and physical development of the individual, increasing professional skills. Social and cultural services cannot include medical care and compulsory educational process.</li></ul>\r\nServices can be: private or commercial, voluntary or forced, paid or free, instant or long-term, mutual and anonymous, public, etc.\r\nThe generalizing category, which includes all types of commercial and non-commercial services and is part of the economy, is the service sector.\r\n<span style=\"font-weight: bold;\">Service Examples</span>\r\nRealtor services - services of a realtor, real estate agent, aimed at satisfying the needs of the client when performing operations to manage real estate, as well as creating additional benefits for the client when carrying out operations with real estate (additional income or an additional increase in the value of real estate both in the short and long term), the receipt of which would be impossible without the participation of a realtor (real estate agent) and the use of special professional tools and skills. At the same time, the effectiveness of the realtor (real estate agent) is estimated by the value of the benefit received by the client, and his remuneration is only part of it.\r\nLegal services - the services of a lawyer and attorney in many cases are vital, therefore, the choice of performers for their provision should be with particular seriousness and responsibility. The main areas of lawyer and advocate services:\r\n<ul><li>Comprehensive legal services for organizations of various forms of ownership;</li><li>Arbitration - representing the interests of organizations in arbitration courts;</li><li>Representation of interests of companies in courts of various instances;</li><li>Professional legal support of transactions and contracts of organizations;</li><li>Services to legal entities related to bankruptcy of enterprises;</li><li>Services of professional lawyers in returning and collecting debts;</li><li>Representation of interests of organizations in the event of tax disputes;</li><li>Processes related to registration of the inheritance;</li><li>Services of a professional lawyer in the event of a traffic accident (Legal assistance in road accidents);</li><li>Services of a lawyer and advocate in the event of housing disputes;</li><li>Family lawyer services;</li><li>Providing the services of a lawyer and criminal lawyer;</li><li>Ensuring consumer protection.</li></ul>\r\nAccounting services are necessary for both newly opened companies and existing structures that need to establish an accounting service or monitor the work of a full-time accountant. Accounting services are also relevant in the case of business expansion, as new employees appear in the company, salaries are revised, and associated costs arise. Professional accounting services are the foundation of successful business activities, ensuring the prosperity of the business due to the precise control of all financial resources of the company.\r\nPsychological assistance services.\r\nIT-services (IT-services, IT-services; including IT-consulting) - services related to assisting in the development of computer literacy of users, training them in new software products. The list of services also includes services for installation, updating and maintenance of software products and computer equipment.\r\nInformation Services.\r\nand etc.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Services.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[{"id":5120,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/OweBest_Technologies_Logo.png","logo":true,"scheme":false,"title":"OWEBEST Software Development","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"owebest-software-development","companyTitle":"Owebest Technologies Pvt. Ltd.","companyTypes":["supplier","vendor"],"companyId":7971,"companyAlias":"owebest-technologies-pvt-ltd","description":"<span style=\"font-weight: bold;\">OweBest</span> is a pre-eminent IT company with over 2500 projects executed in the global IT industry. We offer website designing, development, internet marketing, hosting and support services, as well as web and mobile app development. We believe that client satisfaction is the most important thing which is why we ensure that we deliver you the best of what you require. We have a big pool of happy clientele who talk with excessive pride and self-satisfaction about our achievements and exhaustive experience. Join our hands and let's take a walk together on a road to success.\r\n<span style=\"font-weight: bold;\">Website Design</span>\r\nOur clients are our topmost priority. We listen to you, know your business, your product, your requirements, your values and vision, and work as if it's our own. We cater to the needs of not just you, but your target audience as well. We help you have a website that makes you stand out among your competitors and give you an added advantage with unique creative website designs. We offer a wide variety of website design services which includes:\r\n<ul><li>Graphic Design Services</li><li>Dynamic Website Design</li><li>Custom Web Design</li><li>Web Portal Design</li><li>Template Design</li></ul>\r\n<span style=\"font-weight: bold;\">Website Development</span>\r\nWhile developing a website for you, we find out your target audience as well as search out the process through which your target and requirements work together with your website. We ook for the tasks and actions and that the website must achieve and find the delivery goal for your company. We use the following technology areas for our Web Development Services:\r\n<ul><li>PHP Development</li><li>Web 2.0 Projects and Ajax</li><li>.NET Development</li><li>Ruby On Rails</li><li>Content Management System</li><li>Mobile Connectivity Provision</li><li>Quality Assurance and Testing</li><li>Open Source Ecommerce Integration</li><li>Action Script Development</li><li>Custom Solutions Development</li><li>Dynamic Website Development</li><li>Ecommerce Website Development</li><li>Shopping Cart Development</li><li>Web Portal Development</li></ul>\r\n<span style=\"font-weight: bold;\">Mobile App Development</span>\r\nWith the advancement of technology, mobile app development has become a necessity for almost all businesses. Our team of mobile app developers ensures that cutting-edge apps are built with the best available high-tech. Our main focus remains to accomplish your individual demands as well as your business needs and to provide strategic planning and industry’s best product to compete in the market. Our mobile app development services cater to Android, Windows and iOS wherein we ensure that the app is optimized for speed, performance, look and feel on various mobile devices.We provide:\r\n<ul><li>Android App Development</li><li>iPhone App Development</li><li>Cross Platform App Development</li></ul>","shortDescription":"Owebest Technologies Pvt. Ltd. drives real innovations and helps you transform and grow your organization using intelligent technologies.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"OWEBEST Software Development","keywords":"","description":"<span style=\"font-weight: bold;\">OweBest</span> is a pre-eminent IT company with over 2500 projects executed in the global IT industry. We offer website designing, development, internet marketing, hosting and support services, as well as web and mobile app dev","og:title":"OWEBEST Software Development","og:description":"<span style=\"font-weight: bold;\">OweBest</span> is a pre-eminent IT company with over 2500 projects executed in the global IT industry. We offer website designing, development, internet marketing, hosting and support services, as well as web and mobile app dev","og:image":"https://old.roi4cio.com/fileadmin/user_upload/OweBest_Technologies_Logo.png"},"eventUrl":"","translationId":5121,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":565,"title":"Design","alias":"design","description":" Design is the activity of designing the aesthetic properties of industrial products (“artistic design”), as well as the result of this activity (for example, in such phrases as “car design”).\r\nIt is believed that in a broader sense, the design is not only intended for artistic design, but should also be involved in solving broader social and technical problems of the functioning of production, consumption, and the existence of people in the objective environment, by rational construction of its visual and functional properties.\r\nThe theoretical basis of design is technical aesthetics.\r\nThe term “industrial design” was approved by the decision of the first General Assembly of the ICSID (International Council of Societies of Industrial Design, International Council of Industrial Design Organizations) in 1959; The term “design” is a professional abbreviation of the term “industrial design”.\r\nDesigner - artist-designer, a person engaged in artistic and technical activities in various industries (including an architect, designer, illustrator, poster and other advertising graphics designer, web designer).\r\nThe word "design" English-language literature of the beginning of the XXI century, and understands the style, and the project, and design, and actually "design" - a professional activity, along with architecture or engineering design.","materialsDescription":" <span style=\"font-weight: bold;\">Design object</span>\r\nThe object of design can be almost any new technical industrial product (set, ensemble, complex, system) in any sphere of life activity of people, where human communication is socially and culturally conditioned.\r\n<span style=\"font-weight: bold;\">The main categories of the design object are:</span>\r\nThe image is an ideal representation of the object, an artistic-figurative model created by the designer’s imagination.\r\n<ul><li> Function - the work that the product must perform, as well as the semantic, sign and value role of the thing.</li><li>Morphology - the structure, the structure of the shape of the product, organized in accordance with its function, material and method of manufacture, embodying the designer's intent.</li><li>Technological form - morphology, embodied in the method of industrial production of the thing-object of the design-design as a result of artistic understanding of technology.</li><li>Aesthetic value is a special value of an object revealed by a person in a situation of aesthetic perception, emotional, sensory experience and assessment of the degree of conformity of an object to the aesthetic ideal of a subject.</li></ul>\r\n<span style=\"font-weight: bold;\">Techniques for finding a design solution:</span>\r\n<ul><li>Exhibition modeling</li><li>Museum situational modeling</li><li>Reincarnation or borrowing position</li><li>Person projection into the projected object</li><li>Scenario modeling</li><li>Game Situational Modeling</li><li>Mathematical and physical modeling of the dynamics of an object in the environment</li><li>Generative Design</li></ul>\r\n<span style=\"font-weight: bold;\">Varieties of design:</span>\r\n<ul><li>Animation design</li><li>Architectural design</li><li>Web design</li><li>Game design</li><li>Graphic design</li><li>Urban design</li><li>Interior Design</li><li>Clothing design</li><li>Ceremony Design</li><li>Sound design</li><li>Information design</li><li>Book design</li><li>Landscape Design</li><li>Parametric design</li><li>Print design</li><li>Interaction design</li><li>Software design</li><li>Industrial Design</li><li>Light design</li><li>Transport design</li><li>Futurodesign</li><li>Ecodesign</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Design.png"},{"id":567,"title":"Graphics Design","alias":"graphics-design","description":" Graphic design is the process of visual communication and problem-solving through the use of typography, photography, and illustration. The field is considered a subset of visual communication and communication design, but sometimes the term "graphic design" is used synonymously. Graphic designers create and combine symbols, images and text to form visual representations of ideas and messages. They use typography, visual arts, and page layout techniques to create visual compositions. Common uses of graphic design include corporate design (logos and branding), editorial design (magazines, newspapers and books), wayfinding or environmental design, advertising, web design, communication design, product packaging, and signage.\r\nGraphic design is applied to everything visual, from road signs to technical schematics, from interoffice memorandums to reference manuals.\r\nDesign can aid in selling a product or idea. It is applied to products and elements of company identity such as logos, colors, packaging and text as part of branding (see also advertising). Branding has become increasingly more important in the range of services offered by graphic designers. Graphic designers often form part of a branding team.\r\nGraphic design is applied in the entertainment industry in decoration, scenery and visual story telling. Other examples of design for entertainment purposes include novels, vinyl album covers, comic books, DVD covers, opening credits and closing credits in filmmaking, and programs and props on stage. This could also include artwork used for T-shirts and other items screenprinted for sale.\r\nFrom scientific journals to news reporting, the presentation of opinion and facts is often improved with graphics and thoughtful compositions of visual information - known as information design. Newspapers, magazines, blogs, television and film documentaries may use graphic design. With the advent of the web, information designers with experience in interactive tools are increasingly used to illustrate the background to news stories. Information design can include data visualization, which involves using programs to interpret and form data into a visually compelling presentation, and can be tied in with information graphics.","materialsDescription":"<span style=\"font-weight: bold;\">What is graphic design and what does it include?</span>\r\nGraphic design is a design process that combines text and graphics in a way that is intended to communicate a specific message.\r\n<span style=\"font-weight: bold;\">Where is graphic design used?</span>\r\nYou will find graphic design in company logos, printed materials like brochures, posters, signs, greeting cards, postcards, business cards, billboards and ads. Advances in technology have brought us the digital environment complete with websites, online ads, virtual brochures and presentations, and so very much more.\r\n<span style=\"font-weight: bold;\">What do graphic designers use to create these designs?</span>\r\nGraphic designers can use hand-illustrated designs as well as computer-aided designs thanks to a wide range of software with nearly endless digital design tools. The availability of software like Adobe Illustrator and Photoshop have become staples of the graphic designer.\r\n<span style=\"font-weight: bold;\">What can a graphic designer do that I can’t do?</span>\r\nA graphic designer does more than just put their creative skills to work. Though most graphic designers are intuitively creative already, they have generally spent time studying numerous design principles. It’s vital to understand how to use design elements to transmit the required messages and values as well as evoke a certain feeling in the viewer. As a visual communicator, they leverage these design elements and use concepts such as color, typography, space, balance, form and lines to create their visual message.\r\nSome graphic designers are also able to understand the more technical aspects of the design required to create digital assets for a company. For example, a web designer is often able to create wireframes, workflows, and sitemaps and understand how to develop easy navigation for the user experience.\r\n<span style=\"font-weight: bold;\">What else does a graphic designer accomplish as part of the work they produce for a client?</span>\r\nBesides turning their client’s vision, brand image and value proposition into a graphic display, a designer will undertake many specialty tasks as part of a graphic design project. The specialty tasks include collaborating on the concept (usually with a team), attending meetings about the project, paying attention to what customers are clicking on, doing presentations that explain the various potential designs, revising designs, and preparing asset files for others on the team and for client use.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Graphics_Design.png"},{"id":569,"title":"Website Design","alias":"website-design","description":" Web design is the process of creating websites. It encompasses several different aspects, including webpage layout, content production, and graphic design. While the terms web design and web development are often used interchangeably, web design is technically a subset of the broader category of web development.\r\nWebsites are created using a markup language called HTML. Web designers build webpages using HTML tags that define the content and metadata of each page. The layout and appearance of the elements within a webpage are typically defined using CSS, or cascading style sheets. Therefore, most websites include a combination of HTML and CSS that defines how each page will appear in a browser.\r\nSome web designers prefer to hand code pages (typing HTML and CSS from scratch), while others use a "WYSIWYG" editor like Adobe Dreamweaver. This type of editor provides a visual interface for designing the webpage layout and the software automatically generates the corresponding HTML and CSS code. Another popular way to design websites is with a content management system like WordPress or Joomla. These services provide different website templates that can be used as a starting point for a new website. Webmasters can then add content and customize the layout using a web-based interface.\r\nWhile HTML and CSS are used to design the look and feel of a website, images must be created separately. Therefore, graphic design may overlap with web design, since graphic designers often create images for use on the Web. Some graphics programs like Adobe Photoshop even include a "Save for Web…" option that provides an easy way to export images in a format optimized for web publishing.","materialsDescription":" <span style=\"font-weight: bold;\">Why is Web Design Important?</span>\r\nIt can be difficult to understand why most businesses are willing to pay top dollar for web design work. After all, having a functional website matters more than how it looks, right? Unfortunately, this isn’t the case. Today, the most important aspect of an online business presence in web design.\r\nThis means that businesses should always try to find the best web styles that work for their businesses. Although there are several people who can create websites, it takes a skilled person to design a website that looks polished and functional. Here are some more reasons why web design is important to good business.\r\n<span style=\"font-weight: bold;\">A Good Site Increases Customer Conversion</span>\r\nWhen a business has a well-designed website, it becomes easier to get more customer conversions. This is because a well-designed website uses its elements to lead customers directly to what they need without distractions.\r\n<span style=\"font-weight: bold;\">A Responsive Website Helps Business Reach More Clients</span>\r\nAccording to recent research by Pew Research Center, it was discovered that more and more users are using their mobile phones to do business. This means that businesses need to take advantage of this new set of customers by creating websites that can get clients who are away from their computers.\r\n<span style=\"font-weight: bold;\">Websites Help in Business Branding</span>\r\nA poor looking website will damage the brand of any company while a scummy-looking website drives customers away. However, an elegant website will help people to connect with a business’s branding. A website with a user-friendly page tends to attract clients more to businesses.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Website_Design.png"},{"id":591,"title":"Software Development","alias":"software-development","description":" Software development is the process of conceiving, specifying, designing, programming, documenting, testing, and bug fixing involved in creating and maintaining applications, frameworks, or other software components. Software development is a process of writing and maintaining the source code, but in a broader sense, it includes all that is involved between the conception of the desired software through to the final manifestation of the software, sometimes in a planned and structured process. Therefore, software development may include research, new development, prototyping, modification, reuse, re-engineering, maintenance, or any other activities that result in software products.\r\nSoftware can be developed for a variety of purposes, the three most common being to meet specific needs of a specific client/business (the case with custom software), to meet a perceived need of some set of potential users (the case with commercial and open-source software), or for personal use (e.g. a scientist may write software to automate a mundane task). Embedded software development, that is, the development of embedded software, such as used for controlling consumer products, requires the development process to be integrated with the development of the controlled physical product. System software underlies applications and the programming process itself and is often developed separately.\r\nThe need for better quality control of the software development process has given rise to the discipline of software engineering, which aims to apply the systematic approach exemplified in the engineering paradigm to the process of software development.\r\nThere are many approaches to software project management, known as software development life cycle models, methodologies, processes, or models. The waterfall model is a traditional version, contrasted with the more recent innovation of agile software development.","materialsDescription":" <span style=\"font-weight: bold; \">What is software development?</span>\r\nSoftware itself is the set of instructions or programs that tell a computer what to do. It is independent of hardware and makes computers programmable. There are three basic types:\r\n<span style=\"font-weight: bold; \">System software</span> to provide core functions such as operating systems, disk management, utilities, hardware management, and other operational necessities.\r\n<span style=\"font-weight: bold; \">Programming software</span> to give programmers tools such as text editors, compilers, linkers, debuggers and other tools to create code.\r\n<span style=\"font-weight: bold; \">Application software</span> (applications or apps) to help users perform tasks. Office productivity suites, data management software, media players and security programs are examples. Applications also refer to web and mobile applications like those used to shop on Amazon.com, socialize with Facebook or post pictures to Instagram.\r\nA possible fourth type is <span style=\"font-weight: bold; \">embedded software.</span> Embedded systems software is used to control machines and devices not typically considered computers — telecommunications networks, cars, industrial robots and more. These devices, and their software, can be connected as part of the Internet of Things (IoT).\r\nSoftware development is primarily conducted by programmers, software engineers, and software developers. These roles interact and overlap, and the dynamics between them vary greatly across development departments and communities.\r\n<span style=\"font-weight: bold; \">Programmers, or coders,</span> write source code to program computers for specific tasks like merging databases, processing online orders, routing communications, conducting searches or displaying text and graphics. Programmers typically interpret instructions from software developers and engineers and use programming languages like C++ or Java to carry them out.\r\n<span style=\"font-weight: bold; \">Software engineers</span> apply engineering principles to build software and systems to solve problems. They use modeling language and other tools to devise solutions that can often be applied to problems in a general way, as opposed to merely solving for a specific instance or client. Software engineering solutions adhere to the scientific method and must work in the real world, as with bridges or elevators.\r\n<span style=\"font-weight: bold; \">Software developers</span> have a less formal role than engineers and can be closely involved with specific project areas — including writing code. At the same time, they drive the overall software development lifecycle — including working across functional teams to transform requirements into features, managing development teams and processes, and conducting software testing and maintenance.\r\nThe work of software development isn’t confined to coders or development teams. Professionals such as scientists, device fabricators, and hardware makers also create software code even though they are not primarily software developers. Nor is it confined to traditional information technology industries such as software or semiconductor businesses. In fact, according to the Brookings Institute, those businesses “account for less than half of the companies performing software development.”\r\nAn important distinction is custom software development as opposed to commercial software development. Custom software development is the process of designing, creating, deploying and maintaining software for a specific set of users, functions or organizations. In contrast, commercial off-the-shelf software (COTS) is designed for a broad set of requirements, allowing it to be packaged and commercially marketed and distributed.\r\n<span style=\"font-weight: bold;\">Steps in the software development process</span>\r\nDeveloping software typically involves the following steps:\r\n<ul><li><span style=\"font-weight: bold;\">Selecting a methodology</span> to establish a framework in which the steps of software development are applied. It describes an overall work process or roadmap for the project. Methodologies can include Agile development, DevOps, Rapid Application Development (RAD), Scaled Agile Framework (SAFe), Waterfall and others.</li><li><span style=\"font-weight: bold;\">Gathering requirements</span> to understand and document what is required by users and other stakeholders.</li><li><span style=\"font-weight: bold;\">Choosing or building architecture</span> as the underlying structure within which the software will operate.</li><li><span style=\"font-weight: bold;\">Developing a design</span> around solutions to the problems presented by requirements, often involving process models and storyboards.</li><li><span style=\"font-weight: bold;\">Constructing code</span> in the appropriate programming language. Involves peer and team review to eliminate problems early and produce quality software faster.</li><li><span style=\"font-weight: bold;\">Testing</span> with pre-planned scenarios as part of software design and coding — and conducting performance testing to simulate load testing on the application.</li><li><span style=\"font-weight: bold;\">Managing configuration and defects</span> to understand all the software artifacts (requirements, design, code, test) and build distinct versions of the software. Establish quality assurance priorities and release criteria to address and track defects.</li><li><span style=\"font-weight: bold;\">Deploying</span> the software for use and responding to and resolving user problems.</li><li><span style=\"font-weight: bold;\">Migrating data</span> to the new or updated software from existing applications or data sources if necessary.</li><li><span style=\"font-weight: bold;\">Managing and measuring the project</span> to maintain quality and delivery over the application lifecycle, and to evaluate the development process with models such as the Capability Maturity Model (CMM).</li></ul>\r\nThe steps of the software development process fit into application lifecycle management.\r\n<ul><li>Requirements analysis and specification</li><li>Design and development</li><li>Testing</li><li>Deployment</li><li>Maintenance and support</li></ul>\r\nSoftware development process steps can be grouped into the phases of the lifecycle, but the importance of the lifecycle is that it recycles to enable continuous improvement. For example, user issues that surface in the maintenance and support phase can become requirements at the beginning of the next cycle.\r\n<span style=\"font-weight: bold;\">Why is software development important?</span>\r\nSoftware development is important because it helps businesses differentiate themselves and be more competitive. It can improve customer experiences, bring more innovative, feature-rich products to market faster, and make operations more efficient, safe and productive.\r\nSoftware development is also important because it is pervasive.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Software_Development.png"},{"id":593,"title":"Mobile Software Development","alias":"mobile-software-development","description":" Mobile app development is the act or process by which a mobile app is developed for mobile devices, such as personal digital assistants, enterprise digital assistants or mobile phones. These applications can be pre-installed on phones during manufacturing platforms, or delivered as web applications using server-side or client-side processing (e.g., JavaScript) to provide an "application-like" experience within a Web browser. Application software developers also must consider a long array of screen sizes, hardware specifications, and configurations because of intense competition in mobile software and changes within each of the platforms. Mobile app development has been steadily growing, in revenues and jobs created. A 2013 analyst report estimates there are 529,000 direct app economy jobs within the EU 28 members, 60% of which are mobile app developers.\r\nAs part of the development process, mobile user interface (UI) design is also essential in the creation of mobile apps. Mobile UI considers constraints, contexts, screen, input, and mobility as outlines for design. The user is often the focus of interaction with their device, and the interface entails components of both hardware and software. User input allows for the users to manipulate a system, and device's output allows the system to indicate the effects of the users' manipulation. Mobile UI design constraints include limited attention and form factors, such as a mobile device's screen size for a user's hand(s). Mobile UI contexts signal cues from user activity, such as location and scheduling that can be shown from user interactions within a mobile app. Overall, mobile UI design's goal is mainly for an understandable, user-friendly interface. The UI of mobile apps should: consider users' limited attention, minimize keystrokes, and be task-oriented with a minimum set of functions. This functionality is supported by mobile enterprise application platforms or integrated development environments (IDEs).\r\nMobile UIs, or front-ends, rely on mobile back-ends to support access to enterprise systems. The mobile back-end facilitates data routing, security, authentication, authorization, working off-line, and service orchestration. This functionality is supported by a mix of middleware components including mobile app server, mobile backend as a service (MBaaS), and service-oriented architecture (SOA) infrastructure. ","materialsDescription":" <span style=\"font-weight: bold;\">What is the native app development?</span>\r\nUnlike websites and web applications, native mobile apps don’t run in the browser. You need to download them from platform-specific app stores such as Apple’s App Store and Google Play. After installation, you can access each app by tapping its respective icon on the screen of your device.\r\nNative app development requires different skills and technologies than mobile website development. You don’t have to worry about browser behavior and compatibility. You can use the native features of mobile OSs to deliver the user experience and implement the functionalities of your app.\r\n<span style=\"font-weight: bold;\">What is the difference between a native mobile app and a hybrid app?</span>\r\nMobile apps have two types: native and hybrid apps. At first glance, both have similar features and design but the underlying technology is different. As the name suggests, hybrid apps are a combination of web apps and native mobile apps. You can build them using web technologies: HTML, CSS, and JavaScript. You can also upload them to app stores and users can install them as native Android or iOS applications.\r\nThe main advantages of hybrid apps are portability and the simplicity of development. You only have to write the code once and your hybrid app will run on different operating systems. You can use hybrid frameworks like Ionic and Apache Cordova to create cross-platform hybrid applications. By contrast, native mobile apps have to be written in platform-specific languages such as Java, Swift, or Objective-C.\r\nNative mobile apps can access the built-in features of smartphones such as the camera and microphone by default. If you have a hybrid app you need to rely on plugins like Cordova plugins to use the native capabilities of the user’s device.\r\nHybrid apps also depend on WebViews to render their user interfaces. WebViews are in-app browsers that allow mobile applications to access and display web content. This is how Android and iOS devices are able to run hybrid apps built with HTML, CSS, and JavaScript as native mobile applications.\r\n<span style=\"font-weight: bold;\">What are the benefits of native mobile app development?</span>\r\nAlthough hybrid apps are easier and cheaper to develop, native mobile apps have many benefits, too.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Better performance</span></span>\r\nNative mobile apps directly interact with native APIs without depending on middleware such as plugins and WebViews. As there are fewer dependencies, native mobile apps are faster and more responsive than hybrid apps. This is especially important for performance-centric apps like games and graphic-heavy applications.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Consistent look and feel</span></span>\r\nAs native mobile apps are developed using native SDKs (software development kits), their UIs look consistent with their platform. This ensures a better user experience, as there are no discrepancies between the OS and app design.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Immediate access to new features</span></span>\r\nNative mobile apps can immediately access the latest iOS or Android features. As web technologies can’t directly use native APIs, hybrid apps have to wait until there’s a plugin that supports the new feature.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Better compliance with app store guidelines</span></span>\r\nBecause of their architecture, native mobile apps comply better with app store guidelines. In 2017, Apple restricted its submission guidelines. Since then, they have begun to reject apps that rely too much on WebViews, such as Ionic View that allowed developers to test their Ionic applications. As it’s likely that app stores will continue cracking down on hybrid apps, native mobile apps are also a more future-proof investment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Mobile_Software_Development.png"},{"id":595,"title":"iOS Software Development","alias":"ios-software-development","description":"iOS is Apple’s mobile OS that runs on an iPhone, iPad, iPod Touch hardware. Apple provides tools and resources for creating iOS apps and accessories for these devices. As an iOS developer, you can program in native languages such as Swift or Objective-C or build cross-platform native applications using React Native (JavaScript) or Xamarin (C# & F#).<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Developer Requirements.</span> To develop iOS apps, you need a Mac computer running the latest version of Xcode. Xcode is Apple’s IDE (Integrated Development Environment) for both Mac and iOS apps. Xcode is the graphical interface you'll use to write iOS apps. Xcode includes the iOS SDK, tools, compilers, and frameworks you need specifically to design, develop, write code, and debug an app for iOS. For native mobile app development on iOS, Apple suggests using the modern Swift programming language. It is important to note that Xcode only runs on Mac OS X and the only supported way to develop iOS apps. Like desktop software, iOS development software are designed using a range of programming languages and frameworks.