{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"product":{"reference-bonus":{"ru":"Предложить бонус за референс","_type":"localeString","en":"Offer a reference bonus"},"configurator":{"ru":"Конфигуратор","_type":"localeString","en":"Сonfigurator"},"i-sell-it":{"_type":"localeString","en":"I sell it","ru":"I sell it"},"i-use-it":{"ru":"I use it","_type":"localeString","en":"I use it"},"roi-calculator":{"ru":"ROI-калькулятор","_type":"localeString","en":"ROI-calculator"},"selling":{"ru":"Продают","_type":"localeString","en":"Selling"},"using":{"ru":"Используют","_type":"localeString","en":"Using"},"show-more-button":{"_type":"localeString","en":"Show more","ru":"Показать еще"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"supplier-popover":{"_type":"localeString","en":"supplier","ru":"поставщик"},"implementation-popover":{"ru":"внедрение","_type":"localeString","en":"deployment"},"manufacturer-popover":{"ru":"производитель","_type":"localeString","en":"manufacturer"},"short-description":{"_type":"localeString","en":"Pitch","ru":"Краткое описание"},"i-use-it-popover":{"_type":"localeString","en":"Make your introduction and get a bonus from ROI4CIO or the supplier.","ru":"Внесите свое внедрение и получите бонус от ROI4CIO или поставщика."},"details":{"_type":"localeString","en":"Details","ru":"Детальнее"},"description":{"_type":"localeString","en":"Description","ru":"Описание"},"product-features":{"_type":"localeString","en":"Product features","ru":"Особенности продукта"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"solutions":{"ru":"Проблемы которые решает","_type":"localeString","en":" Problems that solves"},"values":{"_type":"localeString","en":"Values","ru":"Ценности"},"сomparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"testing":{"ru":"Тестирование","_type":"localeString","en":"Testing"},"compare":{"ru":"Сравнить с конкурентами","_type":"localeString","en":"Compare with competitors"},"characteristics":{"_type":"localeString","en":" Characteristics","ru":"Характеристики"},"transaction-features":{"_type":"localeString","en":"Transaction Features","ru":"Особенности сделки"},"average-discount":{"ru":"Средняя скидка партнера","_type":"localeString","en":"Partner average discount"},"deal-protection":{"ru":"Защита сделки","_type":"localeString","en":"Deal protection"},"average-deal":{"_type":"localeString","en":"Average deal size","ru":"Средний размер сделки"},"average-time":{"en":"Average deal closing time","ru":"Средний срок закрытия сделки","_type":"localeString"},"login":{"ru":"Войти","_type":"localeString","en":"Login"},"register":{"ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"to-know-more":{"ru":"Чтобы узнать больше","_type":"localeString","en":"To know more"},"scheme":{"ru":"Схема работы","_type":"localeString","en":" Scheme of work"},"competitive-products":{"_type":"localeString","en":" Competitive products","ru":"Конкурентные продукты"},"implementations-with-product":{"ru":"Внедрения с этим продуктом","_type":"localeString","en":"Deployments with this product"},"user-features":{"ru":"Особенности пользователей","_type":"localeString","en":"User features"},"job-roles":{"ru":"Роли заинтересованных сотрудников","_type":"localeString","en":" Roles of Interested Employees"},"organizational-features":{"ru":"Организационные особенности","_type":"localeString","en":"Organizational Features"},"calculate-price":{"_type":"localeString","en":" Calculate product price","ru":"Рассчитать цену продукта"},"selling-stories":{"_type":"localeString","en":" Selling stories","ru":"Продающие истории"},"materials":{"ru":"Материалы","_type":"localeString","en":"Materials"},"about-product":{"_type":"localeString","en":"About Product","ru":"О продукте"},"or":{"ru":"или","_type":"localeString","en":"or"},"program-sends-data":{"_type":"localeString","en":"Program Sends Data"},"calculate-roi":{"ru":"Рассчитать ROI продукта","_type":"localeString","en":"Calculate Product ROI"},"complementary-categories":{"_type":"localeString","en":"Complementary Categories","ru":"Схожие категории"},"program-receives-data":{"en":"Program Receives Data","_type":"localeString"},"rebate":{"_type":"localeString","en":"Bonus","ru":"Бонус"},"rebate-for-poc":{"ru":"Бонус 4 POC","_type":"localeString","en":"Bonus 4 POC"},"configurator-content":{"ru":"Рассчитайте стоимость продукта","_type":"localeString","en":"Calculate price for this product here"},"configurator-link":{"ru":"тут","_type":"localeString","en":"here"},"vendor-popover":{"ru":"производитель","_type":"localeString","en":"vendor"},"user-popover":{"ru":"пользователь","_type":"localeString","en":"user"},"select-for-presentation":{"ru":"выбрать продукт для презентации","_type":"localeString","en":"select product for presentation"},"auth-message":{"_type":"localeString","en":"You have to register or login.","ru":"Вам нужно зарегистрироваться или войти."},"add-to-comparison":{"_type":"localeString","en":"Add to comparison","ru":"Добавить в сравнение"},"added-to-comparison":{"en":"Added to comparison","ru":"Добавлено в сравнения","_type":"localeString"},"roi-calculator-content":{"en":"Calculate ROI for this product here","ru":"Рассчитайте ROI для данного продукта","_type":"localeString"},"not-yet-converted":{"_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время."},"videos":{"en":"Videos","ru":"Видео","_type":"localeString"},"vendor-verified":{"_type":"localeString","en":"Vendor verified","ru":"Подтверждено производителем"},"event-schedule":{"_type":"localeString","en":"Events schedule","ru":"Расписание событий"},"scheduling-tip":{"ru":"Выберите удобную дату и время и зарегистрируйтесь на ивент.","_type":"localeString","en":"Please, сhoose a convenient date and time and register for the event."