{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"product":{"reference-bonus":{"ru":"Предложить бонус за референс","_type":"localeString","en":"Offer a reference bonus"},"configurator":{"ru":"Конфигуратор","_type":"localeString","en":"Сonfigurator"},"i-sell-it":{"en":"I sell it","ru":"I sell it","_type":"localeString"},"i-use-it":{"ru":"I use it","_type":"localeString","en":"I use it"},"roi-calculator":{"ru":"ROI-калькулятор","_type":"localeString","en":"ROI-calculator"},"selling":{"en":"Selling","ru":"Продают","_type":"localeString"},"using":{"ru":"Используют","_type":"localeString","en":"Using"},"show-more-button":{"_type":"localeString","en":"Show more","ru":"Показать еще"},"hide-button":{"_type":"localeString","en":"Hide","ru":"Скрыть"},"supplier-popover":{"ru":"поставщик","_type":"localeString","en":"supplier"},"implementation-popover":{"ru":"внедрение","_type":"localeString","en":"deployment"},"manufacturer-popover":{"en":"manufacturer","ru":"производитель","_type":"localeString"},"short-description":{"_type":"localeString","en":"Pitch","ru":"Краткое описание"},"i-use-it-popover":{"ru":"Внесите свое внедрение и получите бонус от ROI4CIO или поставщика.","_type":"localeString","en":"Make your introduction and get a bonus from ROI4CIO or the supplier."},"details":{"ru":"Детальнее","_type":"localeString","en":"Details"},"description":{"_type":"localeString","en":"Description","ru":"Описание"},"product-features":{"ru":"Особенности продукта","_type":"localeString","en":"Product features"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"solutions":{"ru":"Проблемы которые решает","_type":"localeString","en":" Problems that solves"},"values":{"ru":"Ценности","_type":"localeString","en":"Values"},"сomparison-matrix":{"en":"Comparison matrix","ru":"Матрица сравнения","_type":"localeString"},"testing":{"_type":"localeString","en":"Testing","ru":"Тестирование"},"compare":{"_type":"localeString","en":"Compare with competitors","ru":"Сравнить с конкурентами"},"characteristics":{"en":" Characteristics","ru":"Характеристики","_type":"localeString"},"transaction-features":{"_type":"localeString","en":"Transaction Features","ru":"Особенности сделки"},"average-discount":{"ru":"Средняя скидка партнера","_type":"localeString","en":"Partner average discount"},"deal-protection":{"ru":"Защита сделки","_type":"localeString","en":"Deal protection"},"average-deal":{"en":"Average deal size","ru":"Средний размер сделки","_type":"localeString"},"average-time":{"_type":"localeString","en":"Average deal closing time","ru":"Средний срок закрытия сделки"},"login":{"ru":"Войти","_type":"localeString","en":"Login"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"to-know-more":{"ru":"Чтобы узнать больше","_type":"localeString","en":"To know more"},"scheme":{"ru":"Схема работы","_type":"localeString","en":" Scheme of work"},"competitive-products":{"en":" Competitive products","ru":"Конкурентные продукты","_type":"localeString"},"implementations-with-product":{"en":"Deployments with this product","ru":"Внедрения с этим продуктом","_type":"localeString"},"user-features":{"ru":"Особенности пользователей","_type":"localeString","en":"User features"},"job-roles":{"ru":"Роли заинтересованных сотрудников","_type":"localeString","en":" Roles of Interested Employees"},"organizational-features":{"_type":"localeString","en":"Organizational Features","ru":"Организационные особенности"},"calculate-price":{"en":" Calculate product price","ru":"Рассчитать цену продукта","_type":"localeString"},"selling-stories":{"ru":"Продающие истории","_type":"localeString","en":" Selling stories"},"materials":{"ru":"Материалы","_type":"localeString","en":"Materials"},"about-product":{"en":"About Product","ru":"О продукте","_type":"localeString"},"or":{"en":"or","ru":"или","_type":"localeString"},"program-sends-data":{"en":"Program Sends Data","_type":"localeString"},"calculate-roi":{"en":"Calculate Product ROI","ru":"Рассчитать ROI продукта","_type":"localeString"},"complementary-categories":{"ru":"Схожие категории","_type":"localeString","en":"Complementary Categories"},"program-receives-data":{"_type":"localeString","en":"Program Receives Data"},"rebate":{"ru":"Бонус","_type":"localeString","en":"Bonus"},"rebate-for-poc":{"ru":"Бонус 4 POC","_type":"localeString","en":"Bonus 4 POC"},"configurator-content":{"_type":"localeString","en":"Calculate price for this product here","ru":"Рассчитайте стоимость продукта"},"configurator-link":{"ru":"тут","_type":"localeString","en":"here"},"vendor-popover":{"ru":"производитель","_type":"localeString","en":"vendor"},"user-popover":{"en":"user","ru":"пользователь","_type":"localeString"},"select-for-presentation":{"en":"select product for presentation","ru":"выбрать продукт для презентации","_type":"localeString"},"auth-message":{"ru":"Вам нужно зарегистрироваться или войти.","_type":"localeString","en":"You have to register or login."},"add-to-comparison":{"en":"Add to comparison","ru":"Добавить в сравнение","_type":"localeString"},"added-to-comparison":{"en":"Added to comparison","ru":"Добавлено в сравнения","_type":"localeString"},"roi-calculator-content":{"en":"Calculate ROI for this product here","ru":"Рассчитайте ROI для данного продукта","_type":"localeString"},"not-yet-converted":{"ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later."},"videos":{"ru":"Видео","_type":"localeString","en":"Videos"},"vendor-verified":{"ru":"Подтверждено производителем","_type":"localeString","en":"Vendor verified"},"event-schedule":{"en":"Events schedule","ru":"Расписание событий","_type":"localeString"},"scheduling-tip":{"_type":"localeString","en":"Please, сhoose a convenient date and time and register for the event.","ru":"Выберите удобную дату и время и зарегистрируйтесь на ивент."},"register-to-schedule":{"ru":"Для того чтобы зарегистрироваться на ивент пожалуйста авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString","en":"To register for the event please log in or register on the site."},"comparison-matrix":{"en":"Comparison matrix","ru":"Матрица сравнений","_type":"localeString"},"compare-with-competitive":{"ru":"Сравнить с конкурентными","_type":"localeString","en":" Compare with competitive"},"avg-deal-closing-unit":{"en":"months","ru":"месяцев","_type":"localeString"},"under-construction":{"en":"Current feature is still developing to become even more useful for you.","ru":"Данная услуга всё ещё находится в разработке.","_type":"localeString"},"product-presentation":{"en":"Product presentation","ru":"Презентация продукта","_type":"localeString"},"go-to-comparison-table":{"en":" Go to comparison table","ru":"Перейти к таблице сравнения","_type":"localeString"},"see-product-details":{"en":"See Details","ru":"Детали","_type":"localeString"}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"ru":"Как это работает","_type":"localeString","en":"How does it works","de":"Wie funktioniert es"},"login":{"de":"Einloggen","ru":"Вход","_type":"localeString","en":"Log in"},"logout":{"_type":"localeString","en":"Sign out","ru":"Выйти"},"faq":{"de":"FAQ","ru":"FAQ","_type":"localeString","en":"FAQ"},"references":{"en":"Requests","de":"References","ru":"Мои запросы","_type":"localeString"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"en":"Deals","ru":"Сделки","_type":"localeString"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"_type":"localeString","en":"Are you sure you want to delete","ru":"Подтвердите удаление"},"search-placeholder":{"_type":"localeString","en":"Enter your search term","ru":"Введите поисковый запрос"},"my-profile":{"_type":"localeString","en":"My profile","ru":"Мои данные"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"en":"Get reference from user","_type":"localeString"},"sub_roi4presenter":{"en":"Make online presentations","_type":"localeString"},"sub_roi4webinar":{"en":"Create an avatar for the event","_type":"localeString"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"en":"Find vendor and company-supplier","_type":"localeString"},"it_categories":{"en":"Explore IT products by category","_type":"localeString"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"_type":"localeString","en":"My Company","de":"Über die Firma","ru":"О компании"},"about":{"ru":"О нас","_type":"localeString","en":"About us","de":"Über uns"},"infocenter":{"de":"Infocenter","ru":"Инфоцентр","_type":"localeString","en":"Infocenter"},"tariffs":{"de":"Tarife","ru":"Тарифы","_type":"localeString","en":"Subscriptions"},"contact":{"_type":"localeString","en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами"},"marketplace":{"en":"Marketplace","de":"Marketplace","ru":"Marketplace","_type":"localeString"},"products":{"en":"Products","de":"Produkte","ru":"Продукты","_type":"localeString"},"compare":{"ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche"},"calculate":{"en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString"},"get_bonus":{"en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"_type":"localeString","en":"ROI calculators","de":"ROI-Rechner","ru":"ROI калькуляторы"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference","ru":"Rebate 4 Reference"},"our_social":{"en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString"},"subscribe":{"ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an"},"subscribe_info":{"en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"_type":"localeString","en":"Price calculator","ru":"Калькулятор цены"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"en":"4 vendors","ru":"поставщикам","_type":"localeString"},"blog":{"en":"blog","ru":"блог","_type":"localeString"},"pay4content":{"en":"we pay for content","ru":"платим за контент","_type":"localeString"},"categories":{"_type":"localeString","en":"categories","ru":"категории"},"showForm":{"_type":"localeString","en":"Show form","ru":"Показать форму"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"en":"username@gmail.com","ru":"username@gmail.com","_type":"localeString"},"subscribe__name-placeholder":{"_type":"localeString","en":"Last, first name","ru":"Имя Фамилия"},"subscribe__success":{"en":"You are successfully subscribed! Check you mailbox.","ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString"},"subscribe__error":{"ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString","en":"Subscription is unsuccessful. Please, try again later."},"roi4presenter":{"ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter","de":"roi4presenter"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"registration":{"en":"Registration","ru":"Регистрация","_type":"localeString"},"b2b-platform":{"en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"ru":"Имя","_type":"localeString","en":"First name"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"en":"Actual cost","ru":"Фактическая стоимость","_type":"localeString"},"received-roi":{"en":"Received ROI","ru":"Полученный ROI","_type":"localeString"},"saving-type":{"en":"Saving type","ru":"Тип экономии","_type":"localeString"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"_type":"localeString","en":"Your rate","ru":"Ваша оценка"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}}},"translationsStatus":{"product":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"product":{"meta":[{"name":"og:type","content":"website"},{"content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg","name":"og:image"}],"translatable_meta":[{"name":"og:title","translations":{"ru":"Конкретный продукт","_type":"localeString","en":"Example product"}},{"name":"og:description","translations":{"ru":"Описание для конкретного продукта","_type":"localeString","en":"Description for one product"}},{"name":"title","translations":{"_type":"localeString","en":"Product","ru":"Продукт"}},{"name":"description","translations":{"en":"Product description","ru":"Описание продукта","_type":"localeString"}},{"translations":{"ru":"Ключевые слова продукта","_type":"localeString","en":"Product keywords"},"name":"keywords"}],"title":{"_type":"localeString","en":"ROI4CIO: Product","ru":"ROI4CIO: Продукт"}}},"pageMetaDataStatus":{"product":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{"guardicore-centra-security-platform":{"id":1648,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/GuardiCore.png","logo":true,"scheme":false,"title":"GuardiCore Centra Security Platform","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"guardicore-centra-security-platform","companyTitle":"GuardiCore","companyTypes":["supplier","vendor"],"companyId":4301,"companyAlias":"guardicore","description":"<span style=\"font-weight: bold;\">Reveal Application Flows Across the Infrastructure</span>\r\n<ul> <li>Automatically discover applications and flows</li> <li>Quickly understand application behavior</li> <li>Granular visibility down to the process level</li> </ul>\r\n<span style=\"font-weight: bold;\">Segment with a Powerful Policy Engine</span>\r\n<ul> <li>Define segmentation policies in minutes</li> <li>Automatic policy recommendations</li> <li>Consistent policy expression across any environment</li> </ul>\r\n<span style=\"font-weight: bold;\"><br /></span> <span style=\"font-weight: bold;\">Detect Threats Faster and Simplify Response</span>\r\n<ul> <li>Multiple detection methods cover all types of threats</li> <li>Dynamic deception immediately traps attackers</li> <li>High quality, in-context security incidents with mitigation recommendations to speed incident response</li> </ul>\r\n<span style=\"font-weight: bold;\"><br /></span> <span style=\"font-weight: bold;\">Protection For Your Entire Infrastructure, Built and Proven for Cloud Scale</span> <span style=\"font-weight: bold;\"><br /></span>\r\n<ul> <li>Hybrid Cloud. Workload protection in hybrid cloud environments that span on-premises workloads, VMs, containers and deployments in public cloud IaaS including AWS, Azure and GCP.