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">iOS software development kit. </span>Mobile iOS app creation software requires access to software development kits (SDKs) that provide an environment through which programmers can design and test code in a simulated mobile environment. Some iOS SDK essentials are the Cocoa Touch frameworks that include the UIKit, GameKit, PushKit, Foundation Kit, and MapKit. These frameworks and others allow you manipulate the iPhone or iPad camera, add voice interaction using SiriKit, explore music with MusicKit, expand viewing and listening via AirPlay 2, and even add iMessage Business Chat to your application. iOS 11 added the power of machine learning with Core ML and augmented reality (AR) experiences with ARKit.\r\n<p id=\"Beta_Testing\" style=\" color:#232f3e; \"><span style=\"font-weight: bold; \">Beta Testing.</span> <span style=\"font-weight: normal; \">Once you have built and tested (using XCTest framework or iOS Unit test) your app, you can invite users to your apps and collect feedback using TestFlight prior to deploying to the App Store. This is a good time for testing Push Notifications, data storage using Core Data, and making network calls to 3rd party APIs. To get going, you simply upload a beta build of your app, and use iTunes Connect to add the name and email of testers. <br /></span></p>\r\n<p id=\"Beta_Testing\" style=\" color:#232f3e; \"><span style=\"font-weight: bold; \">Cloud Testing.</span><span style=\"font-weight: normal; \">Testing your iOS app on real devices is critically important since the performance of the real device, different operating system versions, modifications made by manufacturer and carriers firmware may lead to unexpected issues with your app. Testing on real device gives you a more accurate understanding of how your users interact with your app. On the other hand, obtaining physical devices for testing is a logistical challenge. This is where cloud testing comes into play. With cloud testing, you can test your application on real devices that are accessible on the cloud. <br /></span></p>\r\n<p id=\"Beta_Testing\" style=\" color:#232f3e; \"><span style=\"font-weight: bold; \">Deployment.</span> <span style=\"font-weight: normal; \">Once you have built, tested, and beta tested your iOS app, you can deploy to the App Store. At this point, you must join the Apple Developer Program. As a member, you’ll get access to beta iOS app development software, advanced app capabilities, extensive beta testing tools, and app analytics.</span></p>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the advantages of iOS App Development?</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">iOS is easy to use interface.</span> Apple’s iPhone becomes the dream of many smartphone users, providing high customer service and become a market leader for offering unmatched devices. You can attract your Apple users easily if an application will be created on a synchronized environment Apple’s platform. These special flexible User Interface of the features of the iOS app can make your business application more desirable and boost up their sales and earn maximum benefits.</li><li><span style=\"font-weight: bold;\">iOS has more security.</span> iOS platform offers its users stay safe from external threats which is the best part and advantage of this platform. While developing an app for the business, providing a powerful shield against malware, virus and other internet threats for app development of a business. iOS applications are secured applications, allows effortless transaction facilities app without spending more time on testing different devices.</li><li>For <span style=\"font-weight: bold;\">business</span>, there are multiple options available in the highly popular iOS app making software market, this is because important to attract new customers to increase sales and chance to empower your business in the global market. The web is not a safe place for so thanks to a well-developed iPhone app Development Company can increase their availability and protect your customer’s information. With an iOS mobile app, always been an attractive device to the public with constant acknowledgment from App Store and business can flourish on a regular basis.</li><li>iOS users are usually <span style=\"font-weight: bold;\">happy users,</span> an efficiently developed iOS app helps to promote your brand or your organization to enhance productivity with profitability services to reach your targeted audience. iOS application builds a strong relationship with customers and clients, and the great audience to deliver your product and solutions to achieve their goals. Better the application is, strong would be the relationship with the superior brand in consumer electronics.</li><li>iOS applications are <span style=\"font-weight: bold;\">innovation </span>and the latest technology used globally and this can help your business to expand the most secure way. With best iOS app development software is accepted globally, you may transforming traditional business processes in a modern way and find customers from every part of the world.</li></ul>\r\n<h1 class=\"align-center\">What is IDE?</h1>\r\nIDE is the acronym for Integrated Development Environment. This contains a set of tools, resources and programming essentials within itself. It helps software/web/ mobile app developers to create new programs. This is a comprehensive solution for creating software or mobile app independently. These resources make development, deployment and debugging processes very simple. Choosing an IDE for iPhone app development is dependent on the budget, kind of programming language you prefer, etc. There are so many functionalities in an IDE that gives you a lot of benefits for app development.\r\nThe IDE makes strategies and streamlines the development phase for your entire team. It has many tools for automation, programming, debugging, compiling and for interpretation. There are three general types of IDE available. They are cloud-based, software as a service (SaaS) type and installing on the server type. IDE for iOS application development software is preferred bycompanies to reduce development time and costs. It helps in accurate testing and easy coding. Integration is also possible with these IDEs. It is as simple as a word processing program used by developers to create robust mobile applications.<br /> ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_iOS_Software_Development.png"},{"id":597,"title":"Android Software Application","alias":"android-software-application","description":" Android software development is the process by which new applications are created for devices running the Android operating system. Google states that "Android apps can be written using Kotlin, Java, and C++ languages" using the Android software development kit (SDK), while using other languages is also possible. All non-JVM languages, such as Go, JavaScript, C, C++ or assembly, need the help of JVM language code, that may be supplied by tools, likely with restricted API support. Some languages/programming tools allow cross-platform app support, i.e. for both Android and iOS. Third party tools, development environments and language support have also continued to evolve and expand since the initial SDK was released in 2008. In addition, with major business entities like Walmart, Amazon, Bank of America etc. eyeing to engage and sell through mobiles, mobile application development is witnessing a transformation.\r\nAndroid was created by the Open Handset Alliance, which is led by Google. The early feedback on developing applications for the Android platform was mixed. Issues cited include bugs, lack of documentation, inadequate QA infrastructure, and no public issue-tracking system. In December 2007, MergeLab mobile startup founder Adam MacBeth stated, "Functionality is not there, is poorly documented or just doesn't work... It's clearly not ready for prime time." Despite this, Android-targeted applications began to appear the week after the platform was announced. The first publicly available application was the Snake game.\r\nA preview release of the Android SDK was released on November 12, 2007. On July 15, 2008, the Android Developer Challenge Team accidentally sent an email to all entrants in the Android Developer Challenge announcing that a new release of the SDK was available in a "private" download area. The email was intended for winners of the first round of the Android Developer Challenge. The revelation that Google was supplying new SDK releases to some developers and not others (and keeping this arrangement private) led to widely reported frustration within the Android developer community at the time.\r\nOn August 18, 2008, the Android 0.9 SDK beta was released. This release provided an updated and extended API, improved development tools and an updated design for the home screen. Detailed instructions for upgrading are available to those already working with an earlier release. On September 23, 2008, the Android 1.0 SDK (Release 1) was released. According to the release notes, it included "mainly bug fixes, although some smaller features were added." It also included several API changes from the 0.9 version. Multiple versions have been released since it was developed.\r\nOn December 5, 2008, Google announced the first Android Dev Phone, a SIM-unlocked and hardware-unlocked device that is designed for advanced developers. It was a modified version of HTC's Dream phone. While developers can use regular consumer devices to test and use their applications, some developers may choose a dedicated unlocked or no-contract device.\r\nAs of July 2013, more than one million applications have been developed for Android, with over 25 billion downloads. A June 2011 research indicated that over 67% of mobile developers used the platform, at the time of publication. Android smartphone shipments are forecast to exceed 1.2 billion units in 2018 with an 85% market share.","materialsDescription":" <span style=\"font-weight: bold;\">Where does Android come from?</span>\r\nIt comes from Google, who actually acquired Android in 2005 (no, Google didn't invent it). The search giant performs regular updates along with an annual major update.\r\nThe operating system is based on the Linux kernel – if you have friends who work in IT, you may have heard of it. This is the GNU / Linux operating system based structure, which is a unix type system (portable operating system, multitasking and multi-user). The Linux kernel is one of the most prominent examples of free software.\r\n<span style=\"font-weight: bold;\">Why does Android look different on each phone?</span>\r\nAndroid doesn't look different on every device, but it does have a number of different versions. Android is open-source, which means that manufacturers are free to customize the software and make it their own.\r\nThe 'purest' version of Android is often referred to as 'stock Android' and it's often preferred by the Android community: it's the original software as Google intended.\r\nOther user interfaces (UI) include Samsung's TouchWiz, Sony's Xperia, and Huawei's Emotion. See what they all look like in our Android UI comparison.\r\n<span style=\"font-weight: bold;\">What are the advantages of Android?</span>\r\nChoice. For example, if you want iOS, you have a choice of iPhone, iPhone or iPhone. If you go for Android there are stacks of great devices to choose from, from cheap and cheerful handsets to really impressive flagships. Those flagships are often cheaper than the equivalent Apple devices, too.\r\nAndroid’s choice isn’t just about hardware. It’s about everything else too. Android is incredibly easy to customize, both in terms of how it looks and how it works, and the various app stores aren’t as tightly controlled as its rivals’ stores, like Apple.\r\n<span style=\"font-weight: bold;\">What’s with the candy names?</span>\r\nEach new version of Android gets a code name based on consecutive letters of the alphabet. The most recent version is known as Marshmallow because it is the Android M release. Previous versions have included Lollipop, KitKat, Jelly Bean and Gingerbread.\r\n<span style=\"font-weight: bold;\">What’s the best thing about Android?</span>\r\nOptions, many options. With Android, you have hundreds of gadgets at your disposal, the cheapest, the most expensive and innovative market. Android is also incredibly customizable, both in their roles, as in his appearance. You can really make a unique mobile experience for yourself with this OS.\r\n<span style=\"font-weight: bold;\">What’s the worst thing about Android?</span>\r\nGetting updates. In many cases, manufacturers don’t seem to care about providing software updates for devices they’ve already sold you. Even when they do provide updates they take their sweet time about it. That’s why some consider rooting: you can download the updates yourself and apply them instead of waiting for the manufacturer to get around to it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Android_Software_Application.png"},{"id":601,"title":"Custom Software Development","alias":"custom-software-development","description":" Custom software (also known as bespoke software or tailor-made software) is software that organization for some specific organization or another user. As such, it can be contrasted with the use of software packages developed for the mass market, such as commercial off-the-shelf (COTS) software, or existing free software.\r\nSince custom software is developed for a single customer it can accommodate that customer's particular preferences and expectations. Custom software may be developed in an iterative process, allowing all nuances and possible hidden risks to be taken into account, including issues which were not mentioned in the original requirement specifications (which are, as a rule, never perfect). In particular, the first phase in the software development process may involve many departments, materchode including marketing, engineering, research and development and general management.\r\nLarge companies commonly use custom software for critical functions, including content management, inventory management, customer management, human resource management, or otherwise to fill the gaps present in the existing software packages. Often such software is legacy software, developed before COTS or free software packages offering the required functionality became available.\r\nCustom software development is often considered expensive compared to off-the-shelf solutions or products. This can be true if one is speaking of typical challenges and typical solutions. However, it is not always true. In many cases, COTS software requires customization to correctly support the buyer's operations. The cost and delay of COTS customization can even add up to the expense of developing custom software. Cost is not the only consideration, however, as the decision to opt for custom software often includes the requirement for the purchaser to own the source code, to secure the possibility of future development or modifications to the installed system.\r\nAdditionally, COTS comes with upfront license costs which vary enormously but sometimes run into the millions (in terms of dollars). Furthermore, the big software houses that release COTS products revamp their product very frequently. Thus a particular customization may need to be upgraded for compatibility every two to four years. Given the cost of customization, such upgrades also turn out to be expensive, as a dedicated product release cycle will have to be earmarked for them.\r\nThe decision to build custom software or go for a COTS implementation would usually rest on one or more of the following factors:\r\n<ul><li>Finances - both cost and benefit: The upfront license cost for COTS products mean that a thorough cost-benefit analysis of the business case needs to be done. However it is widely known that large custom software projects cannot fix all three of scope, time/cost and quality constant, so either the cost or the benefits of a custom software project will be subject to some degree of uncertainty - even disregarding the uncertainty around the business benefits of a feature that is successfully implemented.</li><li>Supplier - In the case of COTS, is the supplier likely to remain in business long, and will there be adequate support and customization available? Alternatively, will there be a realistic possibility of getting support and customization from third parties? In the case of custom software, software development may be outsourced or done in-house. If it is outsourced, the question is: is the supplier reputable, and do they have a good track record?</li><li>Time to market: COTS products usually have a quicker time to market</li><li>Size of implementation: COTS comes with standardization of business processes and reporting. For a global or national organization, these can bring in gains in cost savings, efficiency and productivity, if the branch offices are all willing and able to use the same COTS without heavy customizations (which is not always a given).</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is custom software such a large investment?</span>\r\nBuilding a custom web application is a time-consuming endeavor. It takes time to learn the processes of your business, to gather requirements, to flesh out your needs, and to build the software. Put simply, time is money.\r\nWhile it’s a large investment, by investing in custom software, you’ll own the code instead of having a long-term licensing agreement with another software company.\r\n<span style=\"font-weight: bold;\">How could my business benefit from custom software?</span>\r\nA custom business software solution increases process efficiency through process automation. When business processes are properly automated, they minimize the waste in time and resources that the original processes contained.\r\nThink of it this way: with software that already exists, you have to modify your process to meet software capabilities. With custom software, you can build a system around the existing processes you have in place. You took a lot of time to develop those processes, so why should you revamp your business?\r\n<span style=\"font-weight: bold;\">What is IP and how important is it that I own it?</span>\r\nIP stands for Intellectual Property. When you deal with anything creative, you have to think about copyright and the intellectual property on that work and that includes the creation of software code.\r\nThis gets back to the question of buying vs. building. If there is an existing solution that can suit your needs just fine, then it makes sense to buy, but the software developer owns the code and you are basically licensing the software from there. However, if you need a specialized solution that is customized to your needs and decide to go the custom development route, then the question of who owns the code is an important one.\r\n<span style=\"font-weight: bold;\">I’m thinking about hiring someone offshore; what should I watch out for?</span>\r\nIn short, everything. Language barriers and lack of proximity lead to breakdowns in communication and quality. Do yourself a favor and stay local.\r\nOn a related note, if you’re thinking about hiring for the position internally, think about this: it takes around three people to complete a successful custom software project. If you hire someone internally, their salary might cost what it would take to build with us, and you get a whole team when you work with us. Plus, if your software developer decides to leave, they take their knowledge with them. If one of our team members leave, our whole team shares the knowledge so you’re not left in the dark.\r\n<span style=\"font-weight: bold;\">If things don’t go well, am I sunk?</span>\r\nWe make communication and transparency are top priorities so this doesn’t happen. Right out of the gate we work hard to make sure that not only the project is a good fit, but the relationship with the client is as well. Through each step of the process and the build, we keep you in the loop weekly so you know what to expect and what is happening, but a good development company should have places in their process/relationship where you can cleanly exit. Make sure you know what the process is for leaving and what those different ‘leaving’ options are.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Custom_Software_Development.png"},{"id":609,"title":".Net Development","alias":"net-development","description":" .NET Framework is a software framework developed by Microsoft that runs primarily on Microsoft Windows. It includes a large class library named Framework Class Library (FCL) and provides language interoperability (each language can use code written in other languages) across several programming languages. Programs written for .NET Framework execute in a software environment (in contrast to a hardware environment) named Common Language Runtime (CLR), an application virtual machine that provides services such as security, memory management, and exception handling. As such, computer code written using .NET Framework is called "managed code". FCL and CLR together constitute the .NET Framework.\r\nFCL provides user interface, data access, database connectivity, cryptography, web application development, numeric algorithms, and network communications. Programmers produce software by combining their source code with .NET Framework and other libraries. The framework is intended to be used by most new applications created for the Windows platform. Microsoft also produces an integrated development environment largely for .NET software called Visual Studio.\r\n.NET Framework began as proprietary software, although the firm worked to standardize the software stack almost immediately, even before its first release. Despite the standardization efforts, developers, mainly those in the free and open-source software communities, expressed their unease with the selected terms and the prospects of any free and open-source implementation, especially regarding software patents. Since then, Microsoft has changed .NET development to more closely follow a contemporary model of a community-developed software project, including issuing an update to its patent promising to address the concerns.\r\n.NET Framework led to a family of .NET platforms targeting mobile computing, embedded devices, alternative operating systems, and web browser plug-ins. A reduced version of the framework, .NET Compact Framework, is available on Windows CE platforms, including Windows Mobile devices such as smartphones. .NET Micro Framework is targeted at very resource-constrained embedded devices. Silverlight was available as a web browser plugin. Mono is available for many operating systems and is customized into popular smartphone operating systems (Android and iOS) and game engines. .NET Core targets the Universal Windows Platform (UWP), and cross-platform and cloud computing workloads.","materialsDescription":"When Microsoft formally introduced its .NET strategy in mid-2000, analysts were confused about how the company would pull off such a massive platform shift. Over two years later, they're still wondering. But .NET isn't vaporware, and it's not a pipe dream. In fact, .NET is happening today.\r\n<span style=\"font-weight: bold; \">What is .NET?</span>\r\nActually, .NET is many things, but primarily it's a marketing term for a set of products and technologies that Microsoft is creating to move personal and enterprise computing beyond the PC desktop and into a distributed Internet-based environment. So .NET--which was originally called Next Generation Windows Services (NGWS)--is also a platform, one that Microsoft sees as the successor to Windows. The .NET platform is based on Web services which are, in turn, defined by a language called XML.\r\n<span style=\"font-weight: bold; \">What is XML?</span>\r\nXML--the eXtensible Markup Language--is a self-descriptive, data definition language. It's structure is similar to HTML, the language of the Web, but it's far more powerful because it's not limited to a static list of language constructs ("tags") that the language's authors supply. Instead, XML is extensible and dynamic: Programmers can define new types of data using XML and then describe that data so that others will know how to use it.\r\n<span style=\"font-weight: bold; \">What are Web services?</span>\r\nWeb services are functions exposed by server-side applications. They are programmable units that other applications (and Web services) can access over the Internet.\r\n<span style=\"font-weight: bold; \">Does .NET require Windows?</span>\r\nTechnically, no, but realistically, yes. It's possible the .NET platform could be ported to other operating systems, such as Linux, FreeBSD, the Macintosh, or whatever, and indeed, some work is being done now in this area. However, .NET very much requires Windows today, on both the server and the client. One might say that .NET and Windows have a symbiotic relationship going forward.\r\n<span style=\"font-weight: bold; \">Is .NET is being ported to Linux?</span>\r\nYes. A company called Ximian is porting the standards-based parts of .NET to Linux as you read this, and the work is amazingly far along. Code-named Mono, this project seeks to bring the C# programming language, the Common Language Runtime (CLR, see below), and other .NET features to Linux.\r\nOn a related note, Microsoft has contracted Corel (makers of CorelDRAW and Word Perfect) to port .NET to FreeBSD.\r\n<span style=\"font-weight: bold; \">Isn't .NET just another name for COM, COM+, Windows DNA, or some other previous Windows technology?</span>\r\nActually, no. Microsoft spent considerable time and effort developing and promoting a set of Windows technologies that was at various times called OLE, COM, COM+, and Windows DNA (Distributed InterNet Architecture) but .NET is not the next iteration. Windows DNA, which was the final umbrella term for this set of technologies, was based around a concept where Windows-based software components could expose their services for other local and remote Windows software components. But though this sounds passingly similar to .NET, Windows DNA is very much based on proprietary Windows technologies. By comparison, .NET is based on open standards (XML and various related technologies), so it will be much easier for other vendors to adopt the platform and write compatible software. So we can eventually expect to see .NET clients and servers on platforms other than Windows.\r\n<span style=\"font-weight: bold; \">So what technologies are part of .NET?</span>\r\n.NET is comprised of several related technologies, including:\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">.NET Framework</span></span> - A runtime environment and set of standard services which .NET capable applications and services can utilize. Implemented as a code library, the .NET Framework includes the Common Language Runtime (CLR), the .NET run-time environment; ASP .NET, a Web applications platform; and ADO .NET, for data store access.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">.NET Compact Framework</span></span> - A subset of the .NET Framework designed for Pocket PCs, Microsoft Smart Phones, and other Windows CE .NET-based mobile devices.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">MSN consumer services</span></span> - Microsoft will use its consumer-oriented MSN online service to expose Web services to individuals. The current version, MSN 8, includes the .NET Passport's authentication services, email, address book, calendaring and tasks, and other similar services.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">.NET Enterprise Servers</span></span> - An extensive set of Microsoft server software that runs on Windows servers, including Application Server, BizTalk Server, Exchange Server, Host Integration Server, Internet Security and Acceleration Server, SQL Server, and many others. Microsoft is currently shipping many such server products, but they are all based on Windows DNA currently, not .NET. Future server products--beginning with Windows .NET Server 2003, due in April 2003--will actually be based on .NET technologies for the first time.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Visual Studio .NET</span></span> - Microsoft's .NET development environment, with support for languages such as Visual Basic .NET, Visual C++ .NET, Visual C# .NET, and Visual J#, which all target the .NET Framework. Other vendors can add other language capabilities to Visual Studio .NET, and the suite can be used to target a wide range of applications and services, including .NET Web services, Windows applications, and Web applications. Note that Visual Studio .NET is not required to create .NET applications and services: Developers can download the .NET Framework for free; this download includes compilers for Visual Basic .NET, Visual C++ .NET and Visual C# .NET.\r\n<span style=\"font-weight: bold;\">OK, so what's the point? How does this make my life better?</span>\r\nWith apologies to Microsoft for stealing the term, .NET enables a better PC ecosystem. That is, by making life easier for everyone involved with PCs, the benefits are cross-pollinated. Here's how .NET makes life easier on various groups:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Programmers</span></span> - Because developers now have a consistent, language-neutral programming environment, they can create better applications and services more quickly. And because .NET encompasses such a wider range of functionality, those applications and services can be connected to back-end services via the Internet, offering better, and more exciting functionality.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">IT administrators</span></span> - Because .NET applications and services do away with the "DLL Hell" found in previous Windows applications, they are amazingly easy to distribute and install.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">End users</span></span> - For the reasons listed above, and many others, a new generation of .NET applications and services will provide new types of connected functionality. Access your email from anywhere. Pay for products online without typing in your credit card information. Access weather, traffic, music, and other personal information from a variety of devices, from anywhere in the world. The future is all connected, and .NET will get us there.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Net_Development.png"},{"id":613,"title":"C# Development","alias":"c-development","description":" C#, (C-Sharp) is a programming language that combines object-oriented and aspect-oriented concepts. Developed in 1998–2001 by a group of engineers under the leadership of Anders Hejlsberg at Microsoft as the main language for developing applications for the Microsoft .NET platform. The compiler with C# is included in the standard installation of the .NET itself, so programs on it can be created and compiled even without tools like Visual Studio.\r\nC# refers to a family of languages with a C-like syntax, of which its syntax is closest to C++ and Java. The language has strict static typing, supports polymorphism, operator overloading, pointers to member functions of classes, attributes, events, properties, exceptions, comments in XML format. Having taken a lot from their predecessors - C++, Java, Delphi, Modula and Smalltalk - C#, based on the practice of using them, excludes some models that have proven to be problematic when developing software systems: thus, C # does not support multiple class inheritance (unlike C ++).\r\nC# was developed as an application level programming language for the CLR and, as such, depends primarily on the capabilities of the CLR itself. This concerns, first of all, the C # type system, which reflects FCL. The presence or absence of certain expressive features of the language is dictated by whether a particular language feature can be translated into the corresponding CLR constructs. So, with the development of the CLR from version 1.1 to 2.0, C # itself was significantly enriched; similar interaction should be expected in the future. (However, this pattern was broken with the release of C # 3.0, which are language extensions that do not rely on .NET platform extensions.) The CLR provides C #, like all other .NET-oriented languages, many of the features that the “classical” programming languages lack. For example, garbage collection is not implemented in C # itself, but the CLR is done for programs written in C # just like it is done for programs on VB.NET, J #, and others.","materialsDescription":"<span style=\"font-weight: bold;\"> Why is it necessary to study the C# programming language?</span>\r\n<span style=\"font-weight: bold;\">Reason # 1. Language program C# develops.</span>\r\nNew programming languages appear annually. And the main demand is expanding and progressing. Since the C# programming language was created and accompanied by Microsoft, this technological “hippopotamus” periodically makes improvable with the addition of useful functions in C #, and you can be sure that it will perform many, many iterations ... Also, billions of lines of code are written all over the world not only under Microsoft, so the work is foreseen to everyone who wants to learn the C # programming language.\r\n<span style=\"font-weight: bold;\">Reason # 2. Your bright future with C#.</span>\r\nThis item smoothly continues the previous one. According to the ratings of the domestic DOU, it is clear that the C# programming language in Ukraine is in 3rd place in 2018 among programming languages. And in the world charts on the 4th place by PYPL PopularitY of Programming Language is a rating using Google Trends.\r\n<span style=\"font-weight: bold;\">Reason # 3. The possibility of greater profits.</span>\r\nOf course, this statement should be evaluated relatively by comparison. Today they like to say: “A programmer’s working time is more expensive than additional memory or a more powerful computer processor. It is recommended to choose more modern tools that don’t over-brain a programmer.”\r\nOn the other hand, when they talk about C#, they always mean speed and large, valuable, serious projects, even Megaprojects. For example, in C#, the Linux kernel, Unix, libraries, environment, interpreters of many modern programming languages are written.\r\n<span style=\"font-weight: bold;\">Reason # 4. C# has a huge set of use cases.</span>\r\n<ul><li>The C # programming language is mainly used to create corporate software, financial projects, for example, for banks and stock exchanges, in particular, mobile applications, cloud services.</li><li>Compared to Java, C# interacts more easily with code written in other languages. And it is precisely in C# that extensions are often written for other programming languages used as a layer between the C # library and the language, the possibilities of which are planned to be extended for specific purposes.</li><li>A pretty popular blockchain in C#.</li><li>C# is widely used in developing games on Unity. Have you ever heard of Unity? Unity is a popular game engine. This means that hundreds of thousands of games, including the most popular, were created using C#.</li><li>C# is good for working with iron, the so-called embedded. Asking what is embedded technology? Embedded system - a specialized computer system or computing device designed to perform a limited number of functions, from Wikipedia: traffic lights, cash registers, vending machines, set-top boxes, test equipment, etc.</li><li>The popular C# programming language is equally good for IoT. Again, what is IoT? IoT (Internet of Things) is a concept of a comprehensive Internet, Internet connection of refrigerators, air conditioners, cars and even sneakers with the aim of providing its owner with greater comfort, and on the other hand increasing their retailers' profits, calculating the amount of what, how much and when availability in warehouses, obtaining certain information about a person and his habits, about the environment.</li><li>Science and its application, for example, conducting complex experimental calculations, cryptography, pattern recognition, and the like.</li></ul>\r\n<span style=\"font-weight: bold;\">Reason # 5. C# is strongly typed, so it is easier for them to master beginners</span>\r\nAs for the comparison of programming languages, it should be noted that the C# programming language is multi-level. This means that it is somewhat similar to English. The C# programming language has strong static typing, supports polymorphism, operator overloading, pointers to member functions of classes, attributes, events, properties, exceptions, comments in XML format. Having adopted a lot from their predecessors - C++, Delphi, Modula, Smalltalk - in C #, relying on the practice of using them, deliberately excluded some models that proved to be problematic when developing software systems in the above-mentioned programming languages.\r\nThe syntax is quite minimalistic - with manual memory management. This is inconvenient for many, but tracking the correctness of functions, understanding the transmission of arguments is closely related to the study of the C# programming language.\r\nSince the syntax of C# is close to C, C++ and Java, then, fluent in C #, you can later learn them in one breath.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_C_Development.png"},{"id":615,"title":"Web Development","alias":"web-development","description":" Web development is the work involved in developing a website for the Internet (World Wide Web) or an intranet (a private network). Web development can range from developing a simple single static page of plain text to complex web-based internet applications (web apps), electronic businesses, and social network services. A more comprehensive list of tasks to which web development commonly refers, may include web engineering, web design, web content development, client liaison, client-side/server-side scripting, web server and network security configuration, and e-commerce development.\r\nAmong web professionals, "web development" usually refers to the main non-design aspects of building websites: writing markup and coding. Web development may use content management systems (CMS) to make content changes easier and available with basic technical skills.\r\nFor larger organizations and businesses, web development teams can consist of hundreds of people (web developers) and follow standard methods like Agile methodologies while developing websites. Smaller organizations may only require a single permanent or contracting developer, or secondary assignment to related job positions such as a graphic designer or information systems technician. Web development may be a collaborative effort between departments rather than the domain of a designated department. There are three kinds of web developer specialization: front-end developer, back-end developer, and full-stack developer. Front-end developers are responsible for behavior and visuals that run in the user browser, while back-end developers deal with the servers.\r\nSince the commercialization of the web, web development has been a growing industry. The growth of this industry is being driven by businesses wishing to use their website to advertise and sell products and services to customers.\r\nThere are many open source tools for web development such as BerkeleyDB, GlassFish, LAMP (Linux, Apache, MySQL, PHP) stack and Perl/Plack. This has kept the cost of learning web development to a minimum. Another contributing factor to the growth of the industry has been the rise of easy-to-use WYSIWYG web-development software, such as Adobe Dreamweaver, BlueGriffon and Microsoft Visual Studio. Knowledge of HyperText Markup Language (HTML) or of programming languages is still required to use such software, but the basics can be learned and implemented quickly.\r\nAn ever-growing set of tools and technologies have helped developers build more dynamic and interactive websites. Further, web developers now help to deliver applications as web services which were traditionally only available as applications on a desk-based computer. This has allowed for many opportunities to decentralize information and media distribution. Examples can be seen with the rise of cloud services such as Adobe Creative Cloud, Dropbox and Google Drive. These web services allow users to interact with applications from many locations, instead of being tied to a specific workstation for their application environment.\r\nExamples of dramatic transformation in communication and commerce led by web development include e-commerce. Online auction sites such as eBay have changed the way consumers find and purchase goods and services. Online retailers such as Amazon.com and Buy.com (among many others) have transformed the shopping and bargain-hunting experience for many consumers. Another example of transformative communication led by web development is the blog. Web applications such as WordPress and Movable Type have created blog-environments for individual websites. The increased usage of open-source content management systems and enterprise content management systems has extended web development's impact at online interaction and communication.\r\nWeb development has also impacted personal networking and marketing. Websites are no longer simply tools for work or for commerce, but serve more broadly for communication and social networking. Web sites such as Facebook and Twitter provide users with a platform to communicate and organizations with a more personal and interactive way to engage the public.","materialsDescription":" <span style=\"font-weight: bold; \">What is the Priority of a Web Developer?</span>\r\nTo answer the question “What is a web developer?”, we must first look at what a web developer does and how they do it.\r\nA web developer or programmer is someone who takes a web design – which has been created by either a client or a design team – and turns it into a website. They do this by writing lines and lines of complicated code, using a variety of languages. Web developers have quite a difficult job, because they essentially have to take a language we understand, such as English, and translate it into a language that a computer understands, such as Python or HTML.\r\nAs you can imagine, this can take a lot of time and effort and requires an intricate understanding of various programming languages and how they are used. Different types of developers specialize in different areas, which means that large web projects are usually a collaboration between several different developers.\r\n<span style=\"font-weight: bold; \">What Types Of Web Developers Are There?</span>\r\nUnfortunately, the question “What does a web developer do?” doesn’t have one simple answer. As noted above, there are some different types of web developers, each of which focuses on a different aspect of the creation of a website.\r\nTo understand what is a web developer it is crucial to know that the three main types of developers are front-end, back-end, and full-stack. Front-end developers are responsible for the parts of a website that people see and interact with, back-end developers are responsible for the behind the scenes code that controls how a website loads and runs, and full-stack developers do a bit of everything.\r\n<span style=\"font-weight: bold; \">Front-End Developer</span>\r\nA front-end developer is someone who takes a client or design team’s website design and writes the code needed to implement it on the web. A decent front-end web developer will be fluent in at least three programming languages – HTML, CSS, and JavaScript.\r\nHTML allows them to add content to a website while splitting it into headings, paragraphs, and tables. CSS lets a decent developer style the content and change things like colors, sizes, and borders. JavaScript allows the inclusion of interactive elements, such as push buttons. We will go into more detail about these languages later.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">So, what do web developers do when they work on the front end of a website?</span></span>\r\n<ul><li>What is a web developer responsible for is that they make sure that all of the content that is needed for the website is clear, visible, and found in the right place. In some cases front-end developers may also have content writing skills, allowing them to create the content for the website as they go.</li><li>They make sure that the right colors are in the right places, especially concerning text colors, background colors, and headers. Some of the best front-end developers are also very good designers, allowing them to tweak things as they go.</li><li>They make sure that all outbound links are correctly formatted, that all buttons work properly, and that the website is responsive and attractive. Mobile design is usually a big part of the job, while it is also important to make sure that a website will display correctly on all web browsers.</li></ul>\r\n<span style=\"font-weight: bold;\">Back-End Developer</span>\r\nWhile it may seem like front-end developers have a difficult job making sure that a website looks great, works well, and contains the correct content, back-end developers have it much worse. While front-end developers are responsible for client-side programming, back-end developers have to deal with the server-side.\r\nThis means that they have to create the code and programs which power the website’s server, databases, and any applications that it contains. The most important thing as a back-end developer is the ability to be able to create a clean, efficient code that does what you want it to in the quickest way possible. Since website speed is a major consideration when it comes to search engine optimization (SEO), it is a large factor when developing the back-end.\r\nTo fully explain what is a web developer it is essential to know that back-end developers use a wide range of different server-side languages to build complicated programs. Some of the most popular languages used include PHP, Python, Java, and Ruby. JavaScript is also becoming increasingly widespread as a back-end development language, while SQL is commonly used to manage and analyze data in website databases.\r\nSince different websites have different needs, a back-end developer must be flexible, able to create different programs, and they absolutely must have a clear, in-depth understanding of the languages that they use. This is very important to make sure that they can come up with the most efficient method of creating the required program while making sure that it is secure, scalable, and easy to maintain.\r\n<span style=\"font-weight: bold;\">Full-Stack Developer</span>\r\nIf you are looking for a quick, simple answer to the question “What is a web developer?”, then a full-stack developer is probably the closest thing that you’re going to get. Full-stack developers understand both front and back-end strategies and processes, which means that they are perfectly positioned to oversee the entire process.\r\nIn the case of small websites that don’t have a huge development budget, a full-stack developer will often be employed to build the entire website. In this case, it is extremely important for them to have a complete, in-depth understanding of both front and back-end development and how they work.\r\nLearning full-stack development techniques has a huge range of benefits, including:\r\n<ul><li>You will end up with the knowledge to be able to create an entire website on your own. This makes you a lot more employable, increasing your job security in the future.</li><li>As a full-stack developer, you will understand the connections between the front and back-ends of a website, allowing you do build efficient and effective programs for all parts of the website.</li><li>Full-stack developers are often employed to oversee large projects for big web development companies. Positions like this are likely to be paid more than standard web development positions, making them more attractive to developers. Full-stack defines what is a web developer.</li></ul>\r\nAlthough most developers start with either front or back-end specializations, there are a lot of reasons why you should consider branching out and learning both. It will make you a lot more employable, will give you a greater understanding of the whole concept of what is web development, and will make it easier for you to create entire websites on your own.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_Development.png"},{"id":619,"title":"Drupal Development","alias":"drupal-development","description":" Drupal is a content management software. It's used to make many of the websites and applications you use every day. Drupal has great standard features, like easy content authoring, reliable performance, and excellent security. But what sets it apart is its flexibility; modularity is one of its core principles. Its tools help you build the versatile, structured content that dynamic web experiences need.\r\nIt's also a great choice for creating integrated digital frameworks. You can extend it with anyone, or many, of thousands of add-ons. Modules expand Drupal's functionality. Themes let you customize your content's presentation. Distributions are packaged Drupal bundles you can use as starter-kits. Mix and match these components to enhance Drupal's core abilities. Or, integrate Drupal with external services and other applications in your infrastructure. No other content management software is this powerful and scalable.\r\nThe Drupal project is open source software. Anyone can download, use, work on, and share it with others. It's built on principles like collaboration, globalism, and innovation. It's distributed under the terms of the GNU General Public License (GPL). There are no licensing fees, ever. Drupal will always be free.","materialsDescription":" <span style=\"font-weight: bold;\">What can Drupal do? And why is it different from other CMS?</span>\r\nThere are many reasons why Drupal is the top three most used CMS, and why tons of small to big complex systems have made it their options. Here are those:\r\n<ul><li><span style=\"font-weight: bold;\">Reliability.</span> Drupal is one of the top three most popular content management systems in the world. It has a longstanding history. Though Drupal is a work in progress, it has been stable along the way. We have Drupal 7 now while Drupal 8 is going to be released. But you can be assured that you will be supported for Drupal previous version at least 5 years. Meanwhile, the resources will stay there for goods.</li><li><span style=\"font-weight: bold;\">Available resources.</span> Nearly anything you want to do with the system has been priorly created and done absolutely well by other people. Other great news is nearly all of the most useful modules (Drupal add-ons) are contributed to the Drupal community. This is invaluable because, in many CMS, you have to pay for important features. As a user, you have benefited greatly from someone’s efforts, and experience.</li><li><span style=\"font-weight: bold;\">A huge dedicated community.</span> The Drupal community is large, dynamic and has functioned well since 2001. As a newbie or a senior developer, Drupal.org is a must-have resource where you dig in for learning material, upcoming news, or ask for support from contributors, and specialists.</li><li><span style=\"font-weight: bold;\">Robust and convenience.</span> Be assured that the source code for building your Drupal sites has been precisely written, and designed by Drupal experts. When you have an intention to do more complex and advanced work, you will find it easy and convenient to modify the system. This grants users a great advantage over other CMS.</li><li><span style=\"font-weight: bold;\">Flexibility.</span> It’s not a chance that Drupal is considered the most flexible CMS. We have always thought that if you have an idea about any functions, contents, you can certainly create it with Drupal. Seriously. You can create any content on site. You can customize anything to fit your taste. You can create any website type that you want.</li><li><span style=\"font-weight: bold;\">Scalability.</span> By scalability, we mean that you can extend your Drupal core to a higher level with a variety of contributed Drupal modules. What’s great with the Drupal modules is that they integrate perfectly well with Drupal core. They also connect absolutely efficiently with the modules. This is regardless of the fact many modules are totally different. It is due to the natural structure & built-in system of Drupal. This thereby enhances the power of extending your Drupal website. It is also a core strength of Drupal compared with other CMS. Meanwhile, Drupal is an open source. So suppose the modules you want don’t exist, you can create one, edit an existing module, or hire someone to do the job.</li><li><span style=\"font-weight: bold;\">Security.</span> Drupal has been meticulously tested up to strict security rules by Drupal experts and contributors. Its built-in security is strong. Drupal will lock down whatever directory installed, rendering important data, configuration files unable to be accessed directly. No wonder that many big sites with extreme security are using Drupal, namely - whitehouse.org, commerce.gov, weforum.org,...</li></ul>\r\n<span style=\"font-weight: bold;\">What are the uses of Drupal?</span>\r\nAs stated, due to its flexibility and extensibility, Drupal is not limited to any kind. Browse these lists to see the wide range of things that Drupal can build:\r\n<ul><li>Personal or corporate Web sites</li><li>Community portal sites</li><li>Intranet/Corporate sites</li><li>Blogs, art, portfolio, music, multimedia sites</li><li>Forums</li><li>International sites (websites with multi languages)</li><li>E-commerce sites</li><li>Resource directories</li><li>Social networking sites</li></ul>\r\n<span style=\"font-weight: bold;\">When Drupal isn't right?</span>\r\nIf it is necessary to know about a system before we set our foot on, it’s never been less important to explore its cons. Here we bring some of our caveats for the system:\r\n<ul><li>There’s a little learning curve. You will not learn and work with Drupal in a few days. Accept this fact. It’s harder to start compared with other CMS like Wordpress. But once you learn some basic things, it’s easy, and the flow is smoother.</li><li>It is not for those who have insufficient time to educate themselves about this system, or little money to pay a Drupal developer to carry out the work.</li><li>Finding a good Drupal developer is harder to find than that of Wordpress or other systems. It’s not hard to guess this considering the number of Wordpress developers compared with Drupal.</li></ul>\r\nIt always takes some investments to learn about something. For a new user, it would be a huge opportunity cost - what you will gain and lose working with one system and leave others behind.\r\nBut after all the choice is always yours.We expect it would be worth. The CMS you will spend thousands hours working. The system through this you make a living. The option that yields energy and satisfaction.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Drupal_Development__1_.png"},{"id":621,"title":"WordPress","alias":"wordpress","description":"","materialsDescription":"","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WordPress.png"},{"id":623,"title":"Magento Development","alias":"magento-development","description":" Magento is an open-source e-commerce platform written in PHP. It is one of the most popular open e-commerce systems in the network. This software is created using the Zend Framework. Magento source code is distributed under an Open Source Initiative (OSI) approved by the Open Software License (OSL) v3.0, which is similar to the AGPL but not GPL compliant.\r\nThe software was originally developed by Varien, Inc, a US private company headquartered in Culver City, California, with assistance from volunteers.\r\nMore than 100,000 online stores have been created on this platform. The platform code has been downloaded more than 2.5 million times, and $155 billion worth of goods have been sold through Magento-based systems in 2019. Two years ago, Magento accounted for about 30% of the total market share.\r\nVarien published the first general-availability release of the software on March 31, 2008. Roy Rubin, the former CEO of Varien, later sold a share of the company to eBay, which eventually completely acquired and then sold the company to Permira; Permira later sold it to Adobe.\r\nOn November 17, 2015, Magento 2.0 was released. Among the features changed in V2 are the following: reduced table locking issues, improved page caching, enterprise-grade scalability, inbuilt rich snippets for structured data, new file structure with easier customization, CSS Preprocessing using LESS & CSS URL resolver, improved performance and a more structured code base. Magento employs the MySQL or MariaDB relational database management system, the PHP programming language, and elements of the Zend Framework. It applies the conventions of object-oriented programming and model–view–controller architecture. Magento also uses the entity–attribute–value model to store data. On top of that, Magento 2 introduced the Model-View-ViewModel pattern to its front-end code using the JavaScript library Knockout.js.","materialsDescription":" <span style=\"font-weight: bold;\">What is Magento? What is the benefit of choosing an Open Source platform?</span>\r\nMagento is an open-source eCommerce platform that enables the online business owners to control their online store and add powerful and flexible tools for marketing, catalog management, and search engine optimization.\r\nThe open-source platform offers much more innovation, customization, quality, support and agility at a very low cost. It enables the users to share and access the platform, add rich features according to the needs, thereby making changes more effective and easier.\r\n<span style=\"font-weight: bold;\">How can my Magento site be at par with the latest mobile trends and activities?</span>\r\nResponsive designs, device-specific applications have brought a great change in the business world over the past few years. Magento’s latest version includes a responsive template, and it offers great features that meet the needs of the mobile world both for the B2B and the B2C businesses.\r\n<span style=\"font-weight: bold;\">What should be included in my eCommerce Magento strategy?</span>\r\nBefore you plan to start with your Magento project, it is very important to write down the business goals of your website. This will help you to measure success. Once you are done with this, you can plan for the remaining strategies that include target audience, personalization, content plan, mobile strategy, third party add-ons and support services that you would require to keep your site running and performing.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Magento_Development.png"},{"id":627,"title":"CSS Development","alias":"css-development","description":" Cascading Style Sheets (CSS) is a style sheet language used for describing the presentation of a document written in a markup language like HTML. CSS is a cornerstone technology of the World Wide Web, alongside HTML and JavaScript.\r\nCSS is designed to enable the separation of presentation and content, including layout, colors, and fonts. This separation can improve content accessibility, provide more flexibility and control in the specification of presentation characteristics, enable multiple web pages to share formatting by specifying the relevant CSS in a separate .css file, and reduce complexity and repetition in the structural content.\r\nSeparation of formatting and content also makes it feasible to present the same markup page in different styles for different rendering methods, such as on-screen, in print, by voice (via speech-based browser or screen reader), and on Braille-based tactile devices. CSS also has rules for alternate formatting if the content is accessed on a mobile device.\r\nThe name cascading comes from the specified priority scheme to determine which style rule applies if more than one rule matches a particular element. This cascading priority scheme is predictable.\r\nThe CSS specifications are maintained by the World Wide Web Consortium (W3C). Internet media type (MIME type) text/css is registered for use with CSS by RFC 2318 (March 1998). The W3C operates a free CSS validation service for CSS documents.\r\nIn addition to HTML, other markup languages support the use of CSS including XHTML, plain XML, SVG, and XUL.\r\nBefore CSS, nearly all presentational attributes of HTML documents were contained within the HTML markup. All font colors, background styles, element alignments, borders and sizes had to be explicitly described, often repeatedly, within the HTML. CSS lets authors move much of that information to another file, the style sheet, resulting in considerably simpler HTML.","materialsDescription":" <span style=\"font-weight: bold;\">Which is better: plain HTML or HTML with CSS?</span>\r\nMany site developers wonder why you need CSS if you can use plain HTML. Most likely, they only know the development of the site and have a number of gaps in knowledge. The bottom line is that HTML is used to structure the content of a page. And CSS allows you to format this content, make it more attractive to users.\r\nWhen the World Wide Web was created, the developers used only one language - HTML. It was used as a means of outputting structured text. The author had scant functional at his disposal. The maximum that could be done - to designate the title, select the paragraph. Tags were not enough.\r\nIn connection with the development of the Internet, the base of HTML language tags was expanded to allow the appearance of documents to be adjusted. At the same time, the structure remained unchanged.\r\nStructuring tags, for example <table>, began to spread. It was they who were more often chosen to design the pages instead of the structure itself. Some browsers offered their own tags, which only they could reproduce.\r\nThus, users often stumbled upon the message: "To view a page, you need to use browser XXX."\r\nTo correct the situation and create a single database of tags for formatting was created CSS. He allowed refusing to bind tags to browsers.\r\nUsing HTML with CSS is more convenient than using plain HTML. CSS provides the following benefits:\r\n<ul><li>Designed to the smallest detail.</li><li>Using a single table, you can manage various documents.</li><li>You can customize the page display options for different devices: computer screen, smartphone screen, etc.</li></ul>\r\n<span style=\"font-weight: bold;\">Website Promotion with CSS</span>\r\nThe emergence and development of CSS have made the development of web resources more efficient and effective. Now it’s much easier and more convenient to control the design. Also, using CSS, we managed to reduce the code of the pages, their size. This had a positive impact on the download speed, the indexing also began to pass faster. The use of an adaptive approach allowed us to make a breakthrough in the field of mobile versions of Internet resources.\r\nTo improve the website promotion, experts recommend placing the CSS style sheets in a separate document so as not to increase the amount of code. You can create one or more such files.\r\nPreviously, search engines could not read style sheets, which made it possible to use them in black SEO, for example, to create invisible texts. Now it is better to abandon the use of CSS for other purposes.\r\nCSS has several advantages and allows you to improve the site, making it more attractive to visitors. However, it is important to correctly register all the elements.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_CSS_Development.png"},{"id":629,"title":"PHP Development","alias":"php-development","description":"PHP is a general-purpose programming language originally designed for web development. It was originally created by Rasmus Lerdorf in 1994; the PHP reference implementation is now produced by The PHP Group. PHP originally stood for Personal Home Page, but it now stands for the recursive initialism PHP: Hypertext Preprocessor.\r\nPHP code may be executed with a command line interface (CLI), embedded into HTML code, or used in combination with various web template systems, web content management systems, and web frameworks. PHP code is usually processed by a PHP interpreter implemented as a module in a web server or as a Common Gateway Interface (CGI) executable. The web server outputs the results of the interpreted and executed PHP code, which may be any type of data, such as generated HTML code or binary image data. PHP can be used for many programming tasks outside of the web context, such as standalone graphical applications and robotic drone control.\r\nThe standard PHP interpreter, powered by the Zend Engine, is free software released under the PHP License. PHP has been widely ported and can be deployed on most web servers on almost every operating system and platform, free of charge.\r\nThe PHP language evolved without a written formal specification or standard until 2014, with the original implementation acting as the de facto standard which other implementations aimed to follow. Since 2014, work has gone on to create a formal PHP specification.\r\nAs of September 2019, over 60% of sites on the web using PHP are still on discontinued/"EOLed" version 5.6 or older; versions prior to 7.2 are no longer officially supported by The PHP Development Team, but security support is provided by third parties, such as Debian.","materialsDescription":" <span style=\"font-weight: bold; \">What is PHP?</span>\r\nPHP stands for Hypertext Preprocessor. It is an open-source server-side scripting language that is widely used for web development. It supports many databases like MySQL, Oracle, Sybase, Solid, PostgreSQL, generic ODBC, etc.\r\n<span style=\"font-weight: bold; \">What is PEAR in PHP?</span>\r\nPEAR is a framework and repository for reusable PHP components. PEAR stands for PHP Extension and Application Repository. It contains all types of PHP code snippets and libraries. It also provides a command-line interface to install "packages" automatically.\r\n<span style=\"font-weight: bold; \">Who is known as the father of PHP?</span>\r\nRasmus Lerdorf.\r\n<span style=\"font-weight: bold; \">What was the old name of PHP?</span>\r\nThe old name of PHP was Personal Home Page.\r\n<span style=\"font-weight: bold; \">Explain the difference b/w static and dynamic websites?</span>\r\nIn static websites, content can't be changed after running the script. You can't change anything on the site. It is predefined.\r\nIn dynamic websites, the content of a script can be changed at the run time. Its content is regenerated every time a user visits or reload. Google, yahoo and every search engine is an example of a dynamic website.\r\n<span style=\"font-weight: bold; \">What is the name of the scripting engine in PHP?</span>\r\nThe scripting engine that powers PHP is called Zend Engine 2.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_PHP_Development.png"},{"id":631,"title":"CakePHP Development","alias":"cakephp-development","description":" CakePHP is an open-source web framework. It follows the model–view–controller (MVC) approach and is written in PHP, modeled after the concepts of Ruby on Rails, and distributed under the MIT License.\r\nCakePHP uses well-known software engineering concepts and software design patterns, such as convention over configuration, model–view–controller, active record, association data mapping, and front controller.\r\nCakePHP started in April 2005, when a Polish programmer Michal Tatarynowicz wrote a minimal version of a rapid application development in PHP, dubbing it Cake. He published the framework under the MIT license, and opened it up to the online community of developers. In December 2005, L. Masters and G. J. Woodworth founded the Cake Software Foundation to promote development related to CakePHP. Version 1.0 was released on May 2006.\r\nOne of the project's inspirations was Ruby on Rails, using many of its concepts. The community has since grown and spawned several sub-projects.\r\nIn October 2009, project manager Woodworth and developer N. Abele resigned from the project to focus on their own projects, including the Lithium web framework (previously part of the CakePHP project). The remaining development team continued to focus on the original roadmap that was previously defined.","materialsDescription":" <span style=\"font-weight: bold;\">What is CakePHP? Why it’s Useful?</span>\r\nCakePHP is a free, open-source, rapid development framework for PHP. It’s a fundamental framework for developers to produce web applications.\r\nCakePHP has an active developer team and also the community, bringing terrific worth to the job. Along with maintaining you from wheel-reinventing, utilizing CakePHP suggests your application’s core is well examined as well as is being continuously boosted.\r\nBelow’s a quick listing of functions you’ll delight in when using CakePHP:\r\n<ul><li>Active, friendly community</li><li>Flexible licensing</li><li>Suitable with variations 4 and also 5 of PHP</li><li>Integrated CRUD for database Interaction</li><li>Application scaffolding</li><li>Code generation</li><li>MVC architecture</li><li>Request dispatcher with clean, customized URLs as well as routes</li><li>Integrated validation</li><li>Fast and also adaptable template (PHP phrase framework, with helpers)</li><li>Look for Helpers for AJAX, JavaScript, HTML Forms as well as a lot more</li><li>Email, Cookie, Security, Session, and also Request Handling Components</li><li>Flexible ACL</li><li>Data Sanitization</li><li>Flexible Caching</li><li>Localization</li><li>Works from any kind of web site directory site, with little to no Apache setup involved</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_CakePHP_Development.png"},{"id":633,"title":"Ruby on Rails Development","alias":"ruby-on-rails-development","description":" Ruby on Rails, or Rails, is a server-side web application framework written in Ruby under the MIT License. Rails is a model–view–controller (MVC) framework, providing default structures for a database, a web service, and web pages. It encourages and facilitates the use of web standards such as JSON or XML for data transfer, HTML, CSS and JavaScript for user interfacing. In addition to MVC, Rails emphasizes the use of other well-known software engineering patterns and paradigms, including convention over configuration (CoC), don't repeat yourself (DRY), and the active record pattern.\r\nRuby on Rails' emergence in the 2000s greatly influenced web app development, through innovative features such as seamless database table creations, migrations, and scaffolding of views to enable rapid application development. Ruby on Rails' influence on other web frameworks remains apparent today, with many frameworks in other languages borrowing its ideas, including Django in Python, Catalyst in Perl, Laravel and CakePHP in PHP, Phoenix in Elixir, Play in Scala, and Sails.js in Node.js.\r\nRuby on Rails is intended to emphasize Convention over Configuration (CoC), and the Don't Repeat Yourself (DRY) principle.\r\n"Convention over Configuration" means a developer only needs to specify unconventional aspects of the application. For example, if there is a class Sale in the model, the corresponding table in the database is called sales by default. It is only if one deviates from this convention, such as calling the table "products sold", that the developer needs to write code regarding these names. Generally, Ruby on Rails conventions lead to less code and less repetition.\r\n"Don't repeat yourself" means that information is located in a single, unambiguous place. For example, using the ActiveRecord module of Rails, the developer does not need to specify database column names in class definitions. Instead, Ruby on Rails can retrieve this information from the database based on the class name.\r\n"Fat models, skinny controllers" means that most of the application logic should be placed within the model while leaving the controller as light as possible.","materialsDescription":" <span style=\"font-weight: bold;\">What is Ruby on Rails?</span>\r\nRails is a development tool that gives web developers a framework, providing structure for all the code they write. The Rails framework helps developers to build websites and applications because it abstracts and simplifies common repetitive tasks.\r\nRails are written in Ruby, the programming language which is also used alongside Rails. Ruby is to Rails as PHP is to Symfony and Zend, or as Python is to Django. The appeal of Ruby to developers lies in the elegance and terseness of the language.\r\nOne of the key principles of Ruby on Rails development (henceforth ‘Rails’) is convention over configuration. This means that the programmer does not have to spend a lot of time configuring files in order to get set up, Rails comes with a set of conventions which help speed up development.\r\nAnother characteristic of Rails is the emphasis on RESTful application design. REST (Representational State Transfer) is a style of software architecture based around the client-server relationship. It encourages a logical structure within applications, which means they can easily be exposed as an API (Application Programming Interface).\r\nFrom a project management point of view, the Ruby on Rails community advocate Agile web development – an iterative development method, that encourages collaborative and flexible approach, which is particularly well-suited for web application development with fast-changing requirements.\r\nOver the last few years Ruby on Rails has gained a large and enthusiastic following, but let’s consider the main arguments for and against Rails.\r\n<span style=\"font-weight: bold;\">Why is it necessary to use Ruby on Rails?</span>\r\n<ul><li>The process of programming is much faster than with other frameworks and languages, partly because of the object-oriented nature of Ruby and the vast collection of open source code available within the Rails community.