</li> <li>Simplify Security. Simplify security management with one platform that provides flow visibility, micro-segmentation, threat detection and incident response.</li> <li>Enterprise Scalability. Scalable to meet the performance and security requirements of any sized environment</li> </ul>","shortDescription":"GuardiCore Centra Security Platform Designed to Detect Threats and Lateral Movements with Greater Visibility and Micro-Segmentation","type":"Software","isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":7,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"GuardiCore Centra Security Platform","keywords":"","description":"<span style=\"font-weight: bold;\">Reveal Application Flows Across the Infrastructure</span>\r\n<ul> <li>Automatically discover applications and flows</li> <li>Quickly understand application behavior</li> <li>Granular visibility down to the process level</li> </ul","og:title":"GuardiCore Centra Security Platform","og:description":"<span style=\"font-weight: bold;\">Reveal Application Flows Across the Infrastructure</span>\r\n<ul> <li>Automatically discover applications and flows</li> <li>Quickly understand application behavior</li> <li>Granular visibility down to the process level</li> </ul","og:image":"https://old.roi4cio.com/fileadmin/user_upload/GuardiCore.png"},"eventUrl":"","translationId":1649,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[{"id":409,"title":"Web App integration","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":411,"title":"C&C detection","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":413,"title":"Emulated traps","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":415,"title":"NAC integration","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":417,"title":"Full OS traps","required":0,"type":"binary","templateId":28,"value":true,"options":{"values":null,"defaults":null}},{"id":419,"title":"SIEM Integration","required":0,"type":"binary","templateId":28,"value":true,"options":{"values":null,"defaults":null}},{"id":421,"title":"Endpoint integration","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":423,"title":"Built-in correlation","required":0,"type":"binary","templateId":28,"value":true,"options":{"values":null,"defaults":null}},{"id":425,"title":"Built-in ticketing","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":427,"title":"Sanbox integration","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":429,"title":"POS","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":431,"title":"ATM","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":433,"title":"SCADA","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":435,"title":"IoT","required":0,"type":"binary","templateId":28,"value":"N/A","options":{"values":null,"defaults":null}},{"id":437,"title":"Clouds","required":0,"type":"multiselect","templateId":28,"value":"AWS, Azure, OpenStack, SaaS available","options":["AWS","Azure","OpenStack","SaaS available","Yes","GCP"]}],"concurentProducts":[{"id":3845,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/pradeo.png","logo":true,"scheme":false,"title":"Pradeo Security Systems Mobile Threat Defense","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"pradeo-security-systems-mobile-threat-defense","companyTitle":"Pradeo","companyTypes":["supplier","vendor"],"companyId":5308,"companyAlias":"pradeo-security-systems","description":"<b>Pradeo</b> developed an advanced Artificial Intelligence process delivering the most accurate threat detection technology of the market. Through the years, the Pradeo intelligence center has collected billions of mobile security data, implemented thousands of security rules and detected millions of severe mobile threats and billions of leaky behaviors.\r\n<b>APPLICATION SECURITY </b>\r\nMost mobile threats do not have viral signatures. In order to detect and prevent zero-day attacks, Pradeo’s mobile application scanning capability accurately identifies all mobile applications behaviors and vulnerabilities. Then, it contextualizes information to avoid false-positive alerts and only blocks applications that represent a real threat.\r\n<b>Key Features:</b>\r\n<ul> <li>Unknown, known and advanced threats detection</li> <li>Static and dynamic analysis</li> <li>Zero false positive</li> <li>Automatic blocking of applications</li> <li>Vulnerabilities detection </li> <li>Remediation of risky behaviors </li> </ul>\r\n<b>NETWORK SECURITY </b>\r\nAs the amount of public hotspots keeps increasing and people tend to connect to several ones a day, Pradeo Security screens in real-time network configuration and parameters. As a result, it prevents network-related attacks such as Man-In-The-Middle. \r\n<b>Key Features:</b>\r\n<ul> <li>Man In the Middle detection </li> <li>Network access control </li> <li>SSL certificates check </li> <li>Secure browser </li> </ul>\r\n<b>DEVICE SECURITY </b>\r\nA device that is jailbroken, rooted, running on an outdated operating system, etc. is vulnerable to device-related attacks and thus, represents a security flaw in the mobile chain. Pradeo Security monitors device integrity by inspecting all its potentially defective aspects. \r\n<b>Key Features:</b>\r\n<ul> <li>OS vulnerabilities detection </li> <li>Root / jailbreak exploitation detection </li> <li>Identification of system takeover </li> <li>Abnormal battery consumption detection </li> </ul>","shortDescription":"Pradeo protects organizations’ mobile devices, applications and data","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Pradeo Security Systems Mobile Threat Defense","keywords":"","description":"<b>Pradeo</b> developed an advanced Artificial Intelligence process delivering the most accurate threat detection technology of the market. Through the years, the Pradeo intelligence center has collected billions of mobile security data, implemented thousands ","og:title":"Pradeo Security Systems Mobile Threat Defense","og:description":"<b>Pradeo</b> developed an advanced Artificial Intelligence process delivering the most accurate threat detection technology of the market. Through the years, the Pradeo intelligence center has collected billions of mobile security data, implemented thousands ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/pradeo.png"},"eventUrl":"","translationId":3844,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"},{"id":375,"title":"Mobile Enterprise Security","alias":"mobile-enterprise-security","description":" Because mobile devices are easily lost or stolen, data on those devices is vulnerable. Enterprise mobility management is a set of systems intended to prevent unauthorized access to enterprise applications and/or corporate data on mobile devices. These can include password protection, encryption and/or remote wipe technology, which allows an administrator to delete all data from a misplaced device. With many systems, security policies can be centrally managed and enforced. Such device management systems are programmed to support and cooperate with the application programming interfaces (APIs) from various device makers to increase security compliance.\r\nThe data transfer between mobile device and the enterprise should always be encrypted, for example through a VPN tunnel or over HTTPS.\r\nMobile devices in companies with "bring your own device" (BYOD) policies are often used both personally and professionally. In these cases, corporate IT has less control over whether malware is on the device and what damage may be caused to corporate data. Apart from careful user behavior - data storage on the mobile device should be limited and centrally organized.","materialsDescription":" <span style=\"font-weight: bold;\">What is mobile security?</span>\r\nMobile security refers to the set of technologies and practices that aim to protect mobile devices against operating system vulnerabilities, network and app attacks, or mobile malware. Technologies such as enterprise mobility management (EMM) solutions manage compliance policies and issues relating to device privilege or loss.\r\n<span style=\"font-weight: bold;\">What are mobile security threats?</span>\r\nMobile security threats are vulnerabilities or attacks that attempt to compromise your phone's operating system, internet connection, Wi-Fi and Bluetooth connections, or apps. Smartphones possess very different behaviors and capabilities compared to PCs or laptops and need to be equipped to detect attacks specific to mobile devices. Mobile devices contain unique functions and behaviors making traditional IT security solutions ineffective for securing mobile devices. One of the primary differences in how mobile devices are different from PCs and laptops is administration privileges. There are several administrators for a PC or laptop making it simple for corporate IT to install security software and monitor computers for problems. On mobile devices, the administration is handled by the device owner. The device owner is the only one that can install apps or allow other management profiles on the device. This means the burden of securing the mobile device and its data falls entirely on the user--who may not have the time or expertise to provide proper mobile device security.\r\n<span style=\"font-weight: bold;\">Why is mobile security important?</span>\r\nMobile security is very important since our mobile device is now our primary computing device. On average, users spend more than 5 hours each day on a mobile device conducting company and personal business. The shift in device usage habits has also moved the prime target for hackers from PCs to our mobile devices. Since mobile devices are now a prime target, we need to secure them and arm them with threat detection and malware protection just like PCs. Smartphones are able to circumvent traditional security controls, and typically represent a massive blind spot for IT and security teams. Hackers know this, which no doubt contributed to the number of smartphone attacks recorded between January and July 2016. The number of attacks nearly doubled compared to the last six months of 2015. During that same time period, smartphones accounted for 78% of all mobile network infections.\r\n<span style=\"font-weight: bold;\">Which mobile security is best for enterprises?</span>\r\nThere are a number of mobile security solutions available on the market, but identifying which mobile security is best for enterprises entails using specific criteria. As is often the case, solutions designed for consumers and end-users may not be as robust, full-featured, reliable and scalable as solutions designed specifically for the enterprise. In particular, mobile security solutions that are suitable for enterprise use should include scalability, autonomous functionality, machine learning, on-device operation, and protection from zero-day threats. Enterprises also need to consider flexible deployment models to take advantage of existing infrastructure or cloud computing environments.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Mobile_Enterprise_Security.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":824,"title":"ATP - Advanced Threat Protection","alias":"atp-advanced-threat-protection","description":" Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.\r\nThe primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.\r\nAdvanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.\r\nEnterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.","materialsDescription":" <span style=\"font-weight: bold;\">How Advanced Threat Protection Works?</span>\r\nThere are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:\r\n<ul><li><span style=\"font-weight: bold;\">Real-time visibility</span> – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.