</li><li>The Rails conventions also make it easy for developers to move between different Rails projects, as each project will tend to follow the same structure and coding practices.</li><li>Rails are good for rapid application development (RAD), as the framework makes it easy to accommodate changes.</li><li>Ruby code is very readable and mostly self-documenting. This increases productivity, as there is less need to write out separate documentation, making it easier for other developers to pick up existing projects.</li><li>Rails have developed a strong focus on testing and have good testing frameworks.</li><li>Rails and most of its libraries are open sources, so unlike other commercial development frameworks, there are no licensing costs involved.</li></ul>\r\n<span style=\"font-weight: bold;\">Potential Rails problems and limitations and how to overcome them:</span>\r\n<ul><li>Not all website hosts can support Rails</li><li>Java and PHP are more widely used, and there are more developers in these languages</li><li>Performance and Scalability</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Ruby_on_Rails_Development.png"},{"id":635,"title":"Python Development","alias":"python-development","description":" Python is an interpreted, high-level, general-purpose programming language. Created by Guido van Rossum and first released in 1991, Python's design philosophy emphasizes code readability with its notable use of significant whitespace. Its language constructs and object-oriented approach aim to help programmers write clear, logical code for small and large-scale projects.\r\nPython is dynamically typed and garbage-collected. It supports multiple programming paradigms, including procedural, object-oriented, and functional programming. Python is often described as a "batteries included" language due to its comprehensive standard library.\r\nPython was conceived in the late 1980s as a successor to the ABC language. Python 2.0, released in 2000, introduced features like list comprehensions and a garbage collection system capable of collecting reference cycles. Python 3.0, released in 2008, was a major revision of the language that is not completely backward-compatible, and much Python 2 code does not run unmodified on Python 3.\r\nThe Python 2 language, i.e. Python 2.7.x, was officially discontinued on 1 January 2020 (first planned for 2015) after which security patches and other improvements will not be released for it. With Python 2's end-of-life, only Python 3.5.x and later are supported.\r\nPython interpreters are available for many operating systems. A global community of programmers develops and maintains CPython, an open source reference implementation. A non-profit organization, the Python Software Foundation, manages and directs resources for Python and CPython development.\r\nPython is a multi-paradigm programming language. Object-oriented programming and structured programming are fully supported, and many of its features support functional programming and aspect-oriented programming (including by metaprogramming and metaobjects (magic methods)). Many other paradigms are supported via extensions, including design by contract and logic programming.\r\nPython uses dynamic typing and a combination of reference counting and a cycle-detecting garbage collector for memory management. It also features dynamic name resolution (late binding), which binds method and variable names during program execution.\r\nPython's design offers some support for functional programming in the Lisp tradition. It has filter, map, and reduce functions; list comprehensions, dictionaries, sets, and generator expressions. The standard library has two modules (itertools and functools) that implement functional tools borrowed from Haskell and Standard ML.","materialsDescription":" <span style=\"font-weight: bold;\">What is Python?</span>\r\nPython is an interpreted, interactive, object-oriented programming language. It incorporates modules, exceptions, dynamic typing, very high level dynamic data types, and classes. Python combines remarkable power with very clear syntax. It has interfaces to many system calls and libraries, as well as to various window systems, and is extensible in C or C++. It is also usable as an extension language for applications that need a programmable interface. Finally, Python is portable: it runs on many Unix variants, on the Mac, and on Windows 2000 and later.\r\n<span style=\"font-weight: bold;\">What is the Python Software Foundation?</span>\r\nThe Python Software Foundation is an independent non-profit organization that holds the copyright on Python versions 2.1 and newer. The PSF’s mission is to advance open source technology related to the Python programming language and to publicize the use of Python. The PSF’s home page is at <link https://www.python.org/psf/.>https://www.python.org/psf/.</link>\r\n<span style=\"font-weight: bold;\">Are there copyright restrictions on the use of Python?</span>\r\nYou can do anything you want with the source, as long as you leave the copyrights in and display those copyrights in any documentation about Python that you produce. If you honor the copyright rules, it’s OK to use Python for commercial use, to sell copies of Python in source or binary form (modified or unmodified), or to sell products that incorporate Python in some form. We would still like to know about all commercial use of Python, of course.\r\n<span style=\"font-weight: bold;\">What is Python good for?</span>\r\nPython is a high-level general-purpose programming language that can be applied to many different classes of problems.\r\nThe language comes with a large standard library that covers areas such as string processing (regular expressions, Unicode, calculating differences between files), Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI programming), software engineering (unit testing, logging, profiling, parsing Python code), and operating system interfaces (system calls, filesystems, TCP/IP sockets). Look at the table of contents for The Python Standard Library to get an idea of what’s available. A wide variety of third-party extensions are also available. Consult the Python Package Index to find packages of interest to you.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Python_Development.png"},{"id":637,"title":"eCommerce development","alias":"ecommerce-development","description":" Electronic commerce is an online transaction of buying and selling products through World Wide Web-based websites and mobile applications. The examples of eCommerce business include supply chain, funds transfer, banking and electronic data interchange (EDI) and others. The electronic transactions are carried out through many eCommerce software platforms and eCommerce applications that are integrated with online websites with the help of eCommerce developers. The eCommerce applications are linked with the payment gateways for a smooth transfer of credit from one entity to another one.\r\nAn eCommerce developer is a very important role in eCommerce app development and web services to realize the power of online sales and marketing in all domains of businesses. The eCommerce developers are normally the web developers with additional exposure to the eCommerce tools and platforms commonly used in online businesses. HTML, CSS, JavaScript, Python, PHP, Ruby on Rail and related technologies are the fundamental components of eCommerce developer skills. In addition to those skills, the knowledge of eCommerce software platforms and API integration is very important for a good eCommerce developer resume.\r\nA good eCommerce website should be highly professional looking with great features and intuitive interface for the checkout process. This is only possible with the help of professional eCommerce developers. You need to evaluate a lot of things before you decide to hire eCommerce developers such as the backend technologies of your website, type of eCommerce, a domain of business, type of database and many others. Once you have decided about all these things, you need to match the eCommerce web developer resume, which is under consideration, with those factors to find a good eCommerce developer.","materialsDescription":" <span style=\"font-weight: bold;\">Why is it important for business owners to create an eСommerce site?</span>\r\nToday, people have very less time to purchase items, by going to physical stores. They prefer to browse their mobile devices or PC and shop online. Having an e-commerce site for your business will help you to capture this market base and keep your customers informed about all your latest products and services.\r\n<span style=\"font-weight: bold;\">How can I choose the best platform for my eСommerce business website?</span>\r\nBefore getting started with your eСommerce web development, consider the few fundamentals that can help to choose the best platform. Always consider the items that you are selling. Some eСommerce platforms can handle inventory tracking and multiple product options while some others will not. Consider the design options, payment gateways, the security of the site, integration with other tools, features and pricing before finalizing on the platform.\r\n<span style=\"font-weight: bold;\">How should I promote my eСommerce site?</span>\r\nThere are various ways to do this and the first thing to do is to promote the site to all the customers. This will help to increase your customer base. Your website address should be present in every advertisement that your company invests in. Register with the search engines and optimize your website as this will affect the traffic of your site.\r\n<span style=\"font-weight: bold;\">What are the important things that can turn browsers into buyers?</span>\r\nCreate your site so that it is much more oriented towards sales rather than marketing. Let your visitors see your products immediately instead of hiding them behind lots of marketing copy. Make a page that reads the terms and conditions as it will offer a professional look. Provide your contact details and explain your return policies, security, encryption methods, and payment options.\r\n<span style=\"font-weight: bold;\">How to create an impressive website?</span>\r\nThe beauty of a site lies in the way it operates and how user-friendly it is. Ensure that your site is fast, easy to use, professional and attractive. Also, make sure that you are able to fulfill the orders very promptly without any delay. In case you are unable to offer the service, make sure that your customer is informed about it via email.\r\n<span style=\"font-weight: bold;\">What are the security risks that are involved with eСommerce sites?</span>\r\neCommerce website owners should always keep in mind the three dimensions of security - confidentiality, integrity, and availability. Business owners should develop a good strategy that can help to make the site and transactions secured. To avoid any hackers gain access to important confidential data, include encryption methods for any data transactions.\r\n<span style=\"font-weight: bold;\">Is there any limit on the size of my product or customer database?</span>\r\nNo, as such there are no limits on the size. The biggest benefit of having an online store is that you can add unlimited products and catalogs and at the same time you can grow your customer base as you require.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_eCommerce_development.png"},{"id":639,"title":"HTML Development","alias":"html-development","description":" Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScript.\r\nWeb browsers receive HTML documents from a web server or from local storage and render the documents into multimedia web pages. HTML describes the structure of a web page semantically and originally included cues for the appearance of the document.\r\nHTML elements are the building blocks of HTML pages. With HTML constructs, images and other objects such as interactive forms may be embedded into the rendered page. HTML provides a means to create structured documents by denoting structural semantics for text such as headings, paragraphs, lists, links, quotes and other items. HTML elements are delineated by tags, written using angle brackets. Tags such as <img /> and <input /> directly introduce content into the page. Other tags such as <p> surround and provide information about document text and may include other tags as sub-elements. Browsers do not display the HTML tags, but use them to interpret the content of the page.\r\nHTML can embed programs written in a scripting language such as JavaScript, which affects the behavior and content of web pages. Inclusion of CSS defines the look and layout of content. The World Wide Web Consortium (W3C), former maintainer of the HTML and current maintainer of the CSS standards, has encouraged the use of CSS over explicit presentational HTML since 1997.","materialsDescription":" <span style=\"font-weight: bold;\">What is HTML5?</span>\r\nHTML5 contains powerful capabilities for Web-based applications with more powerful interaction, video support, graphics, more styling effects, and a full set of APIs. HTML5 adapts to any device, whether desktop, mobile, tablet, or television. HTML5 is an open platform developed under royalty-free licensing terms.\r\nPeople use the term HTML5 in two ways:\r\n<ul><li>to refer to a set of technologies that together form the future Open Web Platform. These technologies include HTML5 specification, CSS3, SVG, MathML, Geolocation, XmlHttpRequest, Context 2D, Web Fonts (WOFF) and others. The boundary of this set of technologies is informal and changes over time;</li><li>to refer to the HTML5 specification, which is, of course, also part of the Open Web Platform.</li></ul>\r\nAlthough it would be great if people used one term to refer to the specification and another term to refer to a set of specifications, in practice people use the term both ways.\r\n<span style=\"font-weight: bold;\">HTML5 has been cited by many thought leaders as the future of the Web. Why is HTML5 generating this excitement?</span>\r\nThere is huge demand for open standards that allow the creation of rich internet applications. Watching videos, finding the nearest restaurant, accessing emails while being offline are just some of the powerful new capabilities enabled by the set of specifications in development at W3C.\r\nOne aspect that interests W3C, in particular, is enabling people to combine different technologies. W3C works to ensure not just interoperable support in the software of a single specification, but compatibility among specifications.\r\nEven though HTML5 is still a draft, browser vendors are deploying features and generating a lot of excitement in the IT industry. This experience, in turn, allows W3C to revise its drafts. In this way, the final standard can transparently inform implementers where they need to pay close attention to security and privacy issues.\r\n<span style=\"font-weight: bold;\">When can I use HTML5?</span>\r\nPeople can already use parts of the platform that interoperate, but W3C's mission is global interoperable, to ensure that the web is available to all. Not all elements are fully implemented yet and some of them provide builtin fallback mechanisms, such as <video> or <input>. One can use HTML5 today, knowing the existing limitations and ensuring proper fallbacks.\r\n<span style=\"font-weight: bold;\">Which Web Browsers support HTML5?</span>\r\nW3C encourages implementation and testing long before a specification becomes a standard to ensure that two people can read a specification independently and write interoperable software. Early adopters provide implementers and W3C with tremendously valuable feedback because they help identify where interoperability issues exist.\r\n<span style=\"font-weight: bold;\">Do you think that the benefits of HTML5, such as its neutrality, rich graphics, no need plug-ins, outweigh the security risk it carries?</span>\r\nNow entering its third decade, the Web has evolved from a Web of documents into a formidable platform for networked applications that let us share information and services over the Internet. In this highly connected environment, it is important that powerful Web applications be designed with sensitivity to user privacy and security needs. The risks associated with modern Web applications are familiar to the HTML5 community.\r\nHTML5 and related specifications are being developed in W3C's open standards process. This process allows an expert review of features along with their security and privacy implications. Rich functionality that was previously available only through proprietary plugins is now documented in an open specification for all experts to review and improve. We're pleased to see the HTML5 specifications subject to rigorous public review since that helps make the Web a more secure environment.\r\nSome security issues are not confined to HTML5. W3C and IETF are working closely to specify technologies and protocol extensions to mitigate some issues (such as cross-site request forgery and cross-site scripting).\r\n<span style=\"font-weight: bold;\">Will there be an HTML6?</span>\r\nNo work is currently happening on HTML6 but feature requests that are not planned to be addressed in HTML5 are available at listed under HTML.next.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_HTML_Development.png"},{"id":645,"title":"JavaScript development","alias":"javascript-development","description":" JavaScript, often abbreviated as JS, is a high-level, just-in-time compiled, object-oriented programming language that conforms to the ECMAScript specification. JavaScript has curly-bracket syntax, dynamic typing, prototype-based object-orientation, and first-class functions.\r\nAlongside HTML and CSS, JavaScript is one of the core technologies of the World Wide Web. JavaScript enables interactive web pages and is an essential part of web applications. The vast majority of websites use it, and major web browsers have a dedicated JavaScript engine to execute it.\r\nAs a multi-paradigm language, JavaScript supports event-driven, functional, and imperative (including object-oriented and prototype-based) programming styles. It has APIs for working with text, arrays, dates, regular expressions, and the DOM, but the language itself does not include any I/O, such as networking, storage, or graphics facilities. It relies upon the host environment in which it is embedded to provide these features.\r\nInitially only implemented client-side in web browsers, JavaScript engines are now embedded in many other types of host software, including server-side in web servers and databases, and in non-web programs such as word processors and PDF software, and in runtime environments that make JavaScript available for writing mobile and desktop applications, including desktop widgets.\r\nThe terms Vanilla JavaScript and Vanilla JS refer to JavaScript not extended by any frameworks or additional libraries. Scripts written in Vanilla JS are plain JavaScript code.\r\nAlthough there are similarities between JavaScript and Java, including language name, syntax, and respective standard libraries, the two languages are distinct and differ greatly in design. JavaScript was influenced by programming languages such as Self and Scheme. The JSON serialization format, used to store data structures in files or transmit them across networks, is based on JavaScript.\r\n"JavaScript" is a trademark of Oracle Corporation in the United States. It is used under license for technology invented and implemented by Netscape Communications and current entities such as the Mozilla Foundation.","materialsDescription":" <span style=\"font-weight: bold;\">What is JavaScript?</span>\r\nJavaScript is a client-side as well as a server-side scripting language that can be inserted into HTML pages and is understood by web browsers. JavaScript is also an Object-based Programming language.\r\n<span style=\"font-weight: bold;\">What are the differences between Java and JavaScript?</span>\r\nJava is a complete programming language. In contrast, JavaScript is a coded program that can be introduced to HTML pages. These two languages are not at all inter-dependent and are designed for different intent. Java is an object-oriented programming (OOPS) or structured programming languages like C++ or C whereas JavaScript is a client-side scripting language.\r\n<span style=\"font-weight: bold;\">Do I have to buy JavaScript?</span>\r\nNo--there is nothing to buy. The JavaScript interpreter is included in all major Internet Browsers--so as long as you have an Internet Browser, you're all set. JavaScript source files are written using an ordinary text editor, such as Notepad.\r\n<span style=\"font-weight: bold;\">What is JScript?</span>\r\nJScript is Microsoft's version of Netscape's JavaScript. Each Internet Browser vendor creates their own version of what is collectively known as JavaScript---however, the latest versions of these browsers are moving towards the ECMA Script standard.\r\n<span style=\"font-weight: bold;\">Who 'owns' JavaScript?</span>\r\nECMA governs the standard features of JavaScript---however, each vendor writes the code for their own versions of JavaScript.\r\n<span style=\"font-weight: bold;\">What are the features of JavaScript?</span>\r\n<ul><li>JavaScript is a lightweight, interpreted programming language.</li><li>JavaScript is designed for creating network-centric applications.</li><li>JavaScript is complementary to and integrated with Java.</li><li>JavaScript is complementary to and integrated with HTML.</li><li>JavaScript is open and cross-platform.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_JavaScript_development.png"},{"id":647,"title":"Software Testing","alias":"software-testing","description":" Software testing is an investigation conducted to provide stakeholders with information about the quality of the software product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include the process of executing a program or application with the intent of finding software bugs (errors or other defects), and verifying that the software product is fit for use.\r\nSoftware testing involves the execution of a software component or system component to evaluate one or more properties of interest. In general, these properties indicate the extent to which the component or system under test:\r\n<ul><li>meets the requirements that guided its design and development,</li><li>responds correctly to all kinds of inputs,</li><li>performs its functions within an acceptable time,</li><li>it is sufficiently usable,</li><li>can be installed and run in its intended environments, and</li><li>achieves the general result its stakeholder's desire.</li></ul>\r\nAs the number of possible tests for even simple software components is practically infinite, all software testing uses some strategy to select tests that are feasible for the available time and resources. As a result, software testing typically (but not exclusively) attempts to execute a program or application with the intent of finding software bugs (errors or other defects). The job of testing is an iterative process as when one bug is fixed, it can illuminate other, deeper bugs, or can even create new ones.\r\nSoftware testing can provide objective, independent information about the quality of software and risk of its failure to users or sponsors.\r\nSoftware testing can be conducted as soon as executable software (even if partially complete) exists. The overall approach to software development often determines when and how testing is conducted. For example, in a phased process, most testing occurs after system requirements have been defined and then implemented in testable programs. In contrast, under an agile approach, requirements, programming, and testing are often done concurrently. ","materialsDescription":" <span style=\"font-weight: bold; \">What is Software Testing?</span>\r\nSoftware Testing is defined as an activity to check whether the actual results match the expected results and to ensure that the software system is Defect free. It involves the execution of a software component or system component to evaluate one or more properties of interest. Software testing also helps to identify errors, gaps or missing requirements contrary to the actual requirements. It can be either done manually or using automated tools. Some prefer saying Software testing as a White Box and Black Box Testing.\r\n<span style=\"font-weight: bold;\">Why is Software Testing Important?</span>\r\nTesting is important because software bugs could be expensive or even dangerous. Software bugs can potentially cause monetary and human loss, and history is full of such examples.\r\n<ul><li>In April 2015, the Bloomberg terminal in London crashed due to software glitch affected more than 300,000 traders on financial markets. It forced the government to postpone a 3bn pound debt sale.</li><li>Nissan cars have to recall over 1 million cars from the market due to software failure in the airbag sensory detectors. There has been reported two accident due to this software failure.</li><li>Starbucks was forced to close about 60 percent of stores in the U.S and Canada due to software failure in its POS system. At one point store served coffee for free as they were unable to process the transaction.</li><li>Some of Amazon’s third-party retailers saw their product price is reduced to 1p due to a software glitch. They were left with heavy losses.</li><li>Vulnerability in Windows 10. This bug enables users to escape from security sandboxes through a flaw in the win32k system.</li><li>In 2015 fighter plane F-35 fell victim to a software bug, making it unable to detect targets correctly.</li><li>China Airlines Airbus A300 crashed due to a software bug on April 26, 1994, killing 264 innocent live.</li><li>In 1985, Canada's Therac-25 radiation therapy machine malfunctioned due to software bug and delivered lethal radiation doses to patients, leaving 3 people dead and critically injuring 3 others.</li><li>In April of 1999, a software bug caused the failure of a $1.2 billion military satellite launch, the costliest accident in history.</li><li>In May of 1996, a software bug caused the bank accounts of 823 customers of a major U.S. bank to be credited with 920 million US dollars.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the types of Software Testing?</span>\r\nTypically Testing is classified into three categories.\r\n<ul><li>Functional Testing</li><li>Non-Functional Testing or Performance Testing</li><li>Maintenance (Regression and Maintenance)</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Software_Testing.png"},{"id":649,"title":"QA - Quality assurance","alias":"qa-quality-assurance","description":" <span style=\"font-weight: bold; \">Quality Assurance (QA)</span> is defined as an activity to ensure that an organization is providing the best possible product or service to customers. QA focuses on improving the processes to deliver Quality Products to the customer. An organization has to ensure, that processes are efficient and effective as per the quality standards defined for software products. Quality Assurance is popularly known as <span style=\"font-weight: bold; \">QA Testing. </span>\r\nQA establishes and maintains set requirements for developing or manufacturing reliable products. A quality assurance system is meant to increase customer confidence and a company's credibility, while also improving work processes and efficiency, and it enables a company to better compete with others.\r\nQuality assurance helps a company create products and services that meet the needs, expectations and requirements of customers. It yields high-quality product offerings that build trust and loyalty with customers. The standards and procedures defined by a quality assurance program help prevent product defects before they arise.\r\n<span style=\"font-weight: bold; \">Quality assurance utilizes one of three methods:</span>\r\n<span style=\"font-weight: bold; \">Failure testing, </span>which continually tests a product to determine if it breaks or fails. For physical products that need to withstand stress, this could involve testing the product under heat, pressure or vibration. For software products, failure testing might involve placing the software under high usage or load conditions.\r\n<span style=\"font-weight: bold; \">Statistical process control (SPC),</span> a methodology based on objective data and analysis and developed by Walter Shewhart at Western Electric Company and Bell Telephone Laboratories in the 1920's and 1930's. This methodology uses statistical methods to manage and control the production of products.\r\n<span style=\"font-weight: bold; \">Total quality management (TQM),</span> which applies quantitative methods as the basis for continuous improvement. TQM relies on facts, data and analysis to support product planning and performance reviews.\r\n<span style=\"font-weight: bold; \">Quality assurance in software.</span> Software quality assurance management (SQA) systematically finds patterns and the actions needed to improve development cycles. Finding and fixing coding errors can carry unintended consequences; it is possible to fix one thing, yet break other features and functionality at the same time.\r\nSQA software has become important for developers as a means of avoiding errors before they occur, saving development time and expenses. Even with SQA processes in place, an update to software can break other features and cause defects - commonly known as bugs.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Differences between Software testing and SQA services</h1>\r\n<ul><li><span style=\"font-weight: bold; \">SQA tools</span></li></ul>\r\n- Is about engineering process that ensures quality\r\n- Involve activities related to the implementation of processes, procedures, and standards.\r\n- Process focused \r\n- Preventive technique\r\n- Proactive measure\r\n- The scope of software quality testing tools applied to all products that will be created by the organization\r\n<ul><li><span style=\"font-weight: bold; \">Software Testing</span></li></ul>\r\n- Software Testing is to test a product for problems before the product goes live\r\n- Involves actives concerning verification of product Example - Review Testing\r\n- Product focused\r\n - Corrective technique\r\n- Reactive measure\r\n- The scope of Software Testing applies to a particular product being tested\r\n<h1 class=\"align-center\">Manual QA testing services Vs Automated Quality Assurance Testing</h1>\r\nSoftware testing is a huge domain, but it can be broadly categorized into two areas: manual testing and automated testing. Both of them can be used to achieve the best results, but it is always worth knowing the difference between the two. Each testing type – manual and automated – comes with its own set of advantages and disadvantages. \r\nYou can choose between manual and quality assurance testing services based on a variety of factors. These include:\r\n- Project requirements\r\n- Timeline\r\n- Budget\r\n- Expertise\r\n- Suitability<br /> \r\n<ul><li><span style=\"font-weight: bold; \">Manual Testing </span></li></ul>\r\n<span style=\"font-weight: bold; \">Exploratory Testing:</span> This scenario requires a tester’s expertise, creativity, knowledge, analytical and logical reasoning skills. With poorly written specifications and short execution time, human skills are a must to test in this scenario.\r\n<span style=\"font-weight: bold; \">Ad-Hoc Testing:</span> It is an unplanned method of testing where the biggest difference maker is a tester’s insight that can work without a specific approach.\r\n<span style=\"font-weight: bold; \">Usability Testing:</span> Here you need to check the level of user-friendliness and check the software for convenience. Human observation is a must to make the end user’s experience convenient.\r\n<ul><li><span style=\"font-weight: bold; \">Quality Assurance automation tools</span></li></ul>\r\n<span style=\"font-weight: bold; \">Repeated Execution:</span> When you need to execute a use case repeatedly, automated testing is a better option.\r\n<span style=\"font-weight: bold; \">Regression Testing:</span> Automated automated QA software is better here because the code changes frequently and the regressions can be run in a timely manner\r\n<span style=\"font-weight: bold; \">Performance:</span> You need an automated QA testing software when thousands of concurrent users are simulated at the same time. Additionally, it is a better solution for load testing.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Quality_assurance.png"},{"id":651,"title":"Interface Testing","alias":"interface-testing","description":"When an application or a software or a website is developed, then there are several components of it. Those components can be server, database etc. The connection which integrates and facilitates the communication between these components is termed as an <span style=\"font-weight: bold;\">Interface</span>.\r\n<span style=\"font-weight: bold;\">Interface Testing</span> is performed to evaluate whether systems or components pass data and control correctly to one another. It is to verify if all the interactions between these modules are working properly and errors are handled properly.\r\n<span style=\"font-weight: bold; \">Interface Testing - Checklist</span>\r\n<ul><li>Verify that communication between the systems are done correctly</li><li>Verify if all supported hardware/software has been tested</li><li>Verify if all linked documents be supported/opened on all platforms</li><li>Verify the security requirements or encryption while communication happens between systems</li><li>Check if a Solution can handle network failures between Web site and application server</li></ul>\r\n<span style=\"font-weight: bold; \">Phases of Interface Testing. </span>\r\nThere are 2 components involved in Interface testing: 1) web server and application server interface and 2) web server and database server interface.\r\nBasically, 3 phases are involved in the Interface testing which is mentioned below:\r\n<b>Configuration and Development. </b>After the configuration of the interface and the development initialization, the configuration is needed to be verified as per the requirement. In simple words, verification takes place.\r\n<p style=\" text-align: justify; \"><b>Validation. </b>After the configuration and development stage, validation of the interface is necessary.</p>\r\n<p style=\" text-align: justify; \"><b>Maintenance.</b> After the completion of the project, when the project reaches it’s working stage, the interface is set to be monitored for its performance.</p>\r\n<p style=\" text-align: justify; \"></p>\r\n<p style=\"text-align: justify; \"><a name=\"StepsinvolvedinInterfaceTesting\"></a></p>","materialsDescription":"<h1 class=\"align-center\">Types of Interface Testing </h1>\r\nDuring Interface Testing various types of testing done on the interface which may include:\r\n<span style=\"font-weight: bold; \">Workflow:</span> It ensures that the interface engine handles your standard workflows as expected.\r\n<span style=\"font-weight: bold; \">Edge cases -unexpected values:</span> This is considered when testing include date, month and day reversed.\r\n<span style=\"font-weight: bold; \">Performance, load, and network testing:</span> A high-volume interface may require more Load Testing than a low-volume interface, depending on the interface engine and connectivity infrastructure.\r\n<span style=\"font-weight: bold; \">Individual system interface testing:</span> This includes testing each system individually. For example, billing system and inventory management system for the retail store should be able to operate separately.\r\n<h1 class=\"align-center\">What is Graphic User Interface (GUI) Testing?</h1>\r\nGraphic User Interface Testing (GUI) testing is the process of ensuring proper functionality of the graphical user interface (GUI) for a specific application. This involves making sure it behaves in accordance with its requirements and works as expected across the range of supported platforms and devices.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">GUI Testing Approaches</span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Manual Based Testing: </span>Under this approach, the screens of the application are checked manually by testers. They are being confirmed with the requirements that are stated in the business requirements. The UI is also matched with the designs that are provided during the documentation phase of the application.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Automation Based Testing:</span> Automated user interface testing approach is performed in 2 steps i.e, record and play. While doing this, the steps are captured/recorded with the help of the automation tool while performing the first round of testing. And during playback, that recorded steps script is run when the application is under test. If the position of any button or image changes that during the playback, it does not get tracked and the test fails.</p>\r\n<h1 class=\"align-center\">What Features Should I Look for in a GUI Testing Tool?</h1>\r\nObviously the first answer is to choose a tool that can automate the specific technologies you’re testing, otherwise your automation is doomed to fail. Secondly you should choose a tool that has some of the following characteristics:\r\n<ul><li>Good interface testing software that makes it easy for your automation engineers to write tests, make changes, find issues and be able to deploy the tests on all the environments you need to test.</li><li>A tool that is well supported by the manufacturer and is keeping up to date with new web browsers, operating systems and technologies that you will need to test in the future. </li><li>An object abstraction layer so that your test analysts can write the tests in the way most natural for them and your automation engineers can create objects that point to physical items in the application that will be robust and not change every time you resort a grid or add data to the system.</li><li>Support for data-driven testing since as we have discussed, one of the big benefits of automation is the ability to run the same test thousands of times with different sets of data.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Interface_Testing.png"},{"id":667,"title":"Database Development","alias":"database-development","description":" Database development is the process of creating a database and setting its integrity parameters. The integral base is the correspondence of information in the database and internal structures, as well as to explicitly defined rules. Data types when creating a database are different data types.\r\nThe main tasks in designing are the possibilities for ensuring the entire database, obtaining data on all the necessary requests, reducing redundancy and duplication of data, ensuring the integrity of the database.\r\nThe main stages of the development of any database are:\r\n<ul><li>conceptual (infological) design;</li><li>logical (datalogical) design;</li><li>physical design.</li></ul>","materialsDescription":" \r\n<span style=\"font-weight: bold;\">What is a database?</span>\r\nA database is a file or a set of files that use a special format to structurally organize information for the purpose of searching and editing.\r\nDatabase development is a multi-step process of making informed decisions in the process of analyzing an information model of a domain, data requirements from applied programmers and users, synthesizing logical and physical data structures, analyzing and justifying the choice of software and hardware.\r\n<span style=\"font-weight: bold;\">What is a DBMS?</span>\r\nA database management system (DBMS) is a set of system utilities that solve the problem of organizing information (storage, search, editing).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Database_Development.png"},{"id":669,"title":"MySQL Development","alias":"mysql-development","description":" MySQL is an open-source relational database management system (RDBMS). Its name is a combination of "My", the name of co-founder Michael Widenius's daughter, and "SQL", the abbreviation for Structured Query Language.\r\nMySQL is free and open-source software under the terms of the GNU General Public License, and is also available under a variety of proprietary licenses. MySQL was owned and sponsored by the Swedish company MySQL AB, which was bought by Sun Microsystems (now Oracle Corporation). In 2010, when Oracle acquired Sun, Widenius forked the open-source MySQL project to create MariaDB.\r\nMySQL is a component of the LAMP web application software stack (and others), which is an acronym for Linux, Apache, MySQL, Perl/PHP/Python. MySQL is used by many database-driven web applications, including Drupal, Joomla, phpBB, and WordPress. MySQL is also used by many popular websites, including Facebook, Flickr, MediaWiki, Twitter, and YouTube.\r\nMySQL is written in C and C++. Its SQL parser is written in yacc, but it uses a home-brewed lexical analyzer. MySQL works on many system platforms, including AIX, BSDi, FreeBSD, HP-UX, eComStation, i5/OS, IRIX, Linux, macOS, Microsoft Windows, NetBSD, Novell NetWare, OpenBSD, OpenSolaris, OS/2 Warp, QNX, Oracle Solaris, Symbian, SunOS, SCO OpenServer, SCO UnixWare, Sanos and Tru64. A port of MySQL to OpenVMS also exists.\r\nThe MySQL server software itself and the client libraries use dual-licensing distribution. They are offered under GPL version 2, or a proprietary license.\r\nSupport can be obtained from the official manual. Free support additionally is available in different IRC channels and forums. Oracle offers paid support via its MySQL Enterprise products. They differ in the scope of services and in price. Additionally, a number of third party organisations exist to provide support and services, including MariaDB and Percona.\r\nMySQL has received positive reviews, and reviewers noticed it "performs extremely well in the average case" and that the "developer interfaces are there, and the documentation (not to mention feedback in the real world via Web sites and the like) is very, very good". It has also been tested to be a "fast, stable and true multi-user, multi-threaded sql database server".","materialsDescription":" <span style=\"font-weight: bold; \">What is MySQL?</span>\r\n<span style=\"font-style: italic; \">MySQL is a database management system.</span>\r\nA database is a structured collection of data. It may be anything from a simple shopping list or a picture gallery or the vast amounts of information in a corporate network. To add, access, and process data stored in a computer database, you need a database management system such as MySQL Server. Since computers are very good at handling large amounts of data, database management plays a central role in computing, as stand-alone utilities, or as parts of other applications.\r\n<span style=\"font-style: italic; \">MySQL is a relational database management system.</span>\r\nA relational database stores data in separate tables rather than putting all the data in one big storeroom. This adds speed and flexibility. The tables are linked by defined relations making it possible to combine data from several tables on request. The SQL part of "MySQL" stands for "Structured Query Language" the most common standardised language used to access databases.\r\nMySQL, the most popular Open Source SQL database, is developed and provided by MySQL AB. The MySQL web site ( http://www.mysql.com ) provides the latest information about MySQL software and MySQL AB.\r\n<span style=\"font-weight: bold;\">Why do I need MySQL?</span>\r\nIf you have any information such as products, dates, customers, pictures, or any data that is not static, a database is an efficient way to manage that information. Sites that contain message boards, guest books, dynamic galleries, contact lists, or online product information can greatly benefit by storing their information on our fast, reliable and secure database server.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_MySQL_Development.png"},{"id":673,"title":"MS SQL Development","alias":"ms-sql-development","description":" Microsoft SQL Server is a relational database management system, or RDBMS, that supports a wide variety of transaction processing, business intelligence and analytics applications in corporate IT environments. It's one of the three market-leading database technologies, along with Oracle Database and IBM's DB2.\r\nLike other RDBMS technologies, SQL Server is primarily built around a row-based table structure that connects related data elements in different tables to one another, avoiding the need to redundantly store data in multiple places within a database. The relational model also provides referential integrity and other integrity constraints to maintain data accuracy; those checks are part of a broader adherence to the principles of atomicity, consistency, isolation, and durability - collectively known as the ACID properties and designed to guarantee that database transactions are processed reliably.\r\nThe advanced security features supported in all editions of Microsoft SQL Server starting with SQL Server 2016 SP1 include three technologies added to the 2016 release: Always Encrypted, which lets user update encrypted data without having to decrypt it first; row-level security, which enables data access to be controlled at the row level in database tables; and dynamic data masking, which automatically hides elements of sensitive data from users without full access privileges.","materialsDescription":" <span style=\"font-weight: bold;\">What is MS SQL?</span>\r\nMS SQL is short for Microsoft SQL Server. It is a relational web hosting database that is used to store web site information like blog posts or user information. MS SQL is the most popular type of database on Windows servers. It is not free but it has many advanced features that make it suitable for businesses.\r\n<span style=\"font-weight: bold;\">What are the features of MS SQL?</span>\r\nIn basic terms, an MS SQL database is capable of storing any type of data that you want. It will let you quickly store and retrieve information and multiple web site visitors can use it at one time. You will use SQL statements to accomplish all of this. In more technical terms, most versions of MS SQL have the following features:\r\n<ul><li>Buffer management</li><li>Logging and Transaction</li><li>Concurrency and locking</li><li>Replication services</li><li>Analysis services</li><li>Notification services</li><li>Integration services</li><li>Full-text search service</li><li>Stored procedures</li><li>Triggers</li><li>Views</li><li>Sub-SELECTs (i.e. nested SELECTs)</li></ul>\r\n<span style=\"font-weight: bold;\">What is MS SQL used for?</span>\r\nMS SQL is the database of choice for web applications on a Windows platform (using .NET or ASP). These languages make is extremely easy to connect to the MS SQL database. It is also used for many popular content management systems and other scripts.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_MS_SQL_Development.png"},{"id":675,"title":"MariaDB Development","alias":"mariadb-development","description":" MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system (RDBMS), intended to remain free and open-source software under the GNU General Public License. Development is led by some of the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle Corporation in 2009.\r\nMariaDB intended to maintain high compatibility with MySQL, ensuring a drop-in replacement capability with library binary parity and exact matching with MySQL APIs and commands. However, new features diverge more. It includes new storage engines like Aria, ColumnStore, and MyRocks.\r\nIts lead developer/CTO is Michael "Monty" Widenius, one of the founders of MySQL AB and the founder of Monty Program AB. On 16 January 2008, MySQL AB announced that it had agreed to be acquired by Sun Microsystems for approximately $1 billion. The acquisition completed on 26 February 2008. MariaDB is named after Monty's younger daughter, Maria. (MySQL is named after his other daughter, My.)","materialsDescription":" <span style=\"font-weight: bold;\">What is MariaDB?</span>\r\nMariaDB is a backward compatible, drop-in replacement of the MySQL® Database Server. It includes all major open source storage engines.\r\nThe source code for MariaDB is publically available on GitHub. Binaries and packages are also available.\r\n<span style=\"font-weight: bold;\">What is MariaDB's Release Policy and Schedule?</span>\r\nThe <link https://mariadb.com/kb/en/plans/ - external-link-new-window \"Opens internal link in current window\">MariaDB Development Plans</link> page links to plans for future versions of MariaDB.\r\nThe release schedule for upcoming MariaDB releases can be found on the <link https://jira.mariadb.org/projects/MDEV?selectedItem=com.atlassian.jira.jira-projects-plugin:release-page - external-link-new-window \"Opens internal link in current window\">MariaDB Jira release page</link>.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_MariaDB_Development.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6145,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/RadarServices.png","logo":true,"scheme":false,"title":"RadarServices Radar Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"radarservices-radar-platform","companyTitle":"RadarServices Smart IT-Security GmbH","companyTypes":["supplier","vendor"],"companyId":6202,"companyAlias":"radarservices-smart-it-security-gmbh","description":"The Radar Platform offers customers next generation technology. The inhouse developed solution is characterized by state-of-the-art intelligence automation being used to comprehensively monitor IT security and perform IT risk assessments. The agnostic platform is able to analyze and evaluate any logs, networks and other kinds of information. \r\n<b>Process </b>\r\n<ol> <li>Risks are detected by means of a multi-level correlation approach, combining different information and events, both in an automated way and through work by experts. Both customer-specific analogies and analogies involving several customers and sectors are applied. </li> <li>This correlation is based on a wide range of events, originating from both IT itself and the environment in which IT systems are operated. For this purpose, intelligent event middleware is used. </li> <li>Risks are presented for different user groups, including those not involved in IT: based on needs and clearly arranged, for critical business processes, IT services, and legal and regulatory requirements. </li> </ol>\r\n<i>The various Detection Modules within the Radar Platform lay the perfect foundation to safeguard your digital activities and footprints. </i>\r\n<b>Your benefits using Radar Platform </b>\r\n<ul> <li>Intelligent and efficient endpoint-to-endpoint solution </li> <li>Extensive knowledge database </li> <li>Turnkey concept to commence operations in a very short space of time </li> <li>Scalable deployment to increase turnover </li> </ul>","shortDescription":"The platform to analyze and assess cyberrisks\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"RadarServices Radar Platform","keywords":"","description":"The Radar Platform offers customers next generation technology. The inhouse developed solution is characterized by state-of-the-art intelligence automation being used to comprehensively monitor IT security and perform IT risk assessments. The agnostic platform","og:title":"RadarServices Radar Platform","og:description":"The Radar Platform offers customers next generation technology. The inhouse developed solution is characterized by state-of-the-art intelligence automation being used to comprehensively monitor IT security and perform IT risk assessments. The agnostic platform","og:image":"https://old.roi4cio.com/fileadmin/user_upload/RadarServices.png"},"eventUrl":"","translationId":6144,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":53,"title":"DaaS - Desktop as a Service","alias":"daas-desktop-as-a-service","description":"<span style=\"font-weight: bold; \">DaaS (Desktop as a service)</span> is a cloud computing offering in which a third party hosts the back end of a virtual desktop infrastructure (VDI) deployment.\r\nWith DaaS services, desktop operating systems run inside virtual machines on servers in a cloud provider's data center. All the necessary support infrastructure, including storage and network resources, also lives in the cloud. As with on-premises VDI, a DaaS providers stream virtual desktops over a network to a customer's endpoint devices, where end users may access them through client software or a web browser.\r\nThough it sounds a lot like VDI, there is a vital difference between DaaS and VDI. VDI refers to when virtual desktops are served through on-premise servers maintained by in-house IT teams. It’s the traditional way to deploy and manage virtual desktops. But since it’s on-premise, VDI technology technology must be maintained, managed, and upgraded in-house whenever necessary.\r\nDaaS service on the other hand, is a cloud-based virtual desktop solution that separates virtual desktops from on-premise servers, enabling brands to leverage a third-party hosting provider. It’s like VDI, but in the cloud instead of in the back of the office. \r\nHowever, it’s not necessary to choose one or the other. These two approaches can complement each other. Some users prefer to have a DaaS desktop overlay of their VDI deployment. For example, the Desktop as a Service providers allow the user to modernize legacy applications with zero code refactoring. Not all legacy Windows apps perform well in a DaaS environment, due to latency or hardware requirements. \r\nThe modern workplace requires agility, leading to many companies embracing mobile working and Bring Your Own Device (BYOD) policies against a backdrop of increased concern about security risk, compliance requirements and the ever-present need to reduce overheads. This is why, over a decade after analysts predicted the rise of remote desktop as a service, it is now finally being taken up in volume.\r\nBy adopting Desktop as a Service, companies can address the issues associated with end-user computing while giving their staff more freedom and increasing productivity. The pain associated with managing a multitude of devices, including those not supplied by the company, is eliminated. While remaining compliant, companies can greatly reduce risks. ","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How does desktop as a service work?</span></h1>\r\nDaaS architecture is multi-tenant, and organizations purchase the service through a subscription model -- typically based on the number of virtual desktop instances used per month.\r\nIn the desktop-as-a-service delivery model, the cloud computing provider manages the back-end responsibilities of data storage, backup, security and upgrades. While the provider handles all the back-end infrastructure costs and maintenance, customers usually manage their own virtual desktop images, applications and security, unless those desktop management services are part of the subscription.\r\nTypically, an end user's personal data is copied to and from their virtual desktop during logon and logoff, and access to the desktop is device-, location- and network-independent.\r\n<h1 class=\"align-center\">The benefits of Desktop as a Service</h1>\r\nMany organisations are undergoing digital transformation, and modernising the workplace is often a stream within the wider strategy. In order to manage remote and multi-device workforces using DaaS, you should think about the following seven benefits and how this will change, and hopefully improve, your currently way of working.\r\n<span style=\"font-weight: bold;\">The modern workplace.</span> Digital transformation is redefining what we think about the workplace. At the heart of this evolution is technology and the introduction of digital-first natives into the workplace. Allowing staff to work remotely, through DaaS in cloud and via their own devices is a surefire way to attract and retain the best talent.\r\n<span style=\"font-weight: bold;\">Cost.</span> As with many cloud initiatives, DaaS pricing moves from CAPEX to OPEX, leaving you more cash in the bank to spend on growing your business. Per desktop pricing enables you to know exactly what workforce expansion will cost the IT department, removing unforeseen infrastructure or hardware purchases as this is handled by the provider, who bundle everything in with the price of each desktop.Virtual machines use the compute power of the data centre rather than their local machines, placing less demand on the endpoint. <span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">Scalability</span>. Due to the ‘...as a service’ delivery model, DaaS platform enables you to add user workstations fast and easily. This is particularly handy when your organisation utilises contract resource or temporary project teams, as there’s no hardware to procure, meaning you have the flexibility to create a desktop almost instantly and delete it when no longer required. This also puts you in control.\r\n<span style=\"font-weight: bold;\">Control.</span> DaaS helps you manage the risks that naturally come with giving your staff the freedom to work anywhere and on any device. It enables you to control the essentials such as data access and compliance without being overly restrictive. You no longer have to worry about what data is held on a user’s device as the data remains in the data centre at all times. This gives you control over all company assets because access can be revoked with the touch of a button.\r\n<span style=\"font-weight: bold;\">Management.</span> With an increasingly dispersed workforce, rolling out new applications or patching existing software has become more of a logistical problem than a technical one. Trying to coordinate people bringing in physical devices to be patched is a real issue for many companies, something which is eliminated completely with DaaS. You operate on one central image (or a small number of images based on persona), a change is made once, and everyone is on the latest version. It removes the need to standardise builds of end-user compute hardware as DaaS applications will run on almost any device no matter its configuration.\r\n<span style=\"font-weight: bold;\">Security.</span> DaaS moves the security risk from hundreds of end-user devices and put it all into the controlled and managed environment of a data centre. Lost or stolen laptops no longer provide a security risk. No data is on the local machine. As DaaS removes the need to create VPNs to access applications and data held by the company it also removes the problem of users trying to bypass the security in the belief that it will make their life easier. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/DaaS_-_Desktop_as_a_Service.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4610,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Pondurance_logo.png","logo":true,"scheme":false,"title":"Pondurance Enterprise Security Testing","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"pondurance-enterprise-security-testing","companyTitle":"Pondurance","companyTypes":["supplier","vendor"],"companyId":7003,"companyAlias":"pondurance","description":"Assessing the security posture through Enterprise Security Testing is one of many the steps necessary to protecting the organizations information assets. \r\nWith the advent of new technologies and inherent interconnectivity, an entire digital frontier has become unharnessed. \r\nWith these great conveniences and efficiencies new challenges are presented that increase the complexity of protecting sensitive information before it ends up in the hands of an adversary.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Enterprise Security Testing Service Offerings:</span></p>\r\n<span style=\"font-weight: bold;\">Vulnerability Testing & Assessment </span>– Vulnerability testing and assessments examine the underlying systems and resources that make up the infrastructure. Team searches for vulnerabilities and weaknesses that may put the enterprise environment at risk. \r\nThe vulnerability assessment will provide an organization with the discovery, analysis, and controlled exploitation of security vulnerabilities that are accessible from external and internal sources. Identified vulnerabilities are validated through both manual and automated processes to eliminate false positive findings.\r\n<span style=\"font-weight: bold;\">Penetration Testing:</span> Penetration tests help to truly quantify the impact of a real-world security incident or an attack against your environment. \r\nLeveraging the same tools and techniques as an attacker, penetration testing activities are performed to fully assess the effectiveness of the organization’s controls. \r\nPondurance approaches penetration testing in a controlled manner by first coordinating with client personnel to identify the goals and objectives of the test, establishing rules of engagement, and expected end results. \r\nFrom an availability perspective denial-of-service (DoS) conditions are never intentionally pursued in penetration testing engagements. \r\nFinally, Pondurance consultants maintain constant communication via our secure portal so that everyone is aware of the activities as they unfold and are completed.\r\n<span style=\"font-weight: bold;\">Secure Configuration Review:</span> Pondurance reviews operating systems and network devices for configuration settings that align with industry best practices and vendor-recommended guidelines.\r\n<span style=\"font-weight: bold;\">Security Architecture Review:</span> This activity reviews a comprehensive list of the organization’s technical and strategic information security requirements, such as network design, access controls, environment assets, remote access, and monitoring, alerts, and reports of the underlying infrastructure. \r\nThe architecture is then compared against best practices or requirements and any improvements or gaps are documented with recommendations to assist with alleviating the current risk.\r\n<span style=\"font-weight: bold;\">Physical Security Testing:</span> This service penetrates the physical security of a targeted facility through the identification of gaps and/or weaknesses in the facility’s physical security controls. This service includes the manipulation of locks, identification systems, and entryways.\r\n<span style=\"font-weight: bold;\">Social Engineering:</span> Social Engineering identifies gaps in your employee information security awareness training and pinpoints what changes to your business’s culture will need to be made to continue to conduct business in the modern world. \r\nBased on these needs, the following social engineering tests are available:\r\n<ul><li><span style=\"font-weight: bold;\">User Based:</span> This uses various electronic communication mediums (email, telephone, social networking, etc.) to take advantage of the environment’s users in order to gain access to sensitive information or targeted data. Common scenarios include coordinated pre-texted calling scenarios and targeted email phishing campaigns.</li><li><span style=\"font-weight: bold;\">Physical Based:</span> A physical based social engineering test takes advantage of weaknesses in the physical security and your user’s security awareness training to attempt to gain unauthorized access to the facility and sensitive data assets.</li></ul>\r\n<span style=\"font-weight: bold;\">Wireless Testing:</span> Wireless testing provides examines security vulnerabilities and exposures within the targeted environment through the use of wireless radio analysis and configuration review. This service can target technology and implementation vulnerabilities, as well as user information security awareness.<br /><br />","shortDescription":"Service focuses on the current information security posture of an organization’s information assets. It examines the infrastructure, people, and technologies to identify vulnerabilities.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Pondurance Enterprise Security Testing","keywords":"","description":"Assessing the security posture through Enterprise Security Testing is one of many the steps necessary to protecting the organizations information assets. \r\nWith the advent of new technologies and inherent interconnectivity, an entire digital frontier has becom","og:title":"Pondurance Enterprise Security Testing","og:description":"Assessing the security posture through Enterprise Security Testing is one of many the steps necessary to protecting the organizations information assets. \r\nWith the advent of new technologies and inherent interconnectivity, an entire digital frontier has becom","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Pondurance_logo.png"},"eventUrl":"","translationId":4610,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":718,"title":"IT Consulting","alias":"it-consulting","description":" In management, information technology consulting (also called IT consulting, computer consultancy, business and technology services, computing consultancy, technology consulting, and IT advisory) as a field of activity focuses on advising organizations on how best to use information technology (IT) in achieving their business objectives.\r\nThe IT consulting industry can be viewed as a Four-tier system:\r\n<ul><li>Professional services firms which maintain large professional workforces and command high bill rates.</li><li>Staffing firms, which place technologists with businesses on a temporary basis, typically in response to employee absences, temporary skill shortages and technical projects.</li><li>Independent consultants, who are self-employed or who function as employees of staffing firms (for US tax purposes, employed on Form W-2), or as independent contractors in their own right (for US tax purposes, on "1099").</li><li>Information Technology security consultants</li></ul>\r\nThere are different reasons why consultants are called in:\r\n<ul><li>To gain external, objective advice and recommendations</li><li>To gain access to the consultants' specialized expertise</li><li>Temporary help during a one-time project where the hiring of a permanent employee(s) is not required or necessary</li><li>To outsource all or part of the IT services from a specific company.</li></ul>\r\nThere is a relatively unclear line between management consulting and IT consulting. There are sometimes overlaps between the two fields, but IT consultants often have degrees in computer science, electronics, technology, or management information systems while management consultants often have degrees in accounting, economics, Industrial Engineering, finance, or a generalized MBA (Masters in Business Administration).\r\nAccording to the Institute for Partner Education & Development, IT consultants' revenues come predominantly from design and planning based consulting with a mixture of IT and business consulting. This is different from a systems integrator in that you do not normally take title to product. Their value comes from their ability to integrate and support technologies as well as determining product and brands. ","materialsDescription":"<span style=\"font-weight: bold; \">Who is an information technology (IT) consultant?</span>\r\nAn information technology consultant is a third-party service provider who is qualified to advise clients on the best use of IT to meet specific business requirements. IT consultants may work with a professional IT consultancy firm or as independent contractors. They may conduct a business needs assessment and develop an information systems solution that meets the organization's objectives.\r\nSome information technology consultants emphasize technical issues while others help organizations use IT to manage business processes. Still others specialize in a specific IT area such as information security.\r\nIT consultants need a deep knowledge of both business and information technology. A bachelor's degree in management information systems, computer science, or information science is the typical path into a technical consultancy career. IT certifications supplement this foundation with specialized technical training. Information technology degree and certification programs are available online to accommodate working IT professionals.\r\n<span style=\"font-weight: bold; \">What are the prerequisites and major obstacles?</span>\r\nOnce a business owner defined the needs to take a business to the next level, a decision maker will define a scope, cost and a time-frame of the project. The role of the IT consultancy company is to support and nurture the company from the very beginning of the project until the end, and deliver the project not only in the scope, time and cost but also with complete customer satisfaction.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Project scoping and planning</span></span>\r\nThe usual problem is that a business owner doesn't know the detail of what the project is going to deliver until it starts the process. In many cases, the incremental effort in some projects can lead to significant financial loss.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Business process and system design</span></span>\r\nThe scope of a project is linked intimately to the proposed business processes and systems that the project is going to deliver. Regardless of whether the project is to launch a new product range or discontinue unprofitable parts of the business, the change will have some impact on business processes and systems. The documentation of your business processes and system requirements are as fundamental to project scoping as an architects plans would be to the costing and scoping of the construction of a building.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Project management support</span></span>\r\nThe most successful business projects are always those that are driven by an employee who has the authority, vision and influence to drive the required changes in a business. It is highly unlikely that a business owner (decision maker or similar) will realize the changes unless one has one of these people in the employment. However, the project leadership role typically requires significant experience and skills which are not usually found within a company focused on day-to-day operations. Due to this requirement within more significant business change projects/programs, outside expertise is often sought from firms which can bring this specific skill set to the company.\r\n<span style=\"font-weight: bold;\">What are the skills of IT-consulting?</span>\r\nAn IT consultant needs to possess the following skills:\r\n<ul><li>Advisory skills</li><li>Technical skills</li><li>Business skills</li><li>Communication skills</li><li>Management skills</li><li>Advisory language skills</li><li>Business and management language skills</li><li>Technical language skills</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IT_Consulting.png"},{"id":727,"title":"IT Security Audit","alias":"it-security-audit","description":" A <span style=\"font-weight: bold; \">computer security audit</span> is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, or CAAT's, include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches.\r\nAt its root, an <span style=\"font-weight: bold; \">IT security audit</span> includes two different assessments. The manual assessment occurs when an internal or external IT security audit companies interview employees, reviews access controls, analyzes physical access to hardware, and performs vulnerability scans. \r\nAudit, performed by IT security audit services or IT security audit software, analyzes individual technical infrastructure components at a detailed level, ensuring that each is functioning in a manner that reinforces appropriate information security. The stakes are made higher with a number of regulatory compliance requirements mandating that IT audits be included in organizational due diligence efforts. These reviews should occur, at a minimum, annually. Some organizations, however, prefer to do them more frequently.\r\nOrganizations should also review system-generated reports. Automated assessments not only incorporate that data, but also respond to software monitoring reports and changes to server and file settings.\r\nSecurity audits, vulnerability assessments, and penetration testing are the <span style=\"font-weight: bold; \">three main types of security diagnostics. </span>Each of the three takes a different approach and may be best suited for a particular purpose. \r\n<span style=\"font-weight: bold; \">Security audits</span> measure an information system's performance against a list of criteria. \r\nA <span style=\"font-weight: bold; \">vulnerability assessment,</span> on the other hand, involves a comprehensive study of an entire information system, seeking potential security weaknesses. \r\n<span style=\"font-weight: bold; \">Penetration testing</span> is a covert operation, in which a security expert tries a number of attacks to ascertain whether or not a system could withstand the same types of attacks from a malicious hacker. In penetration testing, the feigned attack can include anything a real attacker might try, such as social engineering. Each of the approaches has inherent strengths, and using two or more of them in conjunction may be the most effective approach of all.\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: bold;\">What is a security audit?</span></h1>\r\nA Security Audit is a process or event where the IT security policy or standards are used as a basis to determine the overall state of existing protection and to verify whether existing protection is being performed properly. It aims to determine whether the current environment is securely protected in accordance with the defined IT security policy.