</li><li><span style=\"font-weight: bold;\">Context</span> – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.</li><li><span style=\"font-weight: bold;\">Data awareness</span> – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.</li></ul>\r\nWhen a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:\r\n<ul><li>Halting attacks in progress or mitigating threats before they breach systems</li><li>Disrupting activity in progress or countering actions that have already occurred as a result of a breach</li><li>Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-ATP.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4363,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Sensato-NIGHTINGALE.png","logo":true,"scheme":false,"title":"Sensato Nightingale","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"sensatoi-nightingale","companyTitle":"Sensato Cybersecurity Solutions","companyTypes":["supplier","vendor"],"companyId":6755,"companyAlias":"sensato-cybersecurity-solutions","description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The Nightingale Difference</span></span></p>\r\n\r\n<span style=\"font-weight: bold;\">Early Detection. Sensato-Nightingale can detect a breach within a couple days. When you're being attacked, every second counts.</span>\r\nAttackers have gotten very good at bypassing intrusion detection, anti-virus, firewalls, and even the latest machine learning-based intrusion prevention systems. Sensato-Nightingale alerts you to a breach and gives you a fighting chance to contain the intrusion and mitigate damage.\r\nImmediately upon being reconned by an attacker, Sensato-Nightingale signals its Nest Command Center and issues SMS and email alerts. If desired, it can also be connected to the Sensato Cybersecurity Tactical Operations Center for enhanced monitoring and incident response.\r\n\r\n<span style=\"font-weight: bold;\">Forensic Collection. Sensato-Nightingale empowers your incident response team to stop guessing and start responding. On average, an attacker will exploit your network for close to a year without detection.</span>\r\nWhen an attacker is detected, Nightingale can automatically launch its Sentinel technology to begin monitoring, tracking, and reporting on the attacker's activities across your network and enterprise.\r\nSensato-Nightingale is an amazingly powerful resource for forensic analysis. \r\n\r\n<span style=\"font-weight: bold;\">Fight Back! Speed, and invoking counter-measures, can be the crucial difference between an inconvenience or being tomorrow's headline.</span>\r\nNightingale is one of the first tools on the market that provides automated countermeasures to help you fight back.<br />This unique capability is extremely powerful; further details are only discussed under a mutual non-disclosure agreement.\r\n\r\n<span style=\"font-weight: bold;\">Cybersecurity inspired by the Samurai. "Nightingale floors" were floors designed to protect the Samurai. They made a chirping sound when walked upon.</span>\r\nThe Samurai knew that despite all their defenses, their advanced training and resources, it was only a matter of time before enemies would break in. They realized their only hope of survival was to detect the assassin as early as possible.\r\nThese nightingale floors were used as a security device, assuring that no one could sneak through the corridors undetected.\r\nThe ingenious design has multiple advantages: Like the would-be assassin, it’s sneaky. It looks like an ordinary floor, but it’s constructed so that the nails rub against a jacket or clamp as someone walks over the floorboards, causing a chirping noise like a nightingale bird.\r\nThe result is an alarm system the intruder cannot detect until it’s too late. The nightingale floor not only sounds the alarm when an intruder enters, but it also pinpoints the intruder’s location.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">It’s time for your own nightingale floor.<br />Sensato-Nightingale.</span><br /><br /><br /></p>","shortDescription":"An integrated cyber security platform combining detection, monitoring, incident response, deception technology, forensics, countermeasures. Designed to help you fight back. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Sensato Nightingale","keywords":"","description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The Nightingale Difference</span></span></p>\r\n\r\n<span style=\"font-weight: bold;\">Early Detection. Sensato-Nightingale can detect a breach within a couple days. When you'","og:title":"Sensato Nightingale","og:description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The Nightingale Difference</span></span></p>\r\n\r\n<span style=\"font-weight: bold;\">Early Detection. Sensato-Nightingale can detect a breach within a couple days. When you'","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Sensato-NIGHTINGALE.png"},"eventUrl":"","translationId":4364,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4186,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/anasoft_logo.png","logo":true,"scheme":false,"title":"Deceus Cyber Deception Technology","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"deceus-cyber-deception-technology","companyTitle":"ANASOFT","companyTypes":["vendor"],"companyId":6478,"companyAlias":"anasoft","description":"<span style=\"font-weight: bold;\">DECEUS</span> is a deception-based threat intelligence system which distributes monitored decoys and traps. When an attacker attempts to exploit a deception trap, network administrators are notified in real-time.\r\nDeception traps never put real IT infrastructure at risk. Cyber attack efforts are instead diverted from mission-critical systems. When integrated with other Security Information and Event Management (SIEM) systems, honeypot traps can also help identify hackers, while simultaneously improving overall network protection.\r\n<span style=\"font-weight: bold;\">DECEUS</span> is scalable to the needs of large enterprises and SMEs. Deception-based threat intelligence can also help considerably reduce costs caused by a data breach and cyber-attack investigation.\r\n<span style=\"text-decoration: underline;\"><span style=\"font-weight: bold;\">DECEUS Deception Protection Benefits:</span></span>\r\n<ul><li>Identify hackers and cyber attack culprits without risking a real security breach.</li><li>Reduce the frequency of cyber-attack attempts on real IT infrastructure, while identifying actual breaches as they happen.</li><li>Neutralize network security threats before they occur and reduce network downtime and data loss.</li></ul>\r\n<span style=\"text-decoration: underline;\"><span style=\"font-weight: bold;\">Main modules:</span></span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Token</span></span>\r\nTokens are honeypot decoys which present hackers and cyber attack perpetrators with interesting (and potentially profitable) information.\r\nGroup of predefined tokens is packaged in <span style=\"font-weight: bold;\">DECEUS</span>. Alternatively, users can create custom token decoys.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Token Generator</span></span>\r\nUse DECEUS to create custom decoy tokens using easy to edit predefined templates.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Token Deployment</span></span>\r\nAutomatically deploy decoy tokens on any networked computer using standard application deployment tools. (MS SCCM, Tivoli, MS GPO).\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Fake Servers</span></span>\r\nServers hosted fake data for tokens.\r\nYou can deploy new or use existing servers.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Monitoring</span></span>\r\nMonitor network security threats as they manifest. Standard monitoring tools like MS SCOM, Zabbix, Nagios, OpenNMS, notify security administrators the second a decoy token is activated.","shortDescription":"DECEUS is a deception-based threat intelligence system which distributes monitored decoys and traps.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":16,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Deceus Cyber Deception Technology","keywords":"","description":"<span style=\"font-weight: bold;\">DECEUS</span> is a deception-based threat intelligence system which distributes monitored decoys and traps. When an attacker attempts to exploit a deception trap, network administrators are notified in real-time.\r\nDeception tra","og:title":"Deceus Cyber Deception Technology","og:description":"<span style=\"font-weight: bold;\">DECEUS</span> is a deception-based threat intelligence system which distributes monitored decoys and traps. When an attacker attempts to exploit a deception trap, network administrators are notified in real-time.\r\nDeception tra","og:image":"https://old.roi4cio.com/fileadmin/user_upload/anasoft_logo.png"},"eventUrl":"","translationId":4187,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3748,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/deceptive_bytes.png","logo":true,"scheme":false,"title":"Deceptive Bytes","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"deceptive-bytes","companyTitle":"Deceptive Bytes","companyTypes":["supplier","vendor"],"companyId":5910,"companyAlias":"deceptive-bytes","description":"<b>Deceptive Bytes</b> provides an innovative solution against threats in enterprises’ most critical and exposed assets, their endpoints!\r\nThe solution creates dynamic & deceptive information which interferes with any attempt to recon the environment and deters the attacker from executing its malicious intents, through all the stages of compromise in the Attack Kill Chain – covering advanced & sophisticated malware techniques, constantly making sure all the endpoints & data in the enterprise are secured.\r\nFeatures:\r\n<b>Preemptive Defense</b>\r\nMaking malware believe it’s in an unattractive/hostile environment to attack and reducing the chances of a successful attack. For example, creating a sandbox/VM environment which deter malware.\r\n<b>Proactive Defense</b>\r\nActively responding to threats as they evolve, changing the outcome of the attack through all the stages of the Endpoint Kill Chain. For example, deceiving and stopping Ransomware, thinking it succeeded encrypting the files as the solution safeguard them.\r\n<b>Behavioral Defense</b>\r\nIdentifying & preventing legitimate apps being used for malicious operations. For example, stopping execution of powershell/command line initiated from word/excel files that are used by attackers to infect the endpoint.\r\nBenefits:\r\n<b>Preemptive and Proactive</b>\r\n<ul> <li> Prevents unknown and sophisticated threats</li><p> </p> <li> Very high prevention and detection rates</li><p> </p> <li> Real time detection & response</li><p> </p> </ul>\r\n<b>Lightweight</b>\r\n<ul> <li> System-wide protection with pinpoint handling</li><p> </p> <li> Deploys in seconds & Easy to operate</li><p> </p> <li> Low resource usage (CPU, memory & disk) - No UX impact</li><p> </p> </ul>\r\n<b>Signature-less</b>\r\n<ul> <li> NO constant updates</li><p> </p> <li> Operates in stand-alone/disconnected & VDI environments</li><p> </p> <li> Stops millions of threats using only 1 evasion technique</li><p> </p> </ul>\r\n<b>Reliable</b>\r\n<ul> <li> High stability - operates in User-mode</li><p> </p> <li> Triggering high-fidelity alerts</li><p> </p> <li> Low to non-existing false positive rate</li><p> </p> </ul>","shortDescription":"Dynamically responding to threats as they evolve and protecting through the entire Endpoint Kill Chain","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":6,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Deceptive Bytes","keywords":"","description":"<b>Deceptive Bytes</b> provides an innovative solution against threats in enterprises’ most critical and exposed assets, their endpoints!\r\nThe solution creates dynamic & deceptive information which interferes with any attempt to recon the environment and d","og:title":"Deceptive Bytes","og:description":"<b>Deceptive Bytes</b> provides an innovative solution against threats in enterprises’ most critical and exposed assets, their endpoints!\r\nThe solution creates dynamic & deceptive information which interferes with any attempt to recon the environment and d","og:image":"https://old.roi4cio.com/fileadmin/user_upload/deceptive_bytes.png"},"eventUrl":"","translationId":3747,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"},{"id":824,"title":"ATP - Advanced Threat Protection","alias":"atp-advanced-threat-protection","description":" Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.\r\nThe primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.\r\nAdvanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.\r\nEnterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.","materialsDescription":" <span style=\"font-weight: bold;\">How Advanced Threat Protection Works?</span>\r\nThere are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:\r\n<ul><li><span style=\"font-weight: bold;\">Real-time visibility</span> – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.</li><li><span style=\"font-weight: bold;\">Context</span> – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.</li><li><span style=\"font-weight: bold;\">Data awareness</span> – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.</li></ul>\r\nWhen a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:\r\n<ul><li>Halting attacks in progress or mitigating threats before they breach systems</li><li>Disrupting activity in progress or countering actions that have already occurred as a result of a breach</li><li>Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-ATP.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3768,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/FFRI.png","logo":true,"scheme":false,"title":"FFRI Yarai","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"ffri-yarai","companyTitle":"FFRI","companyTypes":["supplier","vendor"],"companyId":5937,"companyAlias":"ffri","description":"FFRI yarai patented precognitive defense eliminates threats before they begin. Leveraging five purpose-built detection engines to eliminate threats before initiation. FFRI’s approach to layered security has become the trusted defensive stack for global enterprises and international governments. \r\n<b>Features:</b>\r\n<ul> <li><b>Application Protection.</b> The patented ZDP engine protect against Zero-Day vulnerability attacks in real time.</li><p> </p> <li><b>Malware Prevention.</b> Static Analysis and unique Sandbox engines monitor unusual programs at pre-execution.</li><p> </p> <li><b>Dynamic Protection.</b> HIPS and Machine Learning engines capture advanced malware behavior in real time.</li><p> </p> </ul>\r\nFFRI yarai’s Precognitive defense platform leverages machine learning and behavioral based heuristics in a compact agentbased platform. FFRI yarai does not rely on constant updates or signatures to identify and prevent malware. The evolution of our approach to a more intelligent design has been the effort of world class engineering and seasoned security research. \r\n<b>Benefits:</b>\r\n<ul> <li>Lightweight</li><p> </p> <li>Intuitive</li><p> </p> <li>No Signatures</li><p> </p> <li>Scalable</li><p> </p> </ul>\r\n ","shortDescription":"Next Generation Endpoint Security powered by Proactive Heuristic Technology\r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":20,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"FFRI Yarai","keywords":"","description":"FFRI yarai patented precognitive defense eliminates threats before they begin. Leveraging five purpose-built detection engines to eliminate threats before initiation. FFRI’s approach to layered security has become the trusted defensive stack for global enterpr","og:title":"FFRI Yarai","og:description":"FFRI yarai patented precognitive defense eliminates threats before they begin. Leveraging five purpose-built detection engines to eliminate threats before initiation. FFRI’s approach to layered security has become the trusted defensive stack for global enterpr","og:image":"https://old.roi4cio.com/fileadmin/user_upload/FFRI.png"},"eventUrl":"","translationId":3767,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"},{"id":824,"title":"ATP - Advanced Threat Protection","alias":"atp-advanced-threat-protection","description":" Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.\r\nThe primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.\r\nAdvanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.\r\nEnterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.","materialsDescription":" <span style=\"font-weight: bold;\">How Advanced Threat Protection Works?</span>\r\nThere are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:\r\n<ul><li><span style=\"font-weight: bold;\">Real-time visibility</span> – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.</li><li><span style=\"font-weight: bold;\">Context</span> – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.</li><li><span style=\"font-weight: bold;\">Data awareness</span> – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.</li></ul>\r\nWhen a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:\r\n<ul><li>Halting attacks in progress or mitigating threats before they breach systems</li><li>Disrupting activity in progress or countering actions that have already occurred as a result of a breach</li><li>Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-ATP.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3816,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/minerva_labs.png","logo":true,"scheme":false,"title":"Minerva Labs Anti-Evasion Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"minerva-labs-anti-evasion-platform","companyTitle":"Minerva Labs","companyTypes":["supplier","vendor"],"companyId":5748,"companyAlias":"minerva-labs","description":"Addressing the widest variety of attack scenarios, <b>Minerva Anti-Evasion Platform</b> includes multiple modules that reinforce each other to block unknown threats that employ different evasive techniques. \r\n<b>Why Minerva Labs?</b>\r\n<b>Prevention Before Detection</b>\r\nEvasion has become a key motif in current threats, yet today’s solutions fail at preventing evasive techniques. Minerva Labs' Anti-Evasion Platform does not rely on previously seen patterns or signatures, which is the premise shared by all other endpoint security tools.\r\nUsing deception Minerva Labs will:\r\n<ul> <li>Deceive the malware’s perception of reality, prior to installation, to the point that it is certain to be in such a hostile environment and aborts the attack.</li> <li>Stop in-memory attacks on the fly by preventing the code injection into legit processes.</li> <li>Trick malware into believing the same malware is already running on the target when it’s not.</li> <li>Deceive non-evasive ransomware into believing it had encrypted the files on an endpoint when in reality it had not.</li> </ul>\r\n<b>Enhancing Your Existing Defense Ecosystem</b>\r\nMinerva enhances your defense ecosystem with threat intelligence so you get the most out of your existing investments. Once an unknown attack is blocked, Minerva will update other security tools with the new attack pattern, to find and eradicate attacks faster.\r\n<ul> <li>NAC</li> <li>Antivirus </li> <li>Firewall</li> <li>Cloud Solutions</li> <li>IPS</li> <li>Sandbox</li> </ul>\r\n<b>Complete Control And Visibility </b>\r\nMinerva Anti-Evasion Platform includes a single console to manage and oversee Minerva agents and Minerva-generated events. The web-based console provides powerful event filtering and searching capabilities that allow administrators to view the threats that have been prevented by Minerva, together with event details. \r\n<b>Fully-Enabled VDI Protection </b>\r\nWith the lightweight nature of the Minerva agent, the Anti-Evasion Platform enhances Virtual Desktop Infrastructure (VDI) security for end-to-end, fully-enabled anti-malware protection, without adding any performance overhead. \r\n<b>Unmatched Operational Value</b>\r\n<ul> <li><b>Offline operation mode.</b> Fully standalone mode which keeps protecting endpoints even when disconnected from the organizational network.</li> <li><b>Easy deployment.</b> As a super-thin agent, Minerva can be installed on thousands of machines in no time. No restart is required.</li> <li><b>Lightweight.</b> As there is no heavy client running in the background, and no active detection application scanning processes and files, Minerva does not use up any resources, and has no impact on the end user experience.</li> <li><b>No false positives.</b> With Minerva in place, there are no false-positive alerts. Once a notification appears, you know that a real threat was neutralized and prevented before any damage has been done. </li> <li><b>No ongoing maintenance.</b> Minerva does not need any ongoing upkeep to ensure it’s operating at its best. It even updates itself automatically with new simulations and artifacts on a regular basis. </li> <li><b>Supports all Windows OS.</b> Embedded systems, Point of Sale (PoS) and additional legacy systems, as well as physical and virtual environments (e.g. VDI Terminal Server). </li> </ul>","shortDescription":"A comprehensive endpoint solution that prevents attacks through trickery and deception","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Minerva Labs Anti-Evasion Platform","keywords":"","description":"Addressing the widest variety of attack scenarios, <b>Minerva Anti-Evasion Platform</b> includes multiple modules that reinforce each other to block unknown threats that employ different evasive techniques. \r\n<b>Why Minerva Labs?</b>\r\n<b>Prevention Before Dete","og:title":"Minerva Labs Anti-Evasion Platform","og:description":"Addressing the widest variety of attack scenarios, <b>Minerva Anti-Evasion Platform</b> includes multiple modules that reinforce each other to block unknown threats that employ different evasive techniques. \r\n<b>Why Minerva Labs?</b>\r\n<b>Prevention Before Dete","og:image":"https://old.roi4cio.com/fileadmin/user_upload/minerva_labs.png"},"eventUrl":"","translationId":3815,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"},{"id":824,"title":"ATP - Advanced Threat Protection","alias":"atp-advanced-threat-protection","description":" Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.\r\nThe primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.\r\nAdvanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.\r\nEnterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.","materialsDescription":" <span style=\"font-weight: bold;\">How Advanced Threat Protection Works?</span>\r\nThere are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:\r\n<ul><li><span style=\"font-weight: bold;\">Real-time visibility</span> – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.</li><li><span style=\"font-weight: bold;\">Context</span> – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.</li><li><span style=\"font-weight: bold;\">Data awareness</span> – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.</li></ul>\r\nWhen a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:\r\n<ul><li>Halting attacks in progress or mitigating threats before they breach systems</li><li>Disrupting activity in progress or countering actions that have already occurred as a result of a breach</li><li>Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-ATP.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1640,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CyberTrap.png","logo":true,"scheme":false,"title":"CyberTrap","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"cybertrap","companyTitle":"CyberTrap","companyTypes":["supplier","vendor"],"companyId":4299,"companyAlias":"cybertrap","description":"\r\n\r\n<p>Our deception technology is designed with one purpose in mind – to stop attackers from breaching your system and causing damage. Our local threat intelligence feeds help to keep attackers out of your network. CyberTrap offers comfortable, stress-free 24/7 protection while gathering vital intelligence on attacker activities and intent.</p>\r\n\r\n\r\n<ul>\r\n<li>Local threat intelligence feeds</li>\r\n<li>Insight on attacker activities</li>\r\n<li>No false positives</li>\r\n</ul>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Managed services</span></p>\r\n\r\n\r\n<p>Our deception as a managed service has been previously accessible only to large companies. For the first time midsize companies can benefit from deception security in a convenient subscription model that won’t stretch their budget or resources.</p>\r\n\r\n\r\n<ul>\r\n<li>No capital investment</li>\r\n<li>No need to hire experts</li>\r\n<li>No overhead costs</li>\r\n</ul>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Supported services</span></p>\r\n\r\n\r\n<p>Large enterprises and government agencies are vulnerable to persistent attacks. Such organizations usually have an internal security team which can be supported by CyberTrap. We provide training and assistance to help kickstart your deception operation.</p>\r\n\r\n\r\n<ul>\r\n<li>Easy integration with existing security stack</li>\r\n<li>All the necessary training provided</li>\r\n<li>Fast and reliable customer support</li>\r\n</ul>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">CyberTrap is the solution for your Company</span></p>\r\n\r\n\r\n<p>Implementing an extra layer of deception security is the right move for any organization storing valuable, highly sensitive data which hackers desire.