<br />Before performing a security assessment or audit, the organization should define the scope of the security audit, and the budget and duration allowed for the assessment/audit.\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold;\">How often should a security audit be performed?</span></h1>\r\nA security audit only provides a snapshot of the vulnerabilities in a system at a particular point in time. As technology and the business environment changes, periodic and ongoing reviews will inevitably be required. Depending on the criticality of the business, a security audit might be conducted yearly, or every two years.\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold;\">Who should perform a security audit?</span></h1>\r\nA security audit is a complex task requiring skilled and experienced personnel; it must be planned carefully. To perform the audit an independent and trusted third party is recommended. This third party can be another group of in-house staff or an external audit team, dependent on the skills of the internal staff and the criticality/sensitivity of the information being audited.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IT_Security_Audit.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4866,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Macmon_nac_smart.png","logo":true,"scheme":false,"title":"Macmon NAC Smart","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"macmon-nac-smart","companyTitle":"macmon secure","companyTypes":["vendor"],"companyId":5271,"companyAlias":"macmon-secure","description":"Until recently, the cost-benefit ratio for purchasing and implementing a Network Access Control (NAC) solution was too high for small and medium-sized businesses. But IT risks are rising in SMBs as well; it’s just that they lack the time, budget and personnel. Macmon NAC smart provides oversight, control and security for your network and is specially designed for small and medium-sized businesses.\r\nIn addition to offering comprehensive network transparency, guest and BYOD management and differentiated policy enforcement, the BSI (German Federal Office for Information Security) certified solution can be up and running quickly and in just a few hours without changes to your infrastructure.\r\n<span style=\"font-weight: bold;\">Your benefits with Macmon NAC Smart:</span>\r\n<ul><li>3 years of network access control in an all-inclusive package</li><li>The full range of features of the macmon Premium Bundle</li><li>Up to 150 or 250 nodes (extension possible)</li><li>Completely set up and ready for operation in max. 4 hours via a remote session</li><li>Choice of a high-quality appliance or a virtual version</li><li>3-year NBD warranty on the appliance</li></ul>\r\n<span style=\"font-weight: bold;\">With Macmon NAC Smart:</span>\r\n<ul><li>All network access points are protected against unauthorized access.</li><li>Unauthorized access to and from IoT devices is prevented.</li><li>Guests are given appropriate access to resources via a guest portal.</li><li>Suspicious changes in the network trigger alarms or other responses.</li><li>Employees can use their private devices easily and in a controlled manner.</li><li>Attackers and foreign devices are not allowed access.</li><li>Infected devices are automatically disconnected from the network.</li><li>External employees receive controlled access to selected resources.</li><li>Administrators see a graphical overview of the network – in real-time.</li><li>All devices can be found and located in the network.</li><li>Endpoints connected to VoIP telephones are precisely controlled.</li><li>IoT devices are detected and smartly operated by the rest of the IT infrastructure.</li><li>Port configuration and network documentation are performed automatically.</li><li>Employees who move automatically receive the same access to their usual resources.</li></ul>","shortDescription":"Macmon NAC Smart - network access control for small and medium-sized businesses.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Macmon NAC Smart","keywords":"","description":"Until recently, the cost-benefit ratio for purchasing and implementing a Network Access Control (NAC) solution was too high for small and medium-sized businesses. But IT risks are rising in SMBs as well; it’s just that they lack the time, budget and personnel.","og:title":"Macmon NAC Smart","og:description":"Until recently, the cost-benefit ratio for purchasing and implementing a Network Access Control (NAC) solution was too high for small and medium-sized businesses. But IT risks are rising in SMBs as well; it’s just that they lack the time, budget and personnel.","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Macmon_nac_smart.png"},"eventUrl":"","translationId":4866,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4867,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/mb_connect_line.png","logo":true,"scheme":false,"title":"MB Connect Line mbNET.rokey","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"mb-connect-line-mbnetrokey","companyTitle":"MB Connect Line","companyTypes":["supplier","vendor"],"companyId":5272,"companyAlias":"mb-connect-line","description":"Giving local staff the possibility to allow or disallow remote access is a recommendation of cybersecurity agencies such as the German BSI, the French ANSSI or the European ENISA. By offering a 2-level access control mbNET.rokey complies with recommended practices for secure remote services.\r\n<ul><li>On-board 2-level remote access key</li><li>On-board hardware secure element</li><li>Upgradable to full IoT-Gateway capabilities (see mbEDGE)</li><li>Internet connection via Ethernet, WAN interface or modem</li><li>Firewall with IP filter, Simple-NAT, 1:1 NAT and port forwarding</li><li>4 digital inputs, 2 digital outputs</li><li>SD card slot for expanding the data memory</li><li>Extended temperature range (-40°C bis +75°C)</li><li>Multi-colored LEDs for clear state-signaling</li><li>USBoverIP-capable</li></ul>\r\nmbNET.rokey with serial interface\r\n<ul><li>4x LAN</li><li>1x WAN</li><li>1x RS 232/485</li></ul>\r\nmbNET.rokey with MPI/Profibus interface\r\n<ul><li>4x LAN</li><li>1x WAN</li><li>1x MPI/PROFIBUS</li></ul>\r\nmbNET.rokey with LAN and WAN\r\n<ul><li>4x LAN</li><li>1x WAN</li></ul>","shortDescription":"mbNET.rokey - secure remote access with key switch.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"MB Connect Line mbNET.rokey","keywords":"","description":"Giving local staff the possibility to allow or disallow remote access is a recommendation of cybersecurity agencies such as the German BSI, the French ANSSI or the European ENISA. By offering a 2-level access control mbNET.rokey complies with recommended pract","og:title":"MB Connect Line mbNET.rokey","og:description":"Giving local staff the possibility to allow or disallow remote access is a recommendation of cybersecurity agencies such as the German BSI, the French ANSSI or the European ENISA. By offering a 2-level access control mbNET.rokey complies with recommended pract","og:image":"https://old.roi4cio.com/fileadmin/user_upload/mb_connect_line.png"},"eventUrl":"","translationId":4868,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":178,"title":"IoT - Internet of Things","alias":"iot-internet-of-things","description":"The Internet of things (IoT) is the extension of Internet connectivity into physical devices and everyday objects. Embedded with electronics, Internet connectivity, and other forms of hardware (such as sensors), these devices can communicate and interact with others over the Internet, and they can be remotely monitored and controlled.\r\nThe definition of the Internet of things has evolved due to the convergence of multiple technologies, real-time analytics, machine learning, commodity sensors, and embedded systems. Traditional fields of embedded systems, wireless sensor networks, control systems, automation (including home and building automation). and others all contribute to enabling the Internet of things. In the consumer market, IoT technology is most synonymous with products pertaining to the concept of the "smart home", covering devices and appliances (such as lighting fixtures, thermostats, home security systems and cameras, and other home appliances) that support one or more common ecosystems, and can be controlled via devices associated with that ecosystem, such as smartphones and smart speakers.\r\nThe IoT concept has faced prominent criticism, especially in regards to privacy and security concerns related to these devices and their intention of pervasive presence.","materialsDescription":"<span style=\"font-weight: bold;\">What is the Internet of Things (IoT)?</span>\r\nThe Internet of things refers to the network of things (physical objects) that can be connected to the Internet to collect and share data without human-to-human or human-to-computer interaction.\r\n<span style=\"font-weight: bold;\">Why is it called the Internet of Things?</span>\r\nThe term Internet of things was coined by Kevin Ashton in 1999. Stemming from Kevin Ashton’s experience with RFID, the term Internet of things originally described the concept of tagging every object in a person’s life with machine-readable codes. This would allow computers to easily manage and inventory all of these things.\r\nThe term IoT today has evolved to a much broader prospect. It now encompasses ubiquitous connectivity, devices, sensors, analytics, machine learning, and many other technologies.\r\n<span style=\"font-weight: bold;\">What is an IoT solution?</span>\r\nAn IoT solution is a combination of devices or other data sources, outfitted with sensors and Internet connected hardware to securely report information back to an IoT platform. This information is often a physical metric which can help users answer a question or solve a specific problem.\r\n<span style=\"font-weight: bold;\">What is an IoT Proof of Concept (PoC)?</span>\r\nThe purpose of a PoC is to experiment with a solution in your environment, collect data, and evaluate performance from a set timeline on a set budget. A PoC is a low-risk way to introduce IoT to an organization.\r\n<span style=\"font-weight: bold;\">What is an IoT cloud platform?</span>\r\nAn IoT platform provides users with one or more of these key elements — visualization tools, data security features, a workflow engine and a custom user interface to utilize the information collected from devices and other data sources in the field. These platforms are based in the cloud and can be accessed from anywhere.\r\n<span style=\"font-weight: bold;\">What is industrial equipment monitoring?</span>\r\nIndustrial equipment monitoring uses a network of connected sensors - either native to a piece of equipment or retrofitted - to inform owners/operators of a machine’s output, component conditions, need for service or impending failure. Industrial equipment monitoring is an IoT solution which can utilize an IoT platform to unify disparate data and enable decision-makers to respond to real-time data.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/IoT_-_Internet_of_Things.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4356,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/change_tracker.png","logo":true,"scheme":false,"title":"Change Tracker Gen7 R2","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"change-tracker-gen7-r2","companyTitle":"New Net Technologies LLC","companyTypes":["supplier","vendor"],"companyId":6751,"companyAlias":"new-net-technologies-llc","description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">IT SECURITY & COMPLIANCE - PROBLEM SOLVED!</span></p>\r\nNNT’s Change Tracker™ Gen7 R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ensuring the integrity of IT systems. \r\nCompletely redesigned with both security and IT operations in mind, Change Tracker™ Gen7 R2 is the only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management that meets the most demanding enterprise environments.\r\nGen7 R2 integrates with leading Service desks and Change Management solutions to reconcile the changes that are actually occurring within your environment with those that were expected and part of an approved Request for Change. \r\nSecurity and IT Service Management (ITSM) have traditionally observed and managed change in two very different ways. By linking the changes approved and expected within the ITSM world with those that are actually happening from a security perspective, SecureOps™ is delivered and underpins effective, ongoing security and operational availability.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Change Tracker Features And Benefits</span></p>\r\n<span style=\"font-weight: bold; \">Automates CIS Controls</span>\r\nSpot cyber threats, identify any suspicious changes and adjust the secure baseline for all of your systems in real-time with NNT Change Tracker™ Gen7R2. Approve changes to the authorized baseline with a simple point and click.\r\n<span style=\"font-weight: bold; \">Breach Prevention</span>\r\nEnsure all IT assets are secure and breach free at all times by leveraging state of the art, recommended security and configuration hardening settings along with real-time system vulnerability and configuration drift management.\r\n<span style=\"font-weight: bold; \">Breach Detection</span>\r\nChange Tracker™ Gen7 R2 identifies suspicious activity using highly sophisticated contextual change control underpinned by threat intelligence to spot breach activity while reducing change noise.\r\n<span style=\"font-weight: bold; \">Real-Time Contextual File Integrity Monitoring</span>\r\nChange Tracker™ intelligently analyzes all changes in real-time leveraging the world’s largest repository of independently verified whitelisted files combined with intelligent and automated planned change rules to significantly reduce change noise and deliver a true FIM solution.\r\n<span style=\"font-weight: bold; \">System Hardening & Vulnerability Management</span>\r\nMinimize your attack surface with continuous and real-time clear configuration guidance and remediation based on CIS and other industry standard benchmarks for system hardening and vulnerability mitigation guidance.\r\n<span style=\"font-weight: bold; \">Continuous Compliance Monitoring Across all Industries</span>\r\nNNT provides comprehensive tailored or pre-built reports to provide vital evidence to security staff, management and auditors of the ongoing and improving state of your organizations secure and compliant posture.\r\n<p class=\"align-center\"><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">New Features and Functionality</span></span></p>\r\n<ul><li>All new Dashboard, fully customizable with choice of widgets and multiple tabs for alternative Dashboard layouts</li></ul>\r\n\r\n<ul><li>‘Single-Page Application’ design gives a contemporary, super-responsive Change Tracker experience</li></ul>\r\n\r\n<ul><li>New universal Query/Report controls, consistently available, enables reports to be built ‘off the page’</li></ul>\r\n\r\n<ul><li>New Reports Center – build and schedule any reports, with graphically-rich content, including all new Executive Report showing overall security of your estate</li></ul>\r\n\r\n<ul><li>‘Expert Event Analysis’ sections for reports, with events automatically pre-analyzed to show ‘noisiest’ devices, paths, registry settings and any other monitored configuration attributes to aid decision making in your Change Control Program</li></ul>\r\n\r\n<ul><li>Report production now performance optimized, even large volume event reports are generated on a streamed basis to minimize impact on Hub server resources</li></ul>\r\n\r\n<ul><li>Report properties can be tailored – include a hyperlinked Table of Contents, Event Details table and Query Parameters, together with as many/few event attributes as required</li></ul>\r\n\r\n<ul><li>New Group & Device/Date & Time filter and selection control panel, selections persist for any page accessed, panel can be hidden when not in use to give a ‘full screen’ display of the Dashboard</li></ul>\r\n\r\n<ul><li>User-defined auto-refresh settings for all pages</li></ul>\r\n\r\n<ul><li>New componentized Planned Changes, allowing easy re-use of schedules and/or rulesets, driven by a new Planned</li></ul>\r\n\r\n<ul><li>New ‘FAST list’ planned change rule option, ensures only file changes you select as permitted, allows a user-defined list of approved file changes to be operated – like a personal FAST Cloud!</li></ul>\r\n\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Operating at a forensic level within the IT infrastructure, Change Tracker™ works across all popular platforms such as:</span></p>\r\n<ul><li>Windows, all versions including Server 2019, 2016 and Windows 10, XP, 2003/R2, Windows 7, Windows 8/8.1, 2008R2, 2012/R2 (Core and GUI)</li><li>Linux, all versions, including Ubuntu, SUSE, CentOS, RedHat, Oracle, FreeBSD and Apple MAC OS</li><li>Unix, all versions including Solaris, HPUX, AIX, Tandem Non-Stop</li><li>VMWare, all versions including ESXi</li><li>Database Systems, including Oracle, SQL Server, DB2, PostgreSQL, My SQL</li><li>Network Devices and Appliances, all types and manufacturers, including routers, switches and firewalls, from Cisco, Nortel, Juniper, Fortinet and Checkpoint</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","shortDescription":"The only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Change Tracker Gen7 R2","keywords":"","description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">IT SECURITY & COMPLIANCE - PROBLEM SOLVED!</span></p>\r\nNNT’s Change Tracker™ Gen7 R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ","og:title":"Change Tracker Gen7 R2","og:description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">IT SECURITY & COMPLIANCE - PROBLEM SOLVED!</span></p>\r\nNNT’s Change Tracker™ Gen7 R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/change_tracker.png"},"eventUrl":"","translationId":4358,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as "the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents".\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>"Catch-it-as-you-can" – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>"Stop, look and listen" – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":489,"title":"Network Security Policy Management","alias":"network-security-policy-management","description":" <span style=\"font-weight: bold; \">Network security policy management </span>streamlines security policy design and enforcement. It applies rules and best practices to manage firewalls and other devices more effectively, efficiently, and consistently. Administrators need network security management solutions to get a high level of visibility into network behavior, automate device configuration, enforce global policies, view firewall traffic, generate reports, and provide a single management interface for physical and virtual systems.\r\nSecurity policies govern the integrity and safety of the network. They provide rules for accessing the network, connecting to the Internet, adding or modifying devices or services, and more. However, rules are only effective when they are implemented. Network security management policy helps organizations stay compliant and secure by ensuring that their policies are simplified, consistent, and enforced. It helps reduce manual tasks and human errors by simplifying administration with security policy and workflow tools through a centralized management interface.\r\nNetwork security management can reduce risk across the network and protect data by leveraging the information on threats, network vulnerabilities and their criticality, evaluating potential options to block an attack, and providing intelligence for decision support. Policy administration is improved by unifying common policy tasks within a single interface, automating policy change workflow, including compliance audits and the management of multiple firewall vendors. This simplified and automated security policy management enables IT teams to save time, avoid manual errors, and reduce risk. \r\nThere are the whole network security policy management market with different tools and solutions available. Businesses use them to automate administrative tasks, which can improve accuracy and save time. The solutions can make management processes less tedious and time consuming, and can free up personnel for higher-value projects. These solutions also help IT teams avoid misconfigurations that can cause vulnerabilities in their networks. And if problems arise, network security policy management solutions can ease troubleshooting and remediation. ","materialsDescription":"<h1 class=\"align-center\">Benefits of network security policy management</h1>\r\n<span style=\"font-weight: bold;\">Streamline security policy design and enforcement</span>\r\nA network security policy management solution can help organizations achieve:\r\n<ul><li><span style=\"font-weight: bold;\">Better security.</span> Network security policy management streamlines security policy design and enforcement.</li><li><span style=\"font-weight: bold;\">Ease of use.</span> Network security policy management tools orchestrate policy design and implementation.</li><li><span style=\"font-weight: bold;\">Consistency. </span>Solutions provide templates, model policies, and configurations.</li><li><span style=\"font-weight: bold;\">Time savings.</span> Deployments are faster, and automation helps empower staff to focus on other business priorities.</li><li><span style=\"font-weight: bold;\">Lower costs.</span> Cloud-based solutions scale to thousands of devices, requiring fewer resources and allowing for centralized management.</li></ul>\r\n<span style=\"font-weight: bold;\">Apply best practices to meet challenges in firewall management</span>\r\nOver time, firewalls collect more and more configuration rules and objects. Network security policy management solutions can help combat this bloat and improve security by addressing:\r\n<ul><li><span style=\"font-weight: bold;\">Object auditing.</span> Administrators need to merge and reduce duplicate objects, determine which unused objects should be deleted, and identify inconsistent objects. Network security policy management tools help them achieve a cleaner, more consistent configuration that is less of a nuisance to manage and less vulnerable to attacks.</li><li><span style=\"font-weight: bold;\">Policy inconsistencies.</span> The network security policy management tools locate unused or shadow policies and assist IT to fix possible problems.</li><li><span style=\"font-weight: bold;\">Version control and upgrades.</span> Network security policy management solutions ease these transitions with filters that simplify and automate processes and ensure high availability.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Security_Policy_Management.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":836,"title":"DRP - Digital Risk Protection","alias":"drp-digital-risk-protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3845,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/pradeo.png","logo":true,"scheme":false,"title":"Pradeo Security Systems Mobile Threat Defense","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"pradeo-security-systems-mobile-threat-defense","companyTitle":"Pradeo","companyTypes":["supplier","vendor"],"companyId":5308,"companyAlias":"pradeo-security-systems","description":"<b>Pradeo</b> developed an advanced Artificial Intelligence process delivering the most accurate threat detection technology of the market. Through the years, the Pradeo intelligence center has collected billions of mobile security data, implemented thousands of security rules and detected millions of severe mobile threats and billions of leaky behaviors.\r\n<b>APPLICATION SECURITY </b>\r\nMost mobile threats do not have viral signatures. In order to detect and prevent zero-day attacks, Pradeo’s mobile application scanning capability accurately identifies all mobile applications behaviors and vulnerabilities. Then, it contextualizes information to avoid false-positive alerts and only blocks applications that represent a real threat.\r\n<b>Key Features:</b>\r\n<ul> <li>Unknown, known and advanced threats detection</li> <li>Static and dynamic analysis</li> <li>Zero false positive</li> <li>Automatic blocking of applications</li> <li>Vulnerabilities detection </li> <li>Remediation of risky behaviors </li> </ul>\r\n<b>NETWORK SECURITY </b>\r\nAs the amount of public hotspots keeps increasing and people tend to connect to several ones a day, Pradeo Security screens in real-time network configuration and parameters. As a result, it prevents network-related attacks such as Man-In-The-Middle. \r\n<b>Key Features:</b>\r\n<ul> <li>Man In the Middle detection </li> <li>Network access control </li> <li>SSL certificates check </li> <li>Secure browser </li> </ul>\r\n<b>DEVICE SECURITY </b>\r\nA device that is jailbroken, rooted, running on an outdated operating system, etc. is vulnerable to device-related attacks and thus, represents a security flaw in the mobile chain. Pradeo Security monitors device integrity by inspecting all its potentially defective aspects. \r\n<b>Key Features:</b>\r\n<ul> <li>OS vulnerabilities detection </li> <li>Root / jailbreak exploitation detection </li> <li>Identification of system takeover </li> <li>Abnormal battery consumption detection </li> </ul>","shortDescription":"Pradeo protects organizations’ mobile devices, applications and data","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Pradeo Security Systems Mobile Threat Defense","keywords":"","description":"<b>Pradeo</b> developed an advanced Artificial Intelligence process delivering the most accurate threat detection technology of the market. Through the years, the Pradeo intelligence center has collected billions of mobile security data, implemented thousands ","og:title":"Pradeo Security Systems Mobile Threat Defense","og:description":"<b>Pradeo</b> developed an advanced Artificial Intelligence process delivering the most accurate threat detection technology of the market. Through the years, the Pradeo intelligence center has collected billions of mobile security data, implemented thousands ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/pradeo.png"},"eventUrl":"","translationId":3844,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"},{"id":375,"title":"Mobile Enterprise Security","alias":"mobile-enterprise-security","description":" Because mobile devices are easily lost or stolen, data on those devices is vulnerable. Enterprise mobility management is a set of systems intended to prevent unauthorized access to enterprise applications and/or corporate data on mobile devices. These can include password protection, encryption and/or remote wipe technology, which allows an administrator to delete all data from a misplaced device. With many systems, security policies can be centrally managed and enforced. Such device management systems are programmed to support and cooperate with the application programming interfaces (APIs) from various device makers to increase security compliance.\r\nThe data transfer between mobile device and the enterprise should always be encrypted, for example through a VPN tunnel or over HTTPS.\r\nMobile devices in companies with "bring your own device" (BYOD) policies are often used both personally and professionally. In these cases, corporate IT has less control over whether malware is on the device and what damage may be caused to corporate data. Apart from careful user behavior - data storage on the mobile device should be limited and centrally organized.","materialsDescription":" <span style=\"font-weight: bold;\">What is mobile security?</span>\r\nMobile security refers to the set of technologies and practices that aim to protect mobile devices against operating system vulnerabilities, network and app attacks, or mobile malware. Technologies such as enterprise mobility management (EMM) solutions manage compliance policies and issues relating to device privilege or loss.\r\n<span style=\"font-weight: bold;\">What are mobile security threats?</span>\r\nMobile security threats are vulnerabilities or attacks that attempt to compromise your phone's operating system, internet connection, Wi-Fi and Bluetooth connections, or apps. Smartphones possess very different behaviors and capabilities compared to PCs or laptops and need to be equipped to detect attacks specific to mobile devices. Mobile devices contain unique functions and behaviors making traditional IT security solutions ineffective for securing mobile devices. One of the primary differences in how mobile devices are different from PCs and laptops is administration privileges. There are several administrators for a PC or laptop making it simple for corporate IT to install security software and monitor computers for problems. On mobile devices, the administration is handled by the device owner. The device owner is the only one that can install apps or allow other management profiles on the device. This means the burden of securing the mobile device and its data falls entirely on the user--who may not have the time or expertise to provide proper mobile device security.\r\n<span style=\"font-weight: bold;\">Why is mobile security important?</span>\r\nMobile security is very important since our mobile device is now our primary computing device. On average, users spend more than 5 hours each day on a mobile device conducting company and personal business. The shift in device usage habits has also moved the prime target for hackers from PCs to our mobile devices. Since mobile devices are now a prime target, we need to secure them and arm them with threat detection and malware protection just like PCs. Smartphones are able to circumvent traditional security controls, and typically represent a massive blind spot for IT and security teams. Hackers know this, which no doubt contributed to the number of smartphone attacks recorded between January and July 2016. The number of attacks nearly doubled compared to the last six months of 2015. During that same time period, smartphones accounted for 78% of all mobile network infections.\r\n<span style=\"font-weight: bold;\">Which mobile security is best for enterprises?</span>\r\nThere are a number of mobile security solutions available on the market, but identifying which mobile security is best for enterprises entails using specific criteria. As is often the case, solutions designed for consumers and end-users may not be as robust, full-featured, reliable and scalable as solutions designed specifically for the enterprise. In particular, mobile security solutions that are suitable for enterprise use should include scalability, autonomous functionality, machine learning, on-device operation, and protection from zero-day threats. Enterprises also need to consider flexible deployment models to take advantage of existing infrastructure or cloud computing environments.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Mobile_Enterprise_Security.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":824,"title":"ATP - Advanced Threat Protection","alias":"atp-advanced-threat-protection","description":" Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.\r\nThe primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.\r\nAdvanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.\r\nEnterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.","materialsDescription":" <span style=\"font-weight: bold;\">How Advanced Threat Protection Works?</span>\r\nThere are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:\r\n<ul><li><span style=\"font-weight: bold;\">Real-time visibility</span> – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.</li><li><span style=\"font-weight: bold;\">Context</span> – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.</li><li><span style=\"font-weight: bold;\">Data awareness</span> – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.</li></ul>\r\nWhen a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:\r\n<ul><li>Halting attacks in progress or mitigating threats before they breach systems</li><li>Disrupting activity in progress or countering actions that have already occurred as a result of a breach</li><li>Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-ATP.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4613,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Prevalent_Inc..png","logo":true,"scheme":false,"title":"Prevalent Third-Party Risk Management Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"prevalent-third-party-risk-management-platform","companyTitle":"Prevalent","companyTypes":["supplier","vendor"],"companyId":7005,"companyAlias":"prevalent","description":"With cyber attacks originating from third parties on the rise, and privacy concerns driving new regulations, it’s critical to ensure that your suppliers can securely manage sensitive systems and data. However, manually collecting, maintaining and analyzing risk status is inefficient, error-prone and costly. \r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Simplify,Automate,Scale.</span></p>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">The only purpose-built, unified platform for third-party risk management </span></p>\r\nDelivered in the simplicity of the cloud, the Prevalent Third-Party Risk Management platform combines automated, standardized vendor assessments with continuous threat monitoring, assessment workflow, and remediation management across the entire vendor life cycle. \r\nThe solution is backed by expert advisory, consulting and managed services to help you optimize and mature your vendor risk management program.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Assess</span></p>\r\n<ul><li>Measure compliance with data security and privacy requirements via automated assessment, review, analysis, remediation and reporting.</li><li>Leverage 50+ templates or build custom surveys</li><li>Automate the end-to-end assessment process and alleviate tedious manual labor</li><li>Assess vendor compliance with ISO 27001, NIST, GDPR, CoBiT 5, SSAE 18, SIG, SIG Lite, SOX, NYDFS, and other regulations and frameworks</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Monitor</span></p>\r\n<ul><li>Gain an outside-in view of risk with continuous cyber and business monitoring, notification of critical issues, and remediation guidance.</li><li>Combine vulnerability scanning with external threat intelligence to uncover IP threats, phishing events, and data breaches</li><li>Identify operational, financial, legal, and brand risks with OSINT business intelligence</li><li>Integrate outside-in scoring with inside-out assessment for a complete view of risk</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Share</span></p>\r\n<ul><li>Access shared libraries of pre-submitted, standardized assessments to quickly check risk scores and augment 1:1 assessment activities.</li><li>Prevalent Exchange: cross-industry vendor data</li><li>Legal Vendor Network™:the industry standard used by 50%+ of top U.S. law firms</li><li>Healthcare Vendor Network™:exclusive partner to H-ISAC Shared Services</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Key Benefits</span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">Visibility<br /></span></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">Gain a 360-degree view </span></span></p>\r\n<p class=\"align-left\">Identify IT and business exposures with inside-out assessment and outside-in monitoring, eliminating coverage gaps and informing risk-based decision making.</p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Efficiency<br /></span></span></p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Streamline TPRM & reduce costs</span></span></p>\r\n<p class=\"align-left\">Speed assessments and remediation with bi-directional workflow, document/evidence and task management. Equip vendors with dashboards for managing and addressing risks.</p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale<br /></span></span></p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Expand and mature your program</span></span></p>\r\n<p class=\"align-left\">Prevalent’s Risk Operations Center (ROC) and Professional Services teams will partner with you to rapidly implement, scale and customize your end-to-end TPRM program.