</p>\r\n\r\n\r\n<ul>\r\n<li>Government & law enforcement agencies</li>\r\n<li>Banking, financial services & insurance (BFSI)</li>\r\n<li>IT, telecom & technology</li>\r\n<li>Utilities & and national critical infrastructure (CNI)</li>\r\n<li>Production plants & manufacturing</li>\r\n<li>E-commerce & retail chains</li>\r\n<li>Healthcare companies</li>\r\n</ul>\r\n\r\n\r\n\r\n<p> </p>\r\n","shortDescription":"CyberTrap is a deception technology designed with one purpose in mind – to stop attackers from breaching your system and causing damage. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberTrap","keywords":"","description":"\r\n\r\n<p>Our deception technology is designed with one purpose in mind – to stop attackers from breaching your system and causing damage. Our local threat intelligence feeds help to keep attackers out of your network. CyberTrap offers comfortable, stress-f","og:title":"CyberTrap","og:description":"\r\n\r\n<p>Our deception technology is designed with one purpose in mind – to stop attackers from breaching your system and causing damage. Our local threat intelligence feeds help to keep attackers out of your network. CyberTrap offers comfortable, stress-f","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CyberTrap.png"},"eventUrl":"","translationId":1641,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1646,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Cymmetria.png","logo":true,"scheme":false,"title":"Cymmetria’s MazeRunner","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"cymmetrias-mazerunner","companyTitle":"Cymmetria","companyTypes":["supplier","vendor"],"companyId":4300,"companyAlias":"cymmetria","description":"<p><strong>What Is Cyber Deception? </strong></p>\r\n<p>Cyber deception leverages the fact that attackers always follow a predictable attack pattern: reconnaissance, lateral movement, and exploitation. When attackers use tools like Responder.py (for Pass-the-Hash attacks) while targeting sensitive business processes and assets (e.g., SWIFT), deception technology creates a controlled path for them to follow. Attackers are diverted from organizational assets and into controlled environments, giving defenders the upper hand in detection, investigation, and mitigation.</p>\r\n<p><strong>How MazeRunner Works </strong></p>\r\n<p>MazeRunner gives organizations a solution for creating effective deception stories. Deception stories, which are comprised of breadcrumbs and decoys, lead attackers to believe that they have successfully gained access to a target machine. Breadcrumbs are data elements (such as credentials) that lead attackers to decoys. Decoys are machines that run live services; when they are attacked, MazeRunner raises an alert and gathers forensic data.</p>\r\n<p><strong>Cymmetria Features </strong></p>\r\n<ul>\r\n<li><strong>Git </strong>- Source-code management for Linux decoys</li>\r\n<li><strong>MySQL</strong>- Database service for Linux decoys</li>\r\n<li><strong>Network Monitor </strong>- Monitors for unrecognized machines in the network</li>\r\n<li><strong>OpenVPN </strong>- Virtual private network (VPN) service for Linux decoys</li>\r\n<li><strong>RDP </strong>- Remote Desktop service for Windows decoys</li>\r\n<li><strong>Responder </strong>- This service can, in addition to connecting to the network breadcrumb, monitor for attackers performing NBNS spoofing and Responder usage directly from the decoy. The username, domain, and password will be fed to the attacker from the decoy. Activating MazeRunner’s Pass-the-Hash Monitor (ActiveSOC > Pass-the-Hash Monitor) allows raising alerts when stolen credentials are used in the network</li>\r\n<li><strong>SMB </strong>- Creates a shared folder on the decoy. For Windows and Linux decoys</li>\r\n<li><strong>SSH </strong>- Remote shell service for Linux decoys</li>\r\n<li><strong>Web application </strong>- Allows running a custom, user-controlled website, or a built-in HTTP server with a pre-set web application such as MediaWiki, SugarCRM, or phpMyAdmin. For Linux decoys</li>\r\n</ul>","shortDescription":"Cymmetria’s MazeRunner platform lets you dominate an attacker’s movements from the very beginning and lead them to a monitored deception network.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cymmetria’s MazeRunner","keywords":"","description":"<p><strong>What Is Cyber Deception? </strong></p>\r\n<p>Cyber deception leverages the fact that attackers always follow a predictable attack pattern: reconnaissance, lateral movement, and exploitation. When attackers use tools like Responder.py (for Pass-the-Has","og:title":"Cymmetria’s MazeRunner","og:description":"<p><strong>What Is Cyber Deception? </strong></p>\r\n<p>Cyber deception leverages the fact that attackers always follow a predictable attack pattern: reconnaissance, lateral movement, and exploitation. When attackers use tools like Responder.py (for Pass-the-Has","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Cymmetria.png"},"eventUrl":"","translationId":1647,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":5998,"logoURL":"https://old.roi4cio.com/fileadmin/content/logo_xello_deception.png","logo":true,"scheme":false,"title":"Xello Deception","vendorVerified":1,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"alias":"xello-deception","companyTypes":[],"description":" Deception technology is the most effective way to detect APT attacks, as it uses attacking tactics against them. Using traps and decoys with a high level of interactivity, Deception deceives intruders by forcing them to reveal themselves, thereby closing those threats that other defenses could not cope with. Using traps (decoys) such as: user credentials, servers, sites, you can detect hackers before confidential information becomes available to them.\r\nIn 2019, many analysts again recognized the effectiveness of Deception technology in detecting advanced threats, and Gartner, Inc. For the fourth consecutive year, recommends using Deception as the top strategic security priority Various recent studies have also recorded market intentions to add Deception technology to their security controls, given its effectiveness and efficiency in deterring intruders.<br /><br /><span style=\"font-weight: bold;\">Adaptive traps - Intelligent Protection</span>\r\nIn order to stop even the most modern attacks, traps and decoys should fit perfectly into the network and adapt, even without the use of agents, as the environment changes. To be always one step ahead, modern and infrastructure-optimized lures automatically and dynamically create a false layer of information throughout your network without affecting your IT structure.<br />By constantly creating an environment in which attackers cannot distinguish real information from fake information, baits provide constant unreliability of data collection by attackers. Due to this, attackers can not rely on the collected data, and can not continue the attack.\r\n<span style=\"font-weight: bold;\">Unified centralized management system</span>\r\nXello Central Management - is the compliance with best international practices and the highest industry standards. Manage all baits / traps on protected hosts, without using an agent.<br />XCM automatically creates an optimized false surface for your network. XCM is involved in the creation, deployment and dynamic modification of decoys / traps, distributing them over the network without affecting the infrastructure in order to create the most effective level of protection.\r\nSingle management console\r\n\r\n<ul><li>Trap generation</li></ul>\r\n<ul><li>Host Distribution</li></ul>\r\n<ul><li>Incident monitoring</li></ul>\r\n<ul><li>Trap server management</li></ul>\r\n<ul><li>Flexible policy settings</li></ul>\r\n<br />Securing your corporate network made easy\r\nIn order to benefit from effective and reliable alerts, Xello offers traps designed specifically for your infrastructure that will not interrupt the work of your IT and information security teams. An effective Out-of-Box solution, automatic detection and instant AD analysis, instant creation of baits and an agentless way to distribute them ensure that there are no disruptions to users.\r\nAs your organization changes and evolves, Xello Deception will adapt to provide early detection of attacks. By placing lures in new places and updating them to adapt to changes, Xello Deception constantly monitors your network and adapts protection to provide tools that will evolve with your organization.<br /><br />Xello: lures and traps everywhere\r\nXello finds attackers using their strengths against them. Our solution creates a deception layer throughout your network, creating an environment in which attackers cannot rely on the information they collect. If hackers cannot collect reliable information, they cannot make the right decisions, which leads to their quick detection.<br /><br /><span style=\"font-weight: bold;\">Low False positive - a new level of SOC efficiency</span>\r\nSince the bait is not visible to ordinary users, the presence of false alerts tends to zero; Each notice of bait usage is a highly accurate sign of an attack.\r\nAlerts occur in real time only with the confirmed interaction of the attacker with the bait and, unlike other detection methods, are not dependent on signatures or behavioral analysis to detect an attack. Alerts are immediately sent to SIEM, which can be used to automate the blocking of an attacker and / or isolate infected hosts so that the company can completely eliminate the threat on the network. False alarms are eliminated, and high-precision alerts save valuable SOC time.<br /><br /><span style=\"font-weight: bold;\">Benefits:</span>\r\n<ul><li>Lack of agent on workstations and servers</li></ul>\r\n<ul><li>The first and only Russian solution of this class</li></ul>\r\n<ul><li>Does not allow attackers to distinguish real data from Traps and Decoys</li></ul>\r\n<ul><li>Increased attack detection with optimal placement of Trap</li></ul>\r\n<ul><li>Continuous network monitoring and adaptive protection</li></ul>\r\n<ul><li>Lack of service and disruption to the company</li></ul>\r\n<ul><li>Minimal impact on IT infrastructure</li></ul>\r\n<ul><li>Autonomous system without the use of other tools</li></ul>\r\n<ul><li>Distribution of Traps and Decoys with one click</li></ul>\r\n<ul><li>False positive tends to zero</li></ul>","shortDescription":"Xello Deception is the last line of defense","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":19,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Xello Deception","keywords":"","description":" Deception technology is the most effective way to detect APT attacks, as it uses attacking tactics against them. Using traps and decoys with a high level of interactivity, Deception deceives intruders by forcing them to reveal themselves, thereby closing thos","og:title":"Xello Deception","og:description":" Deception technology is the most effective way to detect APT attacks, as it uses attacking tactics against them. Using traps and decoys with a high level of interactivity, Deception deceives intruders by forcing them to reveal themselves, thereby closing thos","og:image":"https://old.roi4cio.com/fileadmin/content/logo_xello_deception.png"},"eventUrl":"","translationId":6053,"dealDetails":{"avgPartnerDiscount":40,"dealProtection":0,"avgDealSize":100000,"dealSizeCurrency":"","avgDealClosing":6},"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1650,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/illusive_networks.jpg","logo":true,"scheme":false,"title":"Illusive Networks Deception Platform","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"illusive-platform","companyTitle":"Illusive Networks","companyTypes":["supplier","vendor"],"companyId":4302,"companyAlias":"illusive-networks","description":"\r\n<p> </p>\r\n<p><strong>Stop Chasing Alerts. Start Catching Attackers!</strong></p>\r\n<p>Instead of restrictive controls around your assets, reactive data analytics and the churn of SOC burn-out, Illusive offers organizations concerned about post-breach attack detection a simple alternative to the status quo. Unlike tools that are ‘probabilistic’ in their identification of an incident that might be a threat, Illusive customers gain tactical advantage over cyber adversaries armed with ‘DETERMINISTIC’ notification and precise forensic proof of an attack in motion—saving costly time in defense of your organizations most valuable assets and mission-critical infrastructure.</p>\r\n<p><strong>Agentless, Adaptive, Easy to Deploy</strong><br />Built on agentless, intelligent automation that requires very little IT coordination, Illusive immediately shifts the advantage to your defenders—and frees them from the complicated, noisy, data-heavy approaches that burden them today.</p>\r\n<p>The Illusive Platform provides centralized management across even the largest and most distributed environments. Three modular components can work together or be operated separately to preempt, detect, and respond to cyberattacks.</p>\r\n<p><strong>Preempt:</strong> Illusive <em>Attack Surface Manager</em> finds and removes errant credentials, connections, and attack pathways to deter unauthorized lateral movement.</p>\r\n<p><strong>Detect:</strong> Illusive <em>Attack Detection System</em> forces attackers to reveal themselves early in the attack process by disorienting and manipulating their decision-making.</p>\r\n<p><strong>Respond:</strong> Illusive <em>Attack Intelligence System</em> enables rapid, effective response and remediation when attackers are present by providing contextual source and target forensics.</p>\r\n<p><strong>Flip cyber asymmetry from ‘probabilistic’ to ‘deterministic’</strong></p>\r\n<p>Illusive puts onus on the attacker, frustrating them once they land on an endpoint by starving them from the real data they expect and need. An environment poisoned with false, but authentic looking data paralyzes the attacker—the second they touch an Illusive deception, they reveal themselves, instantly triggering notification and forensic proof of an attack in motion versus the hope of validating one.</p>\r\n<p>Response shifts from days or weeks of alert analysis to minutes, detailed with source and target. No data parsing or ghost chasing is needed—thus flipping your cyber asymmetry and putting you on the attack.</p>\r\n<p> </p>\r\n<p> </p>\r\n","shortDescription":"lllusive's inescapable deception technology stops cyber-attacks by paralyzing attackers, destroying their decision making ability, and depriving them the means to move towards attack targets.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Illusive Networks Deception Platform","keywords":"","description":"\r\n<p> </p>\r\n<p><strong>Stop Chasing Alerts. Start Catching Attackers!</strong></p>\r\n<p>Instead of restrictive controls around your assets, reactive data analytics and the churn of SOC burn-out, Illusive offers organizations concerned about post-breach att","og:title":"Illusive Networks Deception Platform","og:description":"\r\n<p> </p>\r\n<p><strong>Stop Chasing Alerts. Start Catching Attackers!</strong></p>\r\n<p>Instead of restrictive controls around your assets, reactive data analytics and the churn of SOC burn-out, Illusive offers organizations concerned about post-breach att","og:image":"https://old.roi4cio.com/fileadmin/user_upload/illusive_networks.jpg"},"eventUrl":"","translationId":1651,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1653,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Acalvio.png","logo":true,"scheme":false,"title":"Acalvio Shadowplex","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"acalvio-shadowplex","companyTitle":"Acalvio","companyTypes":["supplier","vendor"],"companyId":4303,"companyAlias":"acalvio","description":"\r\nShadowPlex Autonomous Deception\r\n<ul> <li>Accurate Detection</li> <li>Timely Detection</li> <li>Cost-Effective Detection</li> </ul>\r\nShadowPlex is designed for Enterprise IT, IoT and ICS environments and based on patented innovations.\r\n\r\n<span style=\"font-weight: bold;\">Deception Farms</span>\r\n\r\nDeception-farms is a seminal innovation that delivers scale and adaptability. Sensors are placed in the network segments. All decoys are born and live in a centralized virtual server farm. They are projected onto the network, thus optimizing resource consumption and delivers flexibility.\r\n\r\n<span style=\"font-weight: bold;\">Fluid Deception</span>\r\n\r\nFluid Deception is a patented technology that achieves resource efficiency by just in time decoy creation, minimizing costs, maximizing effectiveness. No longer do you have to choose between emulation and full host decoys.\r\n\r\n<span style=\"font-weight: bold;\">Security Ecosystem Integrations</span>\r\n\r\nShadowPlex provides comprehensive API support allowing Deception campaigns to be orchestrated from other environments. This also facilitates integration with 3rd party security tools such as:\r\n<ul> <li>Threat Intelligence</li> <li>IT Change Management platforms</li> <li>SOAR (Security Orchestration and Response)</li> <li>SIEM</li> <li>Perimeter Defense</li> <li>NAC (Network Access Control)</li> <li>Vulnerability Managers</li> <li>SSO, Identity Management, Privileged User Management Systems</li> <li>EDR, End-point</li> </ul>","shortDescription":"ShadowPlex is an Autonomous, Enterprise-Scale Distributed Deception Platform (DDP)","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Acalvio Shadowplex","keywords":"","description":"\r\nShadowPlex Autonomous Deception\r\n<ul> <li>Accurate Detection</li> <li>Timely Detection</li> <li>Cost-Effective Detection</li> </ul>\r\nShadowPlex is designed for Enterprise IT, IoT and ICS environments and based on patented innovations.\r\n\r\n<span style=\"font-we","og:title":"Acalvio Shadowplex","og:description":"\r\nShadowPlex Autonomous Deception\r\n<ul> <li>Accurate Detection</li> <li>Timely Detection</li> <li>Cost-Effective Detection</li> </ul>\r\nShadowPlex is designed for Enterprise IT, IoT and ICS environments and based on patented innovations.\r\n\r\n<span style=\"font-we","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Acalvio.png"},"eventUrl":"","translationId":1653,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1654,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/FIDELIS.PNG","logo":true,"scheme":false,"title":"Fidelis Elevate","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"fidelis-elevate","companyTitle":"Fidelis Cybersecurity","companyTypes":["supplier","vendor"],"companyId":4312,"companyAlias":"fidelis","description":"\r\n<p>Fidelis Elevate™</p>\r\n<ul>\r\n<li>Automate Detection</li>\r\n<li>Automate Response</li>\r\n<li>Prevent Data Theft</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Elevate Security Operations</span></p>\r\n\r\n\r\n<p>Even with many prevention tools in place, organizations are still getting breached. That's why more organizations are shifting from a prevention-focused approach to a detection and response strategy. Fidelis Elevate is the only security operations platform that provides deep visibility, threat intelligence and context across complex environments to automate detection and response.</p>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">A Force Multiplier for Your Security Operations</span></p>\r\n\r\n\r\n<p>Fidelis Elevate™ integrates network visibility, data loss prevention, deception, and endpoint detection and response into one unified solution. Now your security team can focus on the most urgent threats and protect sensitive data rather than spending time validating and triaging thousands of alerts.</p>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Enhance Your Visibility and Detection </span><span style=\"font-weight: bold;\">Capabilities</span></p>\r\n\r\n\r\n<ul>\r\n<li>Enrich alerts with data and context from Fidelis Network®, Fidelis Endpoint®, and Fidelis Deception™ – all in a unified platform</li>\r\n<li>Combine threat intelligence, sandboxing, machine learning, deception, and Fidelis research</li>\r\n<li>Capture and store metadata for analysis and threat hunting</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Automate Response for Quick and Effective Resolution</span></p>\r\n<ul>\r\n<li>Draw conclusions with accuracy by automatically collapsing many alerts and events into a single view</li>\r\n<li>Automatically validate network alerts on the endpoint with certainty</li>\r\n<li>Raise the priority level when evidence is found of increased risk</li>\r\n<li>Automatically execute a response playbook to jumpstart your investigation with clarity</li>\r\n<li>Stop data leakage, command and control, and active attacks</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Ensure Best-of-Breed Breach Detection and Network DLP</span></p>\r\n\r\n\r\n<p>Fidelis Network® provides deep visibility – across sessions, packets, and content – and automatically validates, correlates, and consolidates network alerts against every endpoint in your network for fast response.</p>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Automate Endpoint Detection and Response</span></p>\r\n\r\n\r\n<p>Fidelis Endpoint® increases endpoint visibility, reduces response time from hours to minutes and enhances endpoint protection.</p>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Detect Post-Breach Attacks With an Active Deception Defense</span></p>\r\n\r\n\r\n<p>Fidelis Deception™ automatically profiles networks and assets to create deception layers that are as realistic as possible to detect post-breach attacks.</p>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Fidelis Network Module</span></p>\r\n\r\n\r\n<p>Leverage Curated Threat Intelligence for More Accurate Detection Fidelis Insight™ analyzes real-time and historical data, so you can rapidly detect and respond to threats in your environment, even when they happened in the past.</p>\r\n","shortDescription":"Fidelis Elevate is one unified platform ensures faster detection and automated response – providing accuracy, clarity and certainty for your cyber security team.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Fidelis Elevate","keywords":"","description":"\r\n<p>Fidelis Elevate™</p>\r\n<ul>\r\n<li>Automate Detection</li>\r\n<li>Automate Response</li>\r\n<li>Prevent Data Theft</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Elevate Security Operations</span></p>\r\n\r\n\r\n<p>Even with many prevention tools in place, org","og:title":"Fidelis Elevate","og:description":"\r\n<p>Fidelis Elevate™</p>\r\n<ul>\r\n<li>Automate Detection</li>\r\n<li>Automate Response</li>\r\n<li>Prevent Data Theft</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Elevate Security Operations</span></p>\r\n\r\n\r\n<p>Even with many prevention tools in place, org","og:image":"https://old.roi4cio.com/fileadmin/user_upload/FIDELIS.PNG"},"eventUrl":"","translationId":1655,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1656,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Smokescreen.png","logo":true,"scheme":false,"title":"IllusionBlack","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"illusionblack","companyTitle":"Smokescreen","companyTypes":["supplier","vendor"],"companyId":4313,"companyAlias":"smokescreen","description":"\r\n<p>Stop Advanced Cyber Threats With Deception Technology By deploying hundreds of unique deception tripwires, IllusionBLACK maximises attack detection through the kill-chain, even against stealthy, targeted campaigns that don’t involve malware. From targeted threat intelligence of an impending attack, to detecting lateral movement in every single subnet, Smokescreen’s deception technology helps turn the tables on apex attackers.</p>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Full Kill-Chain Coverage</span></p>\r\n\r\n\r\n<p>IllusionBLACK decoys detect pre-attack reconnaissance, spear-phishing attacks, privilege escalation, lateral movement and data-theft.</p>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Deep Network Visibility</span></p>\r\n\r\n\r\n<p>Instantly deploy 100's of individually unique, customisable traps across all your endpoints and in every single subnet of your network.</p>\r\n\r\n\r\n<p><span style=\"font-weight: bold;\">Attack Vector Agnostic</span></p>\r\n\r\n\r\n<p>Deception does not rely on static signatures or heuristics to identify attacks, so it stays effective no matter what the bad guys try tomorrow. IllusionBLACK detects threats no matter what they attack It has advanced 3rd generation deception features, including:</p>\r\n<ul>\r\n<li>MirageMaker™. Realistic auto-created decoy data fills deceptive assets with always unique, instantly changing content.</li>\r\n<li>ThreatParse™. Natural language attack reconstruction parses raw attack data into plain-English attack analysis.</li>\r\n<li>Automated triage. Agentless investigation of compromised endpoints to reduce root cause analysis time and capture volatile forensic information.</li>\r\n<li>WebDeflect™. Integrate deception into any web or mobile application to guard against business logic attacks.</li>\r\n<li>ThreatDeflect™. Redirect attacks to decoy cloud environments to keep attackers engaged while containment kicks in.</li>\r\n<li>Forensic preservation. All evidence recorded and preserved for further analysis in industry standard formats.</li>\r\n<li>Smart Integrations. Logic-driven automatic response and orchestration to execute response strategies at wire-speed.</li>\r\n<li>Hardened BSD UNIX base. Rock-solid security built for highly-targeted environments, coupled with BSD UNIX's legendary reliability.