</p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reporting<br /></span></span></p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Tailor risk insights & trends</span></span></p>\r\n<p class=\"align-left\">Generate detailed vendor risk registers, compliance mapping reports, remediation guidance and executive overviews. Review full audit trails and drill down to specific controls and risks</p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Remediation<br /></span></span></p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Utilize actionable guidance</span></span></p>\r\n<p class=\"align-left\">Categorize vendors by risk level and importance to the business. Share remediation recommendations and implement fixes, with full audit trails for all communications</p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Compliance<br /></span></span></p>\r\n<p class=\"align-left\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Address assessment and monitoring requirements</span></span></p>\r\n<p class=\"align-left\">Comply with GDPR, HIPAA, NIST SP 800 & CSF, ISO 27001/ 27002/27018, EBA Guidelines, FCA FG 16/5, FFIEC IT Exam Handbook, NY DFS 23 NYCRR 500, OCC Bulletins and more<br /><br /></p>","shortDescription":"Prevalent simplifies and speeds compliance and risk reduction with a unified, automated Third-Party Risk Management (TPRM) platform\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Prevalent Third-Party Risk Management Platform","keywords":"","description":"With cyber attacks originating from third parties on the rise, and privacy concerns driving new regulations, it’s critical to ensure that your suppliers can securely manage sensitive systems and data. However, manually collecting, maintaining and analyzing ris","og:title":"Prevalent Third-Party Risk Management Platform","og:description":"With cyber attacks originating from third parties on the rise, and privacy concerns driving new regulations, it’s critical to ensure that your suppliers can securely manage sensitive systems and data. However, manually collecting, maintaining and analyzing ris","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Prevalent_Inc..png"},"eventUrl":"","translationId":4614,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"},{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li> Lower costs for IT operations</li><li> Higher returns on IT investments</li><li> Minimal service outages</li><li> Ability to establish well-defined, repeatable, and manageable IT processes</li><li> Efficient analysis of IT problems to reduce repeat incidents</li><li> Improved efficiency of IT help desk teams</li><li> Well-defined roles and responsibilities</li><li> Clear expectations on service levels and service availability</li><li> Risk-free implementation of IT changes</li><li> Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the "needs" primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":50,"title":"IPC - Information Protection and Control","alias":"ipc-information-protection-and-control","description":"Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information. For example, removing a hard drive from a personal computer, an insider will not be able to read the information on it. This allows you to prevent the compromise of confidential data even in the event of loss, theft or seizure (for example, when organizing operational events by special services specialists, unscrupulous competitors or raiders).\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":"<span style=\"font-weight: bold; \">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold; \">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold; \">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold; \">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/IPC_-_Information_Protection_and_Control.png"},{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as "the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents".\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>"Catch-it-as-you-can" – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>"Stop, look and listen" – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":836,"title":"DRP - Digital Risk Protection","alias":"drp-digital-risk-protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3847,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/WT-500_1.JPG","logo":true,"scheme":false,"title":"Waterfall Unidirectional CloudConnect","vendorVerified":0,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":0,"alias":"waterfall-unidirectional-cloudconnect","companyTitle":"Waterfall Security Solutions","companyTypes":["supplier","vendor"],"companyId":5242,"companyAlias":"waterfall-security-solutions","description":"The Industrial Internet of Things (IIoT) promises revolutionary improvements in the efficiencies of industrial operations, manufacturing platforms, transportation systems, and utilities. However, these benefits require the massive deployment of connected devices that gather and communicate data, thereby increasing cyber-security attack surfaces dramatically, and opening paths for attackers to enter industrial networks\r\nThe answer for all of your IIoT cybersecurity needs is the Unidirectional CloudConnect. The CloudConnect acts as an Industrial IoT gateway, collecting data from industrial sources such as historians, industrial control systems, OPC serves and industrial devices then coverting that data into a unified, cloud-friendly format, such as GE WebSockets, Azure IoT and SOAP Web Services. The CloudConnect then transmits the unified data securely out of the site and publishes into the industrial cloud. Unidirectional Gateway technology embedded in the CloudConnect ensures seamless connectivity with both industrial and cloud systems, and provides absolute protection from cloud-based threats.\r\nWaterfall’s Unidirectional CloudConnect offers the highest level of IIoT cyber security, enabling data flow from industrial networks, directly into Internet-based and other cloud solutions, while preventing remote attacks from penetrating critical industrial networks.<br /><br /><span style=\"font-weight: bold;\">MAIN FEATURES</span>\r\nINDUSTRIAL CONNECTIVITY<br />Enables IT and outsourced SIEM, SOC, NOC & security monitoring solutions\r\nSAFE OT/CLOUD INTEGRATION<br />Physically prevents Cloud/Internetbased attacks from infecting the protected network\r\nSEAMLESS INTEROPERABILITY<br />Supports 100+ industrial protocols & applications; from legacy systems to cloud-based platforms\r\nINDUSTRIAL CLOUD<br />Enables big-data, cross-site, and crossapplication analysis and correlations<br /><br />The Unidirectional Cloud-Connect is a secure cloud gateway containing unidirectional technology consisting of both hardware and software components. The gateway hardware can transmit information from a control system network to an external network, but is physically incapable of propagating any cyber attack at all back into the protected network.","shortDescription":"The Unidirectional Cloud-Connect is a secure cloud gateway containing unidirectional technology consisting of both hardware and software components.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Waterfall Unidirectional CloudConnect","keywords":"","description":"The Industrial Internet of Things (IIoT) promises revolutionary improvements in the efficiencies of industrial operations, manufacturing platforms, transportation systems, and utilities. However, these benefits require the massive deployment of connected devic","og:title":"Waterfall Unidirectional CloudConnect","og:description":"The Industrial Internet of Things (IIoT) promises revolutionary improvements in the efficiencies of industrial operations, manufacturing platforms, transportation systems, and utilities. However, these benefits require the massive deployment of connected devic","og:image":"https://old.roi4cio.com/fileadmin/user_upload/WT-500_1.JPG"},"eventUrl":"","translationId":3848,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":461,"title":"Data Diode","alias":"data-diode","description":"A unidirectional network (also referred to as a unidirectional gateway or data diode) is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high-security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of Industrial IoT and Digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety-critical systems like railway networks.<br />After years of development, the use of data diodes has increased, creating two variations:\r\n<ul><li>Data Diode: more often used to refer to the simple hardware version that physically enforces data to flow in only one direction.</li><li>Unidirectional Gateway: Used to describe a more sophisticated device that typically has a computer on both its critical and open side. Unidirectional gateways are a combination of hardware and software. The hardware (data diode) permits data to flow from one network to another but is physically unable to send any information at all back into the source network. The software replicates databases and emulates protocol servers and devices, enabling compatibility with existing network protocols, allowing organizations to gain their benefits without changes to their existing systems.</li></ul>\r\nOnce only commonly found in high-security military environments, unidirectional gateways are now becoming widely spread in sectors like Oil & Gas, water/wastewater, airplanes (between flight control units and in-flight entertainment systems), manufacturing and cloud connectivity for Industrial IoT primarily as a result of new regulations, increased demand and big industrial powerhouses. These industries/sectors and betting on this technology, which has had the effect of lowering the technology's core cost.","materialsDescription":"<span style=\"font-weight: bold;\">What Is Data Diode Technology & How Does It Work?</span>\r\nToday's business environment is increasingly digital and more vulnerable than ever to a cyber attack. Because of this, various network security technologies have been developed to protect organizational data and infrastructures. One of the most effective of these modern technologies is the data diode. Although it is one of the most effective network security tools available, you may not have heard of this technology and know little of what it does. Below, you'll find a description of what data diode technology is and how it works.\r\n<span style=\"font-weight: bold;\">What Is Data Diode Technology?</span>\r\nA data diode is a communication device that enables the safe, one-way transfer of data between segmented networks. Intelligent data diode design maintains physical and electrical separation of source and destination networks, establishing a non-routable, completely closed one-way data transfer protocol between networks. Intelligent data diodes effectively eliminate external points of entry to the sending system, preventing intruders and contagious elements from infiltrating the network. Securing all of a network’s data outflow with data diodes makes it impossible for an insecure or hostile network to pass along malware, access your system, or accidentally make harmful changes.\r\nData diodes allow companies to send process data in real time to information management systems for use in financial, customer service, and management decisions — without compromising the security of your network. This protects valuable information and network infrastructure from theft, destruction, tampering, and human error, mitigating the potential loss of thousands of dollars and countless hours of work.\r\n<span style=\"font-weight: bold;\">How Does Data Diode Technology Work?</span>\r\nA "diode" is an electronic component that only allows current to flow in one direction. Similarly, data diode technology lets information flow safely in only one direction, from secure areas to less secure systems, without permitting reverse access. A data diode also creates a physical barrier or “air gap” between the two points. This one-way connection prevents data leakage, eliminates the threat of malware, and fully protects the process control network. Moreover, a single data diode can handle data transfers from multiple servers or devices simultaneously, without bottlenecking.\r\n<span style=\"font-weight: bold;\">Where is it used?</span>\r\nIt’s typically used to guarantee information security or protection of critical digital systems, such as industrial control systems, from cyber attacks. While the use of these devices is common in high-security environments such as defense, where they serve as connections between two or more networks of differing security classifications, the technology is also being used to enforce one-way communications outbound from critical digital systems to untrusted networks connected to the Internet.\r\nThe physical nature of unidirectional networks only allows data to pass from one side of a network connection to another, and not the other way around. This can be from the "low side" or untrusted network to the "high side" or trusted network or vice versa. In the first case, data in the high side network is kept confidential and users retain access to data from the low side. Such functionality can be attractive if sensitive data is stored on a network which requires connectivity with the Internet: the high side can receive Internet data from the low side, but no data on the high side is accessible to Internet-based intrusion. In the second case, a safety-critical physical system can be made accessible for online monitoring, yet be insulated from all Internet-based attacks that might seek to cause physical damage. In both cases, the connection remains unidirectional even if both the low and the high network are compromised, as the security guarantees are physical in nature.\r\nThere are two general models for using unidirectional network connections. In the classical model, the purpose of the data diode is to prevent the export of classified data from a secure machine while allowing the import of data from an insecure machine. In the alternative model, the diode is used to allow export of data from a protected machine while preventing attacks on that machine.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Diode.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4871,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/GE_Digital_Logo.png","logo":true,"scheme":false,"title":"GE Digital Predix Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"ge-digital-predix-platform","companyTitle":"GE Digital","companyTypes":["vendor"],"companyId":7393,"companyAlias":"ge-digital","description":"<span style=\"font-weight: bold;\">What is Predix Platform?</span>\r\n\r\n<span style=\"font-weight: bold;\">Built for industry</span>\r\nPredix Platform is the place where industry runs. As a scalable, asset-centric data foundation, it is a comprehensive and secure application platform that can run, scale, and extend digital industrial solutions.\r\n<span style=\"font-weight: bold;\">Leading IIoT capabilities</span>\r\nThe platform delivers shared capabilities that industrial applications require: asset connectivity, edge technologies, analytics and machine learning, big data processing, and asset-centric digital twins.\r\n<span style=\"font-weight: bold;\">Build once, deploy anywhere</span>\r\nDesigned as a distributed application platform, Predix Platform is optimized for high volume, low latency, and integration-intensive data management and analytics-driven outcomes.\r\n\r\n<span style=\"font-weight: bold;\">Drive results with Predix Platform</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Predix Edge</span></span>\r\nIndustrial IoT needs are driving a rapid evolution in edge computing. Predix Edge simplifies data collection and data forwarding while supporting any computing need. With powerful connectivity and management capabilities, support for container-based apps and analytics, and scalable deployment options, Predix Edge can securely handle advanced analytics and data processing from the plant floor to the data center.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Predix Cloud</span></span>\r\nPredix Cloud provides the scalable big data processing, rich analytics, and a full range of application services that support the most demanding industrial solutions. Whether you use the built-in user console for monitoring and event management, develop and run your own apps and analytics, or leverage GE Digital-built applications, Predix Cloud provides the secure foundation for your company’s digital transformation.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Predix Private Cloud</span></span>\r\nPredix Private Cloud provides the core set of Predix Cloud services-as-a-software solution that is designed to be deployed directly in a customer's data center or the preferred location. Predix Private Cloud meets stringent customer requirements for security, regulatory compliance, and data sovereignty while offering the key functionality, application and analytics support, and scalability of Predix Cloud.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Predix Essentials</span></span>\r\nPredix Essentials is a complete solution for industrial monitoring and event management. Predix Essentials brings you the power of the Predix Platform, with asset connectivity, edge-to-cloud data processing and a feature-rich user console—packaged and pre-configured for rapid results. No development required. With Predix Essentials, you can connect to assets and IT/OT data, monitor conditions and analyze alerts, and manage incidents through resolution.\r\n\r\n<span style=\"font-weight: bold;\">Capabilities delivered by Predix Platform</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Visualization, analysis, and applications</span></span>\r\nA built-in user console provides IoT visibility and event management without the need to develop custom software or applications. Rich integrated capabilities and workflow enable users to monitor industrial data and assets, analyze anomalies and alerts, and manage cases through resolution using a unified work environment. You can even extend or customize the Essentials user experience using a rich set of APIs.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Analytics and machine learning</span></span>\r\nAnalytics for anomaly detection, predictive maintenance, prescriptive controls, and more are the catalyst for truly impactful IIoT benefits. Predix Platform provides a rich analytics library and framework to create or import machine learning analytics, while the Predix industrial data fabric supports the latest in advanced, scalable technology to support the most demanding analytics workloads.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Asset-centric digital twins</span></span>\r\nOperational excellence requires a single source of truth about each asset (machine), a fleet of assets, or a collection of assets that deliver production-level outcomes. At its core, Predix Platform is asset-centric. Digital twins codify this information to reflect past conditions, current conditions, and future predictions on those assets. Applications leverage this to deliver maintenance and equipment health, predictive maintenance, and operations optimization.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Predix Platform Security</span></span>\r\nAt the moment that data leaves an asset, ensuring its availability, validity, and integrity is of primary concern. Predix Platform is secure by design. Built with defense-in-depth across every layer, and continuously monitored, Predix Platform security addresses the security of the platform itself, the applications it powers, the software development process, and the security of data that flows through the platform. Predix Platform provides capabilities such as two-party encryption and supports the end-to-end chain of custody reporting for code and data.","shortDescription":"Connect, optimize, and scale your digital industrial applications.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":6,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"GE Digital Predix Platform","keywords":"","description":"<span style=\"font-weight: bold;\">What is Predix Platform?</span>\r\n\r\n<span style=\"font-weight: bold;\">Built for industry</span>\r\nPredix Platform is the place where industry runs. As a scalable, asset-centric data foundation, it is a comprehensive and secure app","og:title":"GE Digital Predix Platform","og:description":"<span style=\"font-weight: bold;\">What is Predix Platform?</span>\r\n\r\n<span style=\"font-weight: bold;\">Built for industry</span>\r\nPredix Platform is the place where industry runs. As a scalable, asset-centric data foundation, it is a comprehensive and secure app","og:image":"https://old.roi4cio.com/fileadmin/user_upload/GE_Digital_Logo.png"},"eventUrl":"","translationId":4872,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":5640,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/MSi_Mission_Secure.jpg","logo":true,"scheme":false,"title":"MSi Risk Assessment","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"msi-risk-assessment","companyTitle":"MSi Mission Secure","companyTypes":["vendor"],"companyId":7395,"companyAlias":"msi-mission-secure","description":"<p class=\"align-center\"><b>Partner with IT, OT, cybersecurity and industrial experts </b></p>\r\nComprised of industrial control system (ICS), operational technology (OT), and cyber experts, the MSi team works with our clients to understand and analyze the state of cybersecurity in their current operational technology (OT) environments. We combine our proprietary OT network analysis technology with our deep experience in cyber and ICS methods for attacking control systems to complement standards-based methodologies, including:\r\n<ul> <li>Department of Homeland Security's (DHS) Improving ICS Cybersecurity with Defense-in-Depth Strategies </li> <li>NIST's ICS Cybersecurity Risk Framework </li> <li>Sandia National Laboratories' Information Design and Assurance Red Team (IDART)™ </li> <li>Industry-specific standards (e.g., ISA/IEC 62443) </li> </ul>\r\n<p class=\"align-center\"><b>Experience the MSi Difference: Our Approach </b></p>\r\n<b>Assess</b>\r\nAssess control systems and operational technology (OT) networks to identify the greatest cyber risks.\r\n<b>Design</b>\r\nPrioritize and design optimal cybersecurity defenses to mitigate cyber risks and vulnerabilities.\r\n<b>Protect</b>\r\nProtect, manage, and maintain control systems and operations before, during, and after a cyber incident. ","shortDescription":"Understand & Mitigate Control System & OT Cyber Risks\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":16,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"MSi Risk Assessment","keywords":"","description":"<p class=\"align-center\"><b>Partner with IT, OT, cybersecurity and industrial experts </b></p>\r\nComprised of industrial control system (ICS), operational technology (OT), and cyber experts, the MSi team works with our clients to understand and analyze the state","og:title":"MSi Risk Assessment","og:description":"<p class=\"align-center\"><b>Partner with IT, OT, cybersecurity and industrial experts </b></p>\r\nComprised of industrial control system (ICS), operational technology (OT), and cyber experts, the MSi team works with our clients to understand and analyze the state","og:image":"https://old.roi4cio.com/fileadmin/user_upload/MSi_Mission_Secure.jpg"},"eventUrl":"","translationId":5639,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":538,"title":"Services","alias":"services","description":" Service - any activity or work that one party can offer the other, characterized by the absence of the proposed material tangibility of such activities and not expressed in possession of something.\r\nA service from the point of view of marketing is a sale object in the form of an artist’s action, bringing benefits to the consumer or a useful result. In the process of providing services, a new, previously non-existent material product is not created, but the quality of an existing, created product changes. These are goods provided not in the form of commodities or exchange, but in the form of activities. The very provision of services creates the desired result for the consumer.\r\nServices have four main characteristics that significantly affect the development of marketing programs:\r\n<ul><li>intangibility - it is impossible to demonstrate, see, try, transport, store, pack or study. All this is possible only in relation to the final result (it was - it became);</li><li>inseparability - a service can be provided only when an order arrives or a client appears, i.e. services are provided and consumed simultaneously;</li><li>variability (non-standardization) - customers are direct participants in the service process and affect its final result;</li><li>impossibility of storage - unlike tangible goods, they cannot be made for future use.</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">What are the types of services?</span>\r\nThe provision (provision) of services may include, for example, the following:\r\n<ul><li>activities carried out on material products supplied by the consumer (for example, repair of a faulty car);</li><li>activities carried out on intangible products supplied by the consumer (for example, preparing a statement of income required to determine the amount of tax);</li><li>the provision of intangible products (for example, information in the sense of knowledge transfer);</li><li>creating favorable conditions for consumers (for example, in hotels and restaurants).</li></ul>\r\nThe services provided to the population, by appointment, are divided into material and socio-cultural:\r\n<ul><li>Material service - a service to satisfy the material and domestic needs of a consumer of services. It provides restoration (change, preservation) of consumer properties of products or the manufacture of new products by orders of citizens, as well as the movement of goods and people, the creation of conditions for consumption. In particular, material services may include household services related to the repair and manufacture of products, housing and communal services, catering services, transportation services, etc.</li><li>Socio-cultural service (intangible service) - a service to satisfy spiritual, intellectual needs and the maintenance of normal consumer life. Provides maintenance and restoration of health, spiritual and physical development of the individual, increasing professional skills. Social and cultural services cannot include medical care and compulsory educational process.</li></ul>\r\nServices can be: private or commercial, voluntary or forced, paid or free, instant or long-term, mutual and anonymous, public, etc.\r\nThe generalizing category, which includes all types of commercial and non-commercial services and is part of the economy, is the service sector.\r\n<span style=\"font-weight: bold;\">Service Examples</span>\r\nRealtor services - services of a realtor, real estate agent, aimed at satisfying the needs of the client when performing operations to manage real estate, as well as creating additional benefits for the client when carrying out operations with real estate (additional income or an additional increase in the value of real estate both in the short and long term), the receipt of which would be impossible without the participation of a realtor (real estate agent) and the use of special professional tools and skills. At the same time, the effectiveness of the realtor (real estate agent) is estimated by the value of the benefit received by the client, and his remuneration is only part of it.\r\nLegal services - the services of a lawyer and attorney in many cases are vital, therefore, the choice of performers for their provision should be with particular seriousness and responsibility. The main areas of lawyer and advocate services:\r\n<ul><li>Comprehensive legal services for organizations of various forms of ownership;</li><li>Arbitration - representing the interests of organizations in arbitration courts;</li><li>Representation of interests of companies in courts of various instances;</li><li>Professional legal support of transactions and contracts of organizations;</li><li>Services to legal entities related to bankruptcy of enterprises;</li><li>Services of professional lawyers in returning and collecting debts;</li><li>Representation of interests of organizations in the event of tax disputes;</li><li>Processes related to registration of the inheritance;</li><li>Services of a professional lawyer in the event of a traffic accident (Legal assistance in road accidents);</li><li>Services of a lawyer and advocate in the event of housing disputes;</li><li>Family lawyer services;</li><li>Providing the services of a lawyer and criminal lawyer;</li><li>Ensuring consumer protection.</li></ul>\r\nAccounting services are necessary for both newly opened companies and existing structures that need to establish an accounting service or monitor the work of a full-time accountant. Accounting services are also relevant in the case of business expansion, as new employees appear in the company, salaries are revised, and associated costs arise. Professional accounting services are the foundation of successful business activities, ensuring the prosperity of the business due to the precise control of all financial resources of the company.\r\nPsychological assistance services.\r\nIT-services (IT-services, IT-services; including IT-consulting) - services related to assisting in the development of computer literacy of users, training them in new software products. The list of services also includes services for installation, updating and maintenance of software products and computer equipment.\r\nInformation Services.\r\nand etc.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Services.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4873,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Honeywell_Logo.png","logo":true,"scheme":false,"title":"Honeywell Forge Cybersecurity Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"honeywell-forge-cybersecurity-platform","companyTitle":"Honeywell","companyTypes":["vendor"],"companyId":7394,"companyAlias":"honeywell","description":"<span style=\"font-weight: bold;\">Sneaking in Cyber Threats</span>\r\nSeemingly innocent-looking flash drives are convenient — for attackers.\r\n<span style=\"font-weight: bold;\">Your Connections Are Safe and Sound</span>\r\nAs fast as industrial devices are connecting to each other and the cloud, we're developing software that helps you identify and act on cyber-related incidents, all in one place. You can see—and reduce—security risks, to keep operations running undisturbed.\r\n\r\n<span style=\"text-decoration: underline;\"><span style=\"font-weight: bold;\">Security Informed by Understanding Your Industry</span></span>\r\n<span style=\"font-weight: bold;\">Domain Expertise</span>\r\n<span style=\"font-style: italic;\">From Agritech to Utilities</span>\r\nWe've worked closely with businesses like yours for decades. Our 250+ cybersecurity experts and our unique threat research will help you navigate the constantly changing security landscape.\r\n<span style=\"font-weight: bold;\">Innovation</span>\r\n<span style=\"font-style: italic;\">IIoT Threats Never Sleep</span>\r\nOne thing is for sure: Connectivity will grow exponentially. Our software scales and simplifies your security – while it continuously protects.\r\n<span style=\"font-weight: bold;\">Partnership</span>\r\n<span style=\"font-style: italic;\">Support Any Time, Everywhere</span>\r\nThere is no one-and-done in 360-degree cyber protection. As new needs emerge, we'll provide global resources around the clock to protect your organization.","shortDescription":"Continuous threat intelligence. No disruption of services. Emerging risks detected before they spell disaster. Honeywell Forge offers cybersecurity from enterprise to endpoints.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":20,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Honeywell Forge Cybersecurity Platform","keywords":"","description":"<span style=\"font-weight: bold;\">Sneaking in Cyber Threats</span>\r\nSeemingly innocent-looking flash drives are convenient — for attackers.\r\n<span style=\"font-weight: bold;\">Your Connections Are Safe and Sound</span>\r\nAs fast as industrial devices are connectin","og:title":"Honeywell Forge Cybersecurity Platform","og:description":"<span style=\"font-weight: bold;\">Sneaking in Cyber Threats</span>\r\nSeemingly innocent-looking flash drives are convenient — for attackers.\r\n<span style=\"font-weight: bold;\">Your Connections Are Safe and Sound</span>\r\nAs fast as industrial devices are connectin","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Honeywell_Logo.png"},"eventUrl":"","translationId":4874,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4363,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Sensato-NIGHTINGALE.png","logo":true,"scheme":false,"title":"Sensato Nightingale","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"sensatoi-nightingale","companyTitle":"Sensato Cybersecurity Solutions","companyTypes":["supplier","vendor"],"companyId":6755,"companyAlias":"sensato-cybersecurity-solutions","description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The Nightingale Difference</span></span></p>\r\n\r\n<span style=\"font-weight: bold;\">Early Detection. Sensato-Nightingale can detect a breach within a couple days. When you're being attacked, every second counts.</span>\r\nAttackers have gotten very good at bypassing intrusion detection, anti-virus, firewalls, and even the latest machine learning-based intrusion prevention systems. Sensato-Nightingale alerts you to a breach and gives you a fighting chance to contain the intrusion and mitigate damage.\r\nImmediately upon being reconned by an attacker, Sensato-Nightingale signals its Nest Command Center and issues SMS and email alerts. If desired, it can also be connected to the Sensato Cybersecurity Tactical Operations Center for enhanced monitoring and incident response.\r\n\r\n<span style=\"font-weight: bold;\">Forensic Collection. Sensato-Nightingale empowers your incident response team to stop guessing and start responding. On average, an attacker will exploit your network for close to a year without detection.</span>\r\nWhen an attacker is detected, Nightingale can automatically launch its Sentinel technology to begin monitoring, tracking, and reporting on the attacker's activities across your network and enterprise.\r\nSensato-Nightingale is an amazingly powerful resource for forensic analysis. \r\n\r\n<span style=\"font-weight: bold;\">Fight Back! Speed, and invoking counter-measures, can be the crucial difference between an inconvenience or being tomorrow's headline.</span>\r\nNightingale is one of the first tools on the market that provides automated countermeasures to help you fight back.<br />This unique capability is extremely powerful; further details are only discussed under a mutual non-disclosure agreement.\r\n\r\n<span style=\"font-weight: bold;\">Cybersecurity inspired by the Samurai. "Nightingale floors" were floors designed to protect the Samurai. They made a chirping sound when walked upon.</span>\r\nThe Samurai knew that despite all their defenses, their advanced training and resources, it was only a matter of time before enemies would break in. They realized their only hope of survival was to detect the assassin as early as possible.\r\nThese nightingale floors were used as a security device, assuring that no one could sneak through the corridors undetected.\r\nThe ingenious design has multiple advantages: Like the would-be assassin, it’s sneaky. It looks like an ordinary floor, but it’s constructed so that the nails rub against a jacket or clamp as someone walks over the floorboards, causing a chirping noise like a nightingale bird.\r\nThe result is an alarm system the intruder cannot detect until it’s too late. The nightingale floor not only sounds the alarm when an intruder enters, but it also pinpoints the intruder’s location.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">It’s time for your own nightingale floor.<br />Sensato-Nightingale.</span><br /><br /><br /></p>","shortDescription":"An integrated cyber security platform combining detection, monitoring, incident response, deception technology, forensics, countermeasures. Designed to help you fight back. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Sensato Nightingale","keywords":"","description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The Nightingale Difference</span></span></p>\r\n\r\n<span style=\"font-weight: bold;\">Early Detection. Sensato-Nightingale can detect a breach within a couple days. When you'","og:title":"Sensato Nightingale","og:description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The Nightingale Difference</span></span></p>\r\n\r\n<span style=\"font-weight: bold;\">Early Detection. Sensato-Nightingale can detect a breach within a couple days. When you'","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Sensato-NIGHTINGALE.png"},"eventUrl":"","translationId":4364,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3856,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Pwnie_Express.png","logo":true,"scheme":false,"title":"Pwnie Express Pwn Pulse","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"pwnie-express-pwn-pulse","companyTitle":"Pwnie Express","companyTypes":["vendor"],"companyId":5311,"companyAlias":"pwnie-express","description":"<b><i>Identify Surrounding Devices </i></b>\r\nPwn Pulse discovers, inventories, and classifies all IT and IoT devices, building a comprehensive identity for each device. Device discovery and classification is performed on a continual basis, without the need for agents or network changes. \r\n<b>DISCOVER & INVENTORY ALL DEVICES </b>\r\nDiscover all IT and IoT devices — wired, wireless, and Bluetooth — on the network and in the surrounding airspace. \r\n<b>CAPTURE DEVICE SNAPSHOTS </b>\r\nAutomatically create comprehensive fingerprints of devices consisting of manufacturer, vendor, ports, services, and associated networks. \r\n<b>ESTABLISH DEVICE IDENTITIES </b>\r\nCorrelate interfaces, analyze snapshots, and evaluate device relationships to create individual device identities and track their behavior and changes. \r\n<b><i>Assess Potential Security Threats </i></b>\r\nPwn Pulse continually monitors the behavior of devices and associated systems for indicators of compromise or sabotage, then creates actionable intelligence for threats and risks. \r\n<b>SYSTEM RELATIONSHIPS </b>\r\nGroup devices into systems based on relationships, device behavior, and business role. \r\n<b>BEHAVORIAL MONITORING </b>\r\nContinually monitor IoT devices and systems for changes in behavior and configuration. \r\n<b>IOT THREAT INTELLIGENCE </b>\r\nDetect threats and risks and gain the actionable intelligence required to address them. \r\n<b><i>Respond with Pulse </i></b>\r\nRespond directly from Pulse to neutralize IoT device threats, or share intelligence with existing security solutions to take actions. Pulse provides the intelligence and directed response options you need to protect your critical systems. \r\n<b>DIRECTED RESPONSE </b>\r\nSelect the appropriate response to address identified IoT threats directly from Pulse. \r\n<b>SHAREABLE INTELLIGENCE </b>\r\nEnhance existing security solutions by sharing IoT threat intelligence with the rest of your security stack. \r\n<b>DETAILED DEVICE FORENSICS </b>\r\nRecreate incident conditions with detailed forensics for every device seen. \r\n<b><i>24/7 Monitoring and Support </i></b>\r\n<ul> <li><b>Customer Support.</b> Our dedicated support team is focused on customer success, with continual planning, testing, training, onboarding, and ongoing monitoring services to help maximize your investment. </li> <li><b>Operational Support.</b> Our world-class operations support team is committed to your long-term success with constant, 24/7 monitoring of the Pwn Pulse Platform. </li> <li><b>Professional Services.</b> We apply our extensive knowledge as security professionals to your unique environment, from initial assessments to special events, integrations, monitoring, and more. </li> </ul>","shortDescription":"Identify, Assess, and Respond to Devices On and Around Your Network","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":9,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Pwnie Express Pwn Pulse","keywords":"","description":"<b><i>Identify Surrounding Devices </i></b>\r\nPwn Pulse discovers, inventories, and classifies all IT and IoT devices, building a comprehensive identity for each device. Device discovery and classification is performed on a continual basis, without the need for","og:title":"Pwnie Express Pwn Pulse","og:description":"<b><i>Identify Surrounding Devices </i></b>\r\nPwn Pulse discovers, inventories, and classifies all IT and IoT devices, building a comprehensive identity for each device. Device discovery and classification is performed on a continual basis, without the need for","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Pwnie_Express.png"},"eventUrl":"","translationId":3855,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4880,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/MSI_Mission_Secure_Logo.jpg","logo":true,"scheme":false,"title":"MSi Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"msi-platform","companyTitle":"MSi Mission Secure","companyTypes":["vendor"],"companyId":7395,"companyAlias":"msi-mission-secure","description":"Unique in an emerging market, the patented MSi Platform 4.0 is a software-hardware ICS cybersecurity solution purpose-built for the operational technology (OT) environment. With the MSi Platform, companies gain comprehensive network visibility, asset discovery, network mapping, segmentation and controller protection, plus Level 0 visibility and protection on a single platform. On-premise or hosted in the MSi cloud, with 24/7/365 monitoring, the MSi Platform 4.0 makes OT cybersecurity simple, even for the non-IT professional.\r\nThe patented MSi Platform—comprised of the MSi Console, MSi IDS, MSi 1 and MSi Sentinel—takes plant, ship, production platform and control system security to an unparalleled level with six points of action and awareness.\r\n<span style=\"font-weight: bold;\">PROTECT</span>\r\nRestrict unauthorized access and block malware and ransomware from reaching important controllers and Level 1 devices.\r\n<span style=\"font-weight: bold;\">MONITOR</span>\r\nContinuously monitor network IP levels, alongside digital and analog signals with our secure, multi-layered system.\r\n<span style=\"font-weight: bold;\">DETECT</span>\r\nGet real-time analysis and automated incident detection.\r\n<span style=\"font-weight: bold;\">INFORM</span>\r\nKeep trusted operators and cybersecurity professionals informed through dedicated communications systems.\r\n<span style=\"font-weight: bold;\">COLLECT</span>\r\nGather system data from digital and analog sensors and actuators, controllers and the OT network for real-time analysis and post-attack forensic purposes.\r\n<span style=\"font-weight: bold;\">CORRECT</span>\r\nCarry out optional automated or operator-guided responses, control system restorations to enable safe operating states and continued production.","shortDescription":"MSi Platform is cybersecurity for industrial control systems.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"MSi Platform","keywords":"","description":"Unique in an emerging market, the patented MSi Platform 4.0 is a software-hardware ICS cybersecurity solution purpose-built for the operational technology (OT) environment. With the MSi Platform, companies gain comprehensive network visibility, asset discovery","og:title":"MSi Platform","og:description":"Unique in an emerging market, the patented MSi Platform 4.0 is a software-hardware ICS cybersecurity solution purpose-built for the operational technology (OT) environment. With the MSi Platform, companies gain comprehensive network visibility, asset discovery","og:image":"https://old.roi4cio.com/fileadmin/user_upload/MSI_Mission_Secure_Logo.jpg"},"eventUrl":"","translationId":4881,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"},{"id":178,"title":"IoT - Internet of Things","alias":"iot-internet-of-things","description":"The Internet of things (IoT) is the extension of Internet connectivity into physical devices and everyday objects. Embedded with electronics, Internet connectivity, and other forms of hardware (such as sensors), these devices can communicate and interact with others over the Internet, and they can be remotely monitored and controlled.\r\nThe definition of the Internet of things has evolved due to the convergence of multiple technologies, real-time analytics, machine learning, commodity sensors, and embedded systems. Traditional fields of embedded systems, wireless sensor networks, control systems, automation (including home and building automation). and others all contribute to enabling the Internet of things. In the consumer market, IoT technology is most synonymous with products pertaining to the concept of the "smart home", covering devices and appliances (such as lighting fixtures, thermostats, home security systems and cameras, and other home appliances) that support one or more common ecosystems, and can be controlled via devices associated with that ecosystem, such as smartphones and smart speakers.\r\nThe IoT concept has faced prominent criticism, especially in regards to privacy and security concerns related to these devices and their intention of pervasive presence.","materialsDescription":"<span style=\"font-weight: bold;\">What is the Internet of Things (IoT)?</span>\r\nThe Internet of things refers to the network of things (physical objects) that can be connected to the Internet to collect and share data without human-to-human or human-to-computer interaction.\r\n<span style=\"font-weight: bold;\">Why is it called the Internet of Things?</span>\r\nThe term Internet of things was coined by Kevin Ashton in 1999. Stemming from Kevin Ashton’s experience with RFID, the term Internet of things originally described the concept of tagging every object in a person’s life with machine-readable codes. This would allow computers to easily manage and inventory all of these things.\r\nThe term IoT today has evolved to a much broader prospect. It now encompasses ubiquitous connectivity, devices, sensors, analytics, machine learning, and many other technologies.\r\n<span style=\"font-weight: bold;\">What is an IoT solution?</span>\r\nAn IoT solution is a combination of devices or other data sources, outfitted with sensors and Internet connected hardware to securely report information back to an IoT platform. This information is often a physical metric which can help users answer a question or solve a specific problem.\r\n<span style=\"font-weight: bold;\">What is an IoT Proof of Concept (PoC)?</span>\r\nThe purpose of a PoC is to experiment with a solution in your environment, collect data, and evaluate performance from a set timeline on a set budget. A PoC is a low-risk way to introduce IoT to an organization.\r\n<span style=\"font-weight: bold;\">What is an IoT cloud platform?</span>\r\nAn IoT platform provides users with one or more of these key elements — visualization tools, data security features, a workflow engine and a custom user interface to utilize the information collected from devices and other data sources in the field. These platforms are based in the cloud and can be accessed from anywhere.\r\n<span style=\"font-weight: bold;\">What is industrial equipment monitoring?</span>\r\nIndustrial equipment monitoring uses a network of connected sensors - either native to a piece of equipment or retrofitted - to inform owners/operators of a machine’s output, component conditions, need for service or impending failure. Industrial equipment monitoring is an IoT solution which can utilize an IoT platform to unify disparate data and enable decision-makers to respond to real-time data.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/IoT_-_Internet_of_Things.png"},{"id":540,"title":"Security Hardware","alias":"security-hardware","description":"Hardware security as a discipline originated out of cryptographic engineering and involves hardware design, access control, secure multi-party computation, secure key storage, ensuring code authenticity and measures to ensure that the supply chain that built the product is secure, among other things.\r\nA hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.\r\nSome providers in this discipline consider that the key difference between hardware security and software security is that hardware security is implemented using "non-Turing-machine" logic (raw combinatorial logic or simple state machines). One approach, referred to as "hardsec", uses FPGAs to implement non-Turing-machine security controls as a way of combining the security of hardware with the flexibility of software.\r\nHardware backdoors are backdoors in hardware. Conceptionally related, a hardware Trojan (HT) is a malicious modification of an electronic system, particularly in the context of an integrated circuit.\r\nA physical unclonable function (PUF) is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict. Further, an individual PUF device must be easy to make but practically impossible to duplicate, even given the exact manufacturing process that produced it. In this respect, it is the hardware analog of a one-way function. The name "physically unclonable function" might be a little misleading as some PUFs are clonable, and most PUFs are noisy and therefore do not achieve the requirements for a function. Today, PUFs are usually implemented in integrated circuits and are typically used in applications with high-security requirements.\r\nMany attacks on sensitive data and resources reported by organizations occur from within the organization itself.","materialsDescription":"<span style=\"font-weight: bold;\">What is hardware information security?</span>\r\nHardware means various types of devices (mechanical, electromechanical, electronic, etc.), which solve information protection problems with hardware. They impede access to information, including through its disguise. The hardware includes: noise generators, surge protectors, scanning radios and many other devices that "block" potential channels of information leakage or allow them to be detected. The advantages of technical means are related to their reliability, independence from subjective factors and high resistance to modification. The weaknesses include a lack of flexibility, relatively large volume and mass and high cost. The hardware for information protection includes the most diverse technical structures in terms of operation, device and capabilities, which ensure the suppression of disclosure, protection against leakage and counteraction to unauthorized access to sources of confidential information.\r\n<span style=\"font-weight: bold;\">Where is the hardware used to protect information?</span>\r\nHardware information protection is used to solve the following problems:\r\n<ul><li>conducting special studies of technical means of ensuring production activity for the presence of possible channels of information leakage;</li><li>identification of information leakage channels at various objects and in premises;</li><li>localization of information leakage channels;</li><li>search and detection of industrial espionage tools;</li><li>countering unauthorized access to confidential information sources and other actions.</li></ul>\r\n<span style=\"font-weight: bold;\">What is the classification of information security hardware?</span>\r\nAccording to the functional purpose, the hardware can be classified into detection tools, search tools and detailed measurements and active and passive countermeasures. At the same time, according to their technical capabilities, information protection tools can be general-purpose, designed for use by non-professionals in order to obtain preliminary (general) estimates, and professional complexes that allow for a thorough search, detection and precision measurement of all the characteristics of industrial espionage equipment. As an example of the former, we can consider a group of IP electromagnetic radiation indicators, which have a wide range of received signals and rather low sensitivity. As a second example - a complex for the detection and direction finding of radio bookmarks, designed to automatically detect and locate radio transmitters, radio microphones, telephone bookmarks and network radio transmitters.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Hardware.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4369,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/siem_monster.jpg","logo":true,"scheme":false,"title":"SIEMonster","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"siemonster","companyTitle":"SIEMonster","companyTypes":["supplier","vendor"],"companyId":6757,"companyAlias":"siemonster","description":"<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">SIEMonster is truly SIEM for everyone, whether you’re a charity, Starter, Enterprise or Managed Security Service Provider company has the range of products that will let you know exactly what’s happening in your network.</span></span>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">What is SIEMonster?</span></p>\r\nSIEMonster is the brainchild of a team of professional hackers with over 20 years’ experience hacking into companies around the world. Using this experience, SIEMonster has built modern security SIEM tools for companies wanting to detect threats and risks to their organization.\r\nIt all began when a global manufacturer detailed their frustrations at the exorbitant licensing costs of commercial SIEM products and asked whether team could build a SIEM to minimize these annual license fees. \r\nSIEMonster now provides SIEM products for Managed Security Providers (MSSP’s) and Security Professionals around the world.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">EDITIONS:</span></p>\r\n<ul><li>COMMUNITY EDITION. The Community Edition is a single server built by the community for the community.</li><li>PROFESSIONAL EDITION. The Professional Edition is a single appliance or Virtual machine, for small business.</li><li>ENTERPRISE EDITION. The SIEMonster Enterprise Edition. Monitor network assets in an affordable scalable solution.</li><li>MSSP EDITION. Want to run your own SOC? run our Multi-Tenant Edition for Managed Security Service Providers.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Human Based Behavior</span></span></p>\r\nEvery user has a behavioral fingerprint – that is, a unique, nuanced way they use their own computer. Behavioral fingerprints can be monitored to detect when something changes and risk increases, when the user just isn’t behaving like they usually do. \r\nSIEMonster behavioral analytics monitors usage and detects non-users sooner, where others still fail. Operating where others continue to fail, SIEMonster can reduce benign positives and set actionable priorities.\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Intelligence</span></span></p>\r\nAs a part of the SIEMonster toolset, Palo Alto MineMeld is a Threat intelligence processing framework that can be used to collect, aggregate and filter indicators from a variety of sources and intelligence feeds. Providing vectors for translation tables in the form of known malicious domains used for Phishing, C&C hosts, TOR endpoints and known compromised hosts. This threat intelligence is then used to identify/detect such hosts contained within incoming security log data.The Palo Alto Minemeld client application has been pre-installed to setup appropriate feeds. You can select both commercial feeds, open source free feeds and law enforcement sources.\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Deep Learning</span></span></p>\r\nAI and subsets Machine & Deep Learning along with Neural Networks – terms often used by Security marketing vendors. The effectiveness of these tools can be limited by integration strategy, widening the gap between what can be considered benign and that which requires immediate action.\r\nSIEMonster strives to close this gap through innovation to not only reduce false positives but apply counteraction and extend automation, reducing the load on the typical SOC analyst.\r\nThe ultimate SIEM tool, SIEMonster is not only affordable and customizable, but becomes the pulse of your organization’s security posture. With the ability to absorb third party endpoint protection data, SIEMonster can perform correlation instantly against other events and data.\r\nApplying real time analysis of SIEMonster event alert streams, Threat Intelligence, Deep Learning combined with Human Based Behavior traits and Honeypot data is a good start. \r\nBy adding active Threat Hunting to the mix along with common IOC recognition and utilizing the Mitre Att&ck™ Framework, accuracy of threat recognition becomes sufficient to kill attacks. \r\nWithout human intervention users can be disabled, IP addresses blocked and assets shut down, effectively removing the threat and reducing the workload of security administrators within the SOC.<br /><br /><br />","shortDescription":"SIEMonster is truly SIEM for everyone, whether you’re a charity, Starter, Enterprise or Managed Security Service Provider. Tools for companies wanting to detect threats and risks to their organization","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":8,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"SIEMonster","keywords":"","description":"<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">SIEMonster is truly SIEM for everyone, whether you’re a charity, Starter, Enterprise or Managed Security Service Provider company has the range of products that will let you know exactly what’s","og:title":"SIEMonster","og:description":"<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">SIEMonster is truly SIEM for everyone, whether you’re a charity, Starter, Enterprise or Managed Security Service Provider company has the range of products that will let you know exactly what’s","og:image":"https://old.roi4cio.com/fileadmin/user_upload/siem_monster.jpg"},"eventUrl":"","translationId":4370,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4625,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/SAIC.png","logo":true,"scheme":false,"title":"SAIC Cybersecurity","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"saic-cybersecurity","companyTitle":"SAIC","companyTypes":["supplier","vendor"],"companyId":7011,"companyAlias":"saic","description":"<p class=\"align-center\"><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Advanced Capabilities That Meet Critical Mission-Assurance Needs.</span></span></p>\r\nToday’s IT users demand reliable digital service delivery at work, at home, or via mobile devices. They also expect their data to be safe and well protected. IT technology advances mean you can shift security to an integrated model where it is built into infrastructure and applications. \r\nSAIC’s advanced cybersecurity solutions combine our cyberspace operations experience with our deep mission understanding to deliver security, assurance, and resilience for your enterprise and workforce against an increasingly complex threat environment.<br />\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \"><span style=\"font-style: italic; \">Benefits</span></span><br /></p>\r\n<p class=\"align-center\">360 ̊ PROTECTION<br /></p>\r\n<p class=\"align-left\">SAIC’strained experts look at your mission, threats, and protective steps you’ve taken to assess the effectiveness of your security program. Team investigate all angles: technology, processes, and people. They identify the gaps that must be filled to protect your sensitive and critical data<br /></p>\r\n<p class=\"align-center\">PEACE OF MIND<br /></p>\r\nSAIC provides the team and tools to fill those gaps in cost-efficient and low-risk ways and perform continuous monitoring for you. Experts ensure compliance with regulatory requirements specific to your organization\r\nSAIC’s experience in supporting national security cyberspace operations gives insights into attack methods and how IT vulnerabilities are exploited. This knowledge gives an “offensive” mindset and underpins approach and proactive capabilities, resulting in continuous service delivery amid a highly contested cyberspace. <br />\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Solution gives:</span><br /></p>\r\n<ul><li>Complete Situational Understanding—Mission-first views of compliance, dependencies, potential avenues of attack, and most effective defensive approaches <br /></li><li>Continuous Assurance—Enterprise security operations are focused on data visibility and protection while it is at rest and in transit<br /></li><li>Security Ops as a Managed Service—Covers all security elements: compliance, infrastructure, operations, and incident response <br /></li><li>“Baked-In” Modernization—Advanced security is integrated into all of our IT modernization projects in application engineering, hosting environments, end user solutions, and infrastructure engineering</li></ul>\r\n\r\n","shortDescription":"Security Ops as a Managed Service—Covers all security elements: compliance, infrastructure, operations, and incident response.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":19,"sellingCount":19,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"SAIC Cybersecurity","keywords":"","description":"<p class=\"align-center\"><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Advanced Capabilities That Meet Critical Mission-Assurance Needs.</span></span></p>\r\nToday’s IT users demand reliable digital service delivery at work, at home, or via","og:title":"SAIC Cybersecurity","og:description":"<p class=\"align-center\"><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Advanced Capabilities That Meet Critical Mission-Assurance Needs.</span></span></p>\r\nToday’s IT users demand reliable digital service delivery at work, at home, or via","og:image":"https://old.roi4cio.com/fileadmin/user_upload/SAIC.png"},"eventUrl":"","translationId":4626,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li> Lower costs for IT operations</li><li> Higher returns on IT investments</li><li> Minimal service outages</li><li> Ability to establish well-defined, repeatable, and manageable IT processes</li><li> Efficient analysis of IT problems to reduce repeat incidents</li><li> Improved efficiency of IT help desk teams</li><li> Well-defined roles and responsibilities</li><li> Clear expectations on service levels and service availability</li><li> Risk-free implementation of IT changes</li><li> Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the "needs" primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as "the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents".\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>"Catch-it-as-you-can" – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>"Stop, look and listen" – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":836,"title":"DRP - Digital Risk Protection","alias":"drp-digital-risk-protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4884,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/MTG_AG.png","logo":true,"scheme":false,"title":"MTG IoT KMS","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"mtg-iot-kms","companyTitle":"MTG AG","companyTypes":["supplier","vendor"],"companyId":5273,"companyAlias":"mtg-ag","description":"Industry standards increasingly demand the use of KMS (e.g. OMS). The European Data Protection Regulation (GDPR) will also have an enormous impact on suppliers of IoT devices. In this context, the GDPR asks for a pseudonymization and encryption of personal data. Violations are subject to high penalties. Affected are, among others, manufacturers of smart meters, heating cost meters, water meters and all other “smart devices” that process personal or sensitive data.\r\nIn the future, each "smart device", handling sensitive personal data, will have to receive one or more individual keys (e.g. AES keys), in order to meet the growing security and data protection requirements. Instead of distributing a few keys across large production series, a large number of individual keys must now be generated, assigned to the individual devices and managed. This faces IoT manufacturers and their customers to new challenges. Without a central KMS, the level of complexity for key management increases with the growing number of individual keys to be managed at different touchpoints from production to operation and delivery to the customer.\r\nMTG´s IoT Key Management System <span style=\"font-weight: bold;\">(MTG IoT KMS)</span> was specially developed for manufacturers of IoT devices, making the management of a large number of individual cryptographic keys in production and at the customer’s site considerably easier.\r\nFor this purpose, the MTG Enterprise KMS was extended by additional modules that support the special requirements of the manufacturers in all processes relating to the management of key material. It enables the manufacturer to generate high-quality keys and to apply them during the production process. The ERP-systems will use the <span style=\"font-weight: bold;\">MTG IoT KMS</span> to import keys from different devices. During the entire production, order and shipment process an effective identification and authentication of millions of devices are possible. A secure handover of the key material when sending the devices to the customer is ensured thanks to an electronic shipment file (eLS).","shortDescription":"MTG IoT KMS was developed for manufacturers of IoT devices, making the management of a large number of individual cryptographic keys in production and at the customer's site considerably easier.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"MTG IoT KMS","keywords":"","description":"Industry standards increasingly demand the use of KMS (e.g. OMS). The European Data Protection Regulation (GDPR) will also have an enormous impact on suppliers of IoT devices. In this context, the GDPR asks for a pseudonymization and encryption of personal dat","og:title":"MTG IoT KMS","og:description":"Industry standards increasingly demand the use of KMS (e.g. OMS). The European Data Protection Regulation (GDPR) will also have an enormous impact on suppliers of IoT devices. In this context, the GDPR asks for a pseudonymization and encryption of personal dat","og:image":"https://old.roi4cio.com/fileadmin/user_upload/MTG_AG.png"},"eventUrl":"","translationId":4885,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4886,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/NATION-E_logo.jpg","logo":true,"scheme":false,"title":"Nation-E Solution","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"nation-e-solution","companyTitle":"Nation-E","companyTypes":["vendor"],"companyId":5274,"companyAlias":"nation-e","description":"Nation-E’s solution offers a seamlessly integrated transparent security layer. It incorporates three main components that secure critical infrastructure, OT (operational technology) and IIoT (Industrial Internet of Things) systems:\r\n<span style=\"font-weight: bold;\">Cerebrum</span>\r\nNation-E’s Cerebrum analyzes the information collected by the Energy Firewall and provides a detailed dashboard, reports and alerts; in addition, Cerebrum integrates with existing SIEM (where applicable).\r\nIt detects and reports tampering, traffic abnormalities or behavioral deviations from a stated policy, provides immediate alerts on communication disruptions, allows incident response and assets isolation using Nation-E policy management. Cerebrum integrates with multiple 3rd-party incident response systems including the most common SIEM systems from IBM, Checkpoint and HP.\r\n<span style=\"font-weight: bold;\">Energy Firewall</span>\r\nNation-E’s Energy Firewall collects and orchestrates real-time information acquired by the Smart Agents.\r\nIt provides passive monitoring of the traffic, visibility into assets inventory and state, abnormal or risky traffic patterns, policy enforcement and real-time threat isolation and mitigation.\r\n<span style=\"font-weight: bold;\">Smart Agent</span>\r\nNation-E’s smart agents are attached to critical assets serial interface in order to monitor and secure. Assets may be network-connected or stand-alone, accessible via serial connectivity.\r\nOur smart agents connect and communicate via encrypted and mutually authenticated tunnels, preventing rogue assets from posing a threat. They monitor common OT serial interfaces, CAN, RS232, RS485 and RS482, as well as common protocols such as OPC, DNP3 and MODBUS and BACnet.","shortDescription":"Nation-E solution incorporates three main components that secure critical infrastructure, OT (operational technology) and IIoT (Industrial Internet of Things) systems.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":8,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Nation-E Solution","keywords":"","description":"Nation-E’s solution offers a seamlessly integrated transparent security layer. It incorporates three main components that secure critical infrastructure, OT (operational technology) and IIoT (Industrial Internet of Things) systems:\r\n<span style=\"font-weight: b","og:title":"Nation-E Solution","og:description":"Nation-E’s solution offers a seamlessly integrated transparent security layer. It incorporates three main components that secure critical infrastructure, OT (operational technology) and IIoT (Industrial Internet of Things) systems:\r\n<span style=\"font-weight: b","og:image":"https://old.roi4cio.com/fileadmin/user_upload/NATION-E_logo.jpg"},"eventUrl":"","translationId":4887,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4888,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/ncp-engineering-logo.png","logo":true,"scheme":false,"title":"NCP engineering IIoT Security","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"ncp-engineering-iiot-security","companyTitle":"NCP engineering","companyTypes":["supplier","vendor"],"companyId":5276,"companyAlias":"ncp-engineering","description":"NCP has developed software components for secure data communication for Industrial Internet of Things (IIoT) scenarios. Several components at different points throughout the infrastructure bring back control and secure data encryption.\r\n<ul><li><span style=\"font-weight: bold;\">IIoT Remote Gateway</span> for secure communication of plant, machinery or systems</li><li><span style=\"font-weight: bold;\">Central IIoT Gateway</span> for secure connection to IIoT Remote Gateways</li><li><span style=\"font-weight: bold;\">Management System</span> for administration, monitoring and integration into existing infrastructures</li></ul>\r\nIIoT Remote Gateway can be installed and used directly on systems or machinery. It can also function as a (virtual) adapter and receive data from other devices (sensors, cameras, etc.) and encrypt the data if it is not encrypted already. The central IIoT gateway receives the encrypted data from the IIoT Remote Gateway and transmits it to other systems where big data and artificial intelligence come into play, e.g. for "Behavioural Analysis".\r\nEncrypted connections ensure that IIoT Remote Gateway and the central IIoT Gateway are linked securely. Additional connections can be set up, for example, to transmit video streams to the control room.\r\nSystem manufacturers or operators benefit from more than encrypted communication: they gain back control over the configuration of security parameters and can commission systems more easily.\r\nThanks to its multi-client capability, the management system is predestined for cloud environments or IIoT infrastructure which links several production sites or divisions via a common platform. Administrators can only access the production sites they need to manage and cannot access external data or protected areas. And best of all – you can also use the NCP Management System for Remote Access VPN in office networks.\r\n<span style=\"font-weight: bold;\">Encryption and authentication</span>\r\nAll connections between the end devices and the gateways are encrypted with advanced algorithms (for example using Suite B cryptography). For additional security, all machine certificates are managed in a Public Key Infrastructure (PKI). This ensures unique authentication for all end devices. During each connection, device certificates are checked for validity and trustworthiness (signed by a trusted Certification Authority [CA]) and whether the certificate has been blocked by an online or offline CA.\r\n<span style=\"font-weight: bold;\">Highlights</span>\r\n<ul><li>centrally managed machine certificates</li><li>advanced Suite B Cryptography; for state-of-the-art data encryption and transfer</li><li>standards-compliant</li><li>easy integration into existing infrastructures</li><li>centralized management of all components</li><li>platform ready</li><li>strong authentication</li><li>support for virtualization</li><li>the management system also for classic remote access VPN</li></ul>","shortDescription":"NCP engineering IIoT Security - secure communication of equipment, machines and systems.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"NCP engineering IIoT Security","keywords":"","description":"NCP has developed software components for secure data communication for Industrial Internet of Things (IIoT) scenarios. Several components at different points throughout the infrastructure bring back control and secure data encryption.\r\n<ul><li><span style=\"fo","og:title":"NCP engineering IIoT Security","og:description":"NCP has developed software components for secure data communication for Industrial Internet of Things (IIoT) scenarios. Several components at different points throughout the infrastructure bring back control and secure data encryption.\r\n<ul><li><span style=\"fo","og:image":"https://old.roi4cio.com/fileadmin/user_upload/ncp-engineering-logo.png"},"eventUrl":"","translationId":4889,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"jobRoles":[{"id":58,"title":"Chief Executive Officer"},{"id":60,"title":"Chief Information Officer"}],"organizationalFeatures":[],"complementaryCategories":[],"solutions":["Aging IT infrastructure","Risk of attacks by hackers","No centralized control over IT systems","Shortage of inhouse software developers"],"materials":[{"id":1256,"title":"","description":"Digital Innovation Solutions","uri":"https://www.cloudtp.com/digital-innovation/"}],"useCases":[],"best_practices":[],"values":["Reduce Costs","Enhance Staff Productivity","Ensure Security and Business Continuity","Ensure Compliance"],"implementations":[],"presenterCodeLng":"","productImplementations":[]}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}