</li>\r\n<li>Threat intelligence export. Machine consumable through STIX, JSON and CSV, as well as integrations with other security infrastructure.</li>\r\n</ul>\r\n","shortDescription":"IllusionBLACK features rapid out-of-band deployment, no performance impact, enterprise scalability, and minimal false positives","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":18,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"IllusionBlack","keywords":"","description":"\r\n<p>Stop Advanced Cyber Threats With Deception Technology By deploying hundreds of unique deception tripwires, IllusionBLACK maximises attack detection through the kill-chain, even against stealthy, targeted campaigns that don’t involve malware. From ta","og:title":"IllusionBlack","og:description":"\r\n<p>Stop Advanced Cyber Threats With Deception Technology By deploying hundreds of unique deception tripwires, IllusionBLACK maximises attack detection through the kill-chain, even against stealthy, targeted campaigns that don’t involve malware. From ta","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Smokescreen.png"},"eventUrl":"","translationId":1657,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2196,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Ridgeback__logo_.png","logo":true,"scheme":false,"title":"Ridgeback Interactive Deception","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"ridgeback-interactive-deception","companyTitle":"Ridgeback","companyTypes":["vendor"],"companyId":4570,"companyAlias":"ridgeback","description":"<p>The Ridgeback Interactive Deception Platform is an enterprise security software platform that defeats malicious network invasion in real time. For any enterprise deploying Ridgeback's solutions, a network intrusion - malware propagation, an insider threats or a remotely directed exploits - encounters a network environment that appears to comprise, literally, billions of servers and other computing resources. The intant the intruder engages a phantom resource, Ridgeback provides options to eliminate or counter-engage the intruder.</p>\r\n<p style=\"padding-left: 30px;\">Ridgeback takes the fight to the enemy using Interactive Deception and causes the adversary to fruitlessly exhaust resources. This aggressive strategy results in the cost of attack outweighing the benefits of attack.</p>\r\n<p style=\"padding-left: 30px;\">Based on advanced Interactive Deception tecniques, Ridgeback makes a significant positive impact on the major gaps in cyber security that arise from reliance on perimeter defenses like FireWalls, \"after-the-fact\" analysis - oriented intrusion detection technologies, and externally dependent and vulnerable endpoint protection schemes.</p>\r\n<p style=\"padding-left: 30px;\">Ridgeback stands out in the market for two reasons - One for it's ability to act within milliseconds of a breached endpoint trying to make lateral movement, and secondly it's minimal impact on both cyber security and networking personnel from installation through operation and management. Numerous CEO's, CIOs and CISOs agree, there is no product on the market that accomplishes both.</p>","shortDescription":"Ridgeback Interactive Deception Platform influences adversary behavior, leading the adversary to engage in behaviors that reveal malicious intent.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":7,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Ridgeback Interactive Deception","keywords":"","description":"<p>The Ridgeback Interactive Deception Platform is an enterprise security software platform that defeats malicious network invasion in real time. For any enterprise deploying Ridgeback's solutions, a network intrusion - malware propagation, an insider threats ","og:title":"Ridgeback Interactive Deception","og:description":"<p>The Ridgeback Interactive Deception Platform is an enterprise security software platform that defeats malicious network invasion in real time. For any enterprise deploying Ridgeback's solutions, a network intrusion - malware propagation, an insider threats ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Ridgeback__logo_.png"},"eventUrl":"","translationId":2197,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2198,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/thinkst.png","logo":true,"scheme":false,"title":"Thinkst Canary","vendorVerified":1,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"thinkst-canary","companyTitle":"Thinkst Applied Research","companyTypes":["supplier","vendor"],"companyId":4571,"companyAlias":"thinkst-applied-research","description":"<p>Every year, hundreds of companies only find out that they have been compromised when they are notified by a 3rd party.</p>\r\n<p><span style=\"font-weight: bold;\">This is a stupid problem!</span></p>\r\n<p>Even companies that spend millions of dollars on their security have no idea if malicious insiders are trawling around where they shouldn't be.</p>\r\n<p><span style=\"font-weight: bold;\">This is a solvable problem.</span></p>\r\n<p>Skilful adversaries move laterally within compromised networks for days or months before locating and exfiltrating a companies crown jewels.</p>\r\n<p><span style=\"font-weight: bold;\">This is a hidden opportunity.</span></p>\r\n<p>Thinkst Canary changes this. Canary devices can be set up in under 5 minutes, even on complex networks, and emulate (down to its network signatures) a number of possible systems. Simply sprinkle canary devices around your network, configure your alert settings, and wait.</p>\r\n<p>Attackers moving laterally, malicious insiders and APT all reveal their presence by interacting with your canaries.</p>\r\n<p>Many security products promise the world, if you would just re-engineer your entire network or mold all your processes around them. These products demo well, but can usually be found months later, half configured and barely used.</p>\r\n<p><span style=\"font-weight: bold;\">Canaries install in under 5 minutes, and are 100% useful on installation.</span></p>","shortDescription":"Thinkst Canary is a system for alerting when bad stuff is happening on your network.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Thinkst Canary","keywords":"","description":"<p>Every year, hundreds of companies only find out that they have been compromised when they are notified by a 3rd party.</p>\r\n<p><span style=\"font-weight: bold;\">This is a stupid problem!</span></p>\r\n<p>Even companies that spend millions of dollars on t","og:title":"Thinkst Canary","og:description":"<p>Every year, hundreds of companies only find out that they have been compromised when they are notified by a 3rd party.</p>\r\n<p><span style=\"font-weight: bold;\">This is a stupid problem!</span></p>\r\n<p>Even companies that spend millions of dollars on t","og:image":"https://old.roi4cio.com/fileadmin/user_upload/thinkst.png"},"eventUrl":"","translationId":2199,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2200,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CounterCraft__logo_.jpg","logo":true,"scheme":false,"title":"CounterCraft Cyber Deception Platform","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"countercraft-cyber-deception-platform","companyTitle":"CounterCraft","companyTypes":["supplier"],"companyId":4572,"companyAlias":"countercraft","description":"<p>Cyber Deception Platform - detect targeted attacks with a real-time active response that automates counterintelligence campaigns.</p>\r\n<p>We have developed a distributed Deception Platform that protects large enterprises by fooling their adversaries with decoy computers, false data and fake identities.</p>\r\n<p>Our platform offers a new type of detection with trustworthy alerts and real-time active response. It is the first product to automate the design, deployment, monitoring and maintenance of counterintelligence campaigns across all your digital assets.</p>\r\n<p>Our solution works despite the technical complexity of the adversaries’ intrusion and provides a welcome relief from the constant technical race between the attacker and defender. CounterCraft automates counterintelligence, reducing the work burden and costs of creating deception.</p>\r\n<p><span style=\"font-weight: bold;\">BENEFITS:</span></p>\r\n<ol>\r\n<li>A new form of defence – CounterCraft's Cyber Deception Platform is a unique and innovative solution that adds protection to your organisation with a new strategic focus on counterintelligence.</li>\r\n<li>Improve both detection of complex and targeted attacks and the response to them. Boost the capabilities of your current systems with a cyber deception layer and enrichment from our API.</li>\r\n<li>Enhance the efficiency of your team. Leverage security analysts to design campaigns and let the platform handle the drudgery of deployment, orchestration and management.</li>\r\n<li>Easily communicate with board members and key management about the strategic merit of automated deception campaigns. Explain threats clearly, show evidence of attacks stopped, and highlight benefits to incident detection & management, using the reports and dashboards from the Deception Director.</li>\r\n<li>Focus on counterintelligence as a tactical solution. Not only can you detect and research your attackers once they have penetrated your systems but you can use deception operations (DecOps) to actively disrupt them in real-time and further protect your organisation.</li>\r\n</ol>","shortDescription":"Cyber Deception Platform - detect targeted attacks with a real-time active response that automates counterintelligence campaigns.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CounterCraft Cyber Deception Platform","keywords":"","description":"<p>Cyber Deception Platform - detect targeted attacks with a real-time active response that automates counterintelligence campaigns.</p>\r\n<p>We have developed a distributed Deception Platform that protects large enterprises by fooling their adversaries with de","og:title":"CounterCraft Cyber Deception Platform","og:description":"<p>Cyber Deception Platform - detect targeted attacks with a real-time active response that automates counterintelligence campaigns.</p>\r\n<p>We have developed a distributed Deception Platform that protects large enterprises by fooling their adversaries with de","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CounterCraft__logo_.jpg"},"eventUrl":"","translationId":2201,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2202,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/The-Achilles-logo.png","logo":true,"scheme":false,"title":"The Achilles Javelin","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"the-achilles-javelin","companyTitle":"The Achilles","companyTypes":["vendor"],"companyId":4573,"companyAlias":"the-achilles","description":"<p>World's 1st Intrusion Containment Platform for Domain Networks.</p>\r\n<p>Eliminate breaches by protecting Active Directory, Domain Controllers, Domain Identities, Domain Credentials, and all Domain resources.</p>\r\n<p>90% of all corporations around the world, including governments and military entities, are using Domain Networks to manage their users, applications, and computers.</p>\r\n<p>The Domain Network is a unique form of network, one in which all of the computers, servers, and applications are connected. The industry is heavily focused on protecting these resources individually without realizing the security consequences of connecting them to a Domain environment. When a PC or server is connected to a Domain environment, it's exposed to all domain resources by design. It only takes one compromised machine to jeopardize the entire organization.</p>\r\n<p>In an environment where everything is connected, the rules of attack, as well as detection and response, are unique and different. Attackers know this, but most defenders do not. <span style=\"font-weight: bold;\">We are here to change that.</span></p>\r\n<p><span style=\"font-weight: bold;\">Solution Components</span></p>\r\n<p>Using a proprietary Memory Dissolvable Footprint, we turn the AD into an intrusion-detection and response platform with 99.34% probability of detecting an intruder within his first move while also responding to the malicious process in real-time at the endpoint.</p>\r\n<p><span style=\"font-weight: bold;\">AD Assess</span></p>\r\n<ul>\r\n<li>Continuously find backdoors and hooks attackers leave behind in your Domain.</li>\r\n<li>Identify and reduce risk affecting the Security posture of the most critical IT asset.</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">AD Protect</span></p>\r\n<ul>\r\n<li>Control the attacker’s perspective at the endpoint and server</li>\r\n<li>Detect attackers at the point of breach</li>\r\n<li>Autonomous investigation at the point of breach</li>\r\n<li>Stop and mitigate attackers at the point of breach</li>\r\n<li>Reveal Dark Corners the attacker favors</li>\r\n</ul>\r\n<p><span style=\"font-weight: bold;\">Javelin - Key outcomes</span></p>\r\n<ul>\r\n<li>Control the Attacker’s Perception</li>\r\n<li>Real-Time APT Detection</li>\r\n<li>Automated Investigation</li>\r\n<li>Real-Time Breach Containment</li>\r\n<li>Threat Hunting with IOCs</li>\r\n</ul>","shortDescription":"Javelin is world's 1st Intrusion Containment Platform for Domain Networks that eliminates breaches by protecting Active Directory, Domain controllers, identities, Credentials, and all it's resources.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"The Achilles Javelin","keywords":"","description":"<p>World's 1st Intrusion Containment Platform for Domain Networks.</p>\r\n<p>Eliminate breaches by protecting Active Directory, Domain Controllers, Domain Identities, Domain Credentials, and all Domain resources.</p>\r\n<p>90% of all corporations around the world,","og:title":"The Achilles Javelin","og:description":"<p>World's 1st Intrusion Containment Platform for Domain Networks.</p>\r\n<p>Eliminate breaches by protecting Active Directory, Domain Controllers, Domain Identities, Domain Credentials, and all Domain resources.</p>\r\n<p>90% of all corporations around the world,","og:image":"https://old.roi4cio.com/fileadmin/user_upload/The-Achilles-logo.png"},"eventUrl":"","translationId":2203,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":319,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/TrapX_DeceptionGrid_platform.png","logo":true,"scheme":false,"title":"TrapX DeceptionGrid platform from SOFTPROM","vendorVerified":0,"rating":"2.40","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":2,"alias":"trapx-deceptiongrid-platform-from-softprom","companyTitle":"TrapX","companyTypes":["supplier","vendor"],"companyId":3890,"companyAlias":"trapx","description":"<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">The TrapX DeceptionGrid platform protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">The Deception Product of Choice</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">DeceptionGrid’s depth and breadth of deception capability is unmatched. Our powerful architecture presents the deception attack surfaces that best match attacker activity. Learn more below.</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Console with Attack Visualization</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">New expanded visualization enables the security operations team to rapidly understand the activities of the attacker over time, from the originating intrusion to the assets they are engaging with, to the final containment.</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Attacker ID</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">New attack identification automatically determines if an attack is being conducted by a human attacker, or automated attack tools, giving security teams a better understanding of the attack and subsequent containment methods.</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Automated Provisioning</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\"> Automated Provision of Deception Components. DeceptionGrid scans your existing network and provisions hundreds-to-thousands of deception components including Tokens (lures) and Traps (decoys).</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Deception Tokens</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">Deception Tokens (lures) appear as ordinary files, scripts and databases, are embedded within real IT assets to bait and divert attackers.</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Active Traps</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">New active traps functionality creates a stream of false network traffic between deployed traps to confuse and divert attackers that monitor the network traffic.</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Emulated Traps</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Medium Interaction Emulated Traps</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">Our patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and more.</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Industry Templates</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">The patented medium interaction traps now include expanded templates for specialized devices based on industries. These templates include, ATM’s and SWIFT assets for financial services, or Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more, allowing customers to determine if attackers are targeting specialized devices that are often vulnerable to attack.</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">FullOS Traps</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">High Interaction (Full Operating System) Traps</span>\r\n<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">DeceptionGrid enables the provision of full operating system (fullOS) traps. Our medium interaction traps automatically extend engaged attackers through our smart deception to our fullOS decoys for the deepest attacker diversion and engagement. FullOS traps also enable customers to clone existing assets – you can completely replicate actual production servers to further deceive attackers.</span>\r\n","shortDescription":"The TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement, Advanced Persistent Threats (APTs) and sophisticated cybercriminals","type":null,"isRoiCalculatorAvaliable":true,"isConfiguratorAvaliable":true,"bonus":100,"usingCount":10,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","keywords":"from, TrapX, DeceptionGrid, breach, attack, platform, intelligence, remediation, protects, assets, malicious insiders, lateral-movement, Advanced Persistent Threats (APTs), sophisticated cybercriminals, Console, Attack Visualization, security operations team, intrusion, Attacker ID, attack identification, human attacker, automated attack tools, security teams, Automated Provisioning, Deception Tokens, Active Traps, Emulated Traps, Medium Interaction Emulated Traps, FullOS Traps, High Interaction (Full Operating System) Traps","description":"<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">The TrapX DeceptionGrid platform protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.</span>\r\n<span style=\"c","og:title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","og:description":"<span style=\"color: #000000; font-family: Verdana, sans-serif; font-size: 12px;\">The TrapX DeceptionGrid platform protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.</span>\r\n<span style=\"c","og:image":"https://old.roi4cio.com/fileadmin/user_upload/TrapX_DeceptionGrid_platform.png"},"eventUrl":"","translationId":320,"dealDetails":{"avgPartnerDiscount":30,"dealProtection":1,"avgDealSize":30000,"dealSizeCurrency":"","avgDealClosing":3},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"It is required to transfer the customer data to the vendor in order to receive a testing version for 30 days","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1724,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/TrapX_DeceptionGrid_platform.png","logo":true,"scheme":false,"title":"TrapX DeceptionGrid platform","vendorVerified":0,"rating":"3.30","implementationsCount":5,"suppliersCount":0,"supplierPartnersCount":2,"alias":"trapx-deceptiongrid-platform","companyTitle":"TrapX","companyTypes":["supplier","vendor"],"companyId":3890,"companyAlias":"trapx","description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defeat Advanced Cyber Attackers. </b>\r\nDeceptionGrid, named the Best Deception Technology of 2018, deploys a shifting minefield of Traps (decoys) and Deception Tokens (lures) that appear identical to your real IT & IoT assets that no attacker can avoid.\r\n<b>Actionable Intelligence </b>\r\nJust one touch of a Trap by an attacker sets off a high-confidence alert. DeceptionGrid integrates with key elements of the network and security ecosystem to contain attacks and enable a return to normal operations.\r\n<b>The Deception Product of Choice </b>\r\nDeceptionGrid analyzes your network and automatically provisions hundreds-to-thousands of Traps and Lures. Each Trap is tailor-made to be identical to your native environment. Attackers can never tell what’s real and what’s fake because each Trap is designed to look and behave exactly like your real assets. In addition, Traps can also be camouflaged as any specialized IoT and OT devices.\r\n<b>Gain Access to a Powerful Community </b>\r\nFor the first time, defenders can collaborate and share deceptive counter-measures with each other. The DeceptionNet Community enables cyber-security teams to deceive cyber attackers by sharing deception strategies, new types of Traps, third-party connectors, best practices and more.\r\n<b>Deception Tokens </b>\r\nDeception Tokens (lures) appear as ordinary files, scripts and configurations, are embedded within real IT assets to bait and divert attackers away from real high value assets and into the traps.\r\n<b>Active Traps </b>\r\nActive Traps create a stream of false network traffic between deployed Traps to confuse and divert attackers that monitor the network traffic.\r\n<b><ins>Emulated Traps </ins></b>\r\n<b>Medium Interaction Emulated Traps </b>\r\nOur patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and Traps tailor-made to your organization’s native environment. After a Trap is interacted with and the cyber-attack is thwarted, the Trap will change its shape and location, so the attacker will never learn if something is a Trap or a real asset.\r\n<b>Hundreds of New Industry Templates </b>\r\nThe DeceptionNet Community now offers hundreds of new industry templates (updated regularly) that are available for your use. In addition, our patented medium interaction traps also include expanded templates for specialized devices based on specific industries. These templates include, ATM and SWIFT assets for financial services, Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more. This allows you to determine if attackers are targeting your specialized devices that are often vulnerable to attack.\r\n<b><ins>FullOS Traps </ins></b>\r\n<b>High Interaction (Full Operating System) Traps </b>\r\nDeceptionGrid enables the provision of full operating system (FullOS) Traps. Our medium interaction Traps automatically extend engaged attackers through our smart deception to our FullOS Traps for the deepest attacker diversion and engagement. FullOS Traps also enable you to clone existing assets – you can completely replicate actual production servers to further deceive attackers.","shortDescription":"The TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement, Advanced Persistent Threats (APTs) and sophisticated cybercriminals","type":null,"isRoiCalculatorAvaliable":true,"isConfiguratorAvaliable":true,"bonus":100,"usingCount":10,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","keywords":"from, TrapX, DeceptionGrid, breach, attack, platform, intelligence, remediation, protects, assets, malicious insiders, lateral-movement, Advanced Persistent Threats (APTs), sophisticated cybercriminals, Console, Attack Visualization, security operations team, intrusion, Attacker ID, attack identification, human attacker, automated attack tools, security teams, Automated Provisioning, Deception Tokens, Active Traps, Emulated Traps, Medium Interaction Emulated Traps, FullOS Traps, High Interaction (Full Operating System) Traps","description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe","og:title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","og:description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe","og:image":"https://old.roi4cio.com/fileadmin/user_upload/TrapX_DeceptionGrid_platform.png"},"eventUrl":"","translationId":1723,"dealDetails":{"avgPartnerDiscount":30,"dealProtection":1,"avgDealSize":30000,"dealSizeCurrency":"","avgDealClosing":3},"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":28,"title":"Deception Techniques and Honeypots"}],"testingArea":"It is required to transfer the customer data to the vendor in order to receive a testing version for 30 days","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":["Risk or Leaks of confidential information","Risk of attacks by hackers","Risk of data loss or damage","Risk of lost access to data and IT systems"],"materials":[],"useCases":[],"best_practices":[],"values":["Reduce Costs","Ensure Security and Business Continuity"],"implementations":[],"presenterCodeLng":"","productImplementations":[]}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{"28":{"id":28,"title":"Deception Techniques and Honeypots"}},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}