},"register-to-schedule":{"_type":"localeString","en":"To register for the event please log in or register on the site.","ru":"Для того чтобы зарегистрироваться на ивент пожалуйста авторизируйтесь или зарегистрируйтесь на сайт."},"comparison-matrix":{"_type":"localeString","en":"Comparison matrix","ru":"Матрица сравнений"},"compare-with-competitive":{"_type":"localeString","en":" Compare with competitive","ru":"Сравнить с конкурентными"},"avg-deal-closing-unit":{"ru":"месяцев","_type":"localeString","en":"months"},"under-construction":{"ru":"Данная услуга всё ещё находится в разработке.","_type":"localeString","en":"Current feature is still developing to become even more useful for you."},"product-presentation":{"en":"Product presentation","ru":"Презентация продукта","_type":"localeString"},"go-to-comparison-table":{"_type":"localeString","en":" Go to comparison table","ru":"Перейти к таблице сравнения"},"see-product-details":{"en":"See Details","ru":"Детали","_type":"localeString"}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"_type":"localeString","en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает"},"login":{"de":"Einloggen","ru":"Вход","_type":"localeString","en":"Log in"},"logout":{"en":"Sign out","ru":"Выйти","_type":"localeString"},"faq":{"_type":"localeString","en":"FAQ","de":"FAQ","ru":"FAQ"},"references":{"ru":"Мои запросы","_type":"localeString","en":"Requests","de":"References"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"en":"Comparison Matrix","ru":"Матрица сравнения","_type":"localeString"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"_type":"localeString","en":"Bonus for reference","ru":"Бонус за референс"},"business-booster":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"catalogs":{"en":"Catalogs","ru":"Каталоги","_type":"localeString"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"en":"Blog","ru":"Блог","_type":"localeString"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"_type":"localeString","en":"My account","ru":"Мой кабинет"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"_type":"localeString","en":"Deletion","ru":"Удаление"},"comparison-confirm":{"en":"Are you sure you want to delete","ru":"Подтвердите удаление","_type":"localeString"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"en":"My profile","ru":"Мои данные","_type":"localeString"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"en":"Create an avatar for the event","_type":"localeString"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"en":"Learn implementation reviews","_type":"localeString"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"en":"IT catalogs","_type":"localeString"}},"footer":{"copyright":{"en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString"},"company":{"de":"Über die Firma","ru":"О компании","_type":"localeString","en":"My Company"},"about":{"ru":"О нас","_type":"localeString","en":"About us","de":"Über uns"},"infocenter":{"en":"Infocenter","de":"Infocenter","ru":"Инфоцентр","_type":"localeString"},"tariffs":{"ru":"Тарифы","_type":"localeString","en":"Subscriptions","de":"Tarife"},"contact":{"_type":"localeString","en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами"},"marketplace":{"ru":"Marketplace","_type":"localeString","en":"Marketplace","de":"Marketplace"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost","de":"Kosten berechnen"},"get_bonus":{"en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference"},"our_social":{"_type":"localeString","en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети"},"subscribe":{"de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter"},"subscribe_info":{"en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString"},"policy":{"en":"Privacy Policy","ru":"Политика конфиденциальности","_type":"localeString"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"en":"Business boosting","ru":"Развитие бизнеса","_type":"localeString"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"ru":"блог","_type":"localeString","en":"blog"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"ru":"категории","_type":"localeString","en":"categories"},"showForm":{"_type":"localeString","en":"Show form","ru":"Показать форму"},"subscribe__title":{"_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!"},"subscribe__email-label":{"_type":"localeString","en":"Email","ru":"Email"},"subscribe__name-label":{"_type":"localeString","en":"Name","ru":"Имя"},"subscribe__required-message":{"_type":"localeString","en":"This field is required","ru":"Это поле обязательное"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"en":"Please, enter the valid email","ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString","en":"Subscription is unsuccessful. Please, try again later."},"roi4presenter":{"ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter","de":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"_type":"localeString","en":"Home","ru":"Главная"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"registration":{"_type":"localeString","en":"Registration","ru":"Регистрация"},"b2b-platform":{"en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString"}},"comment-form":{"title":{"en":"Leave comment","ru":"Оставить комментарий","_type":"localeString"},"firstname":{"ru":"Имя","_type":"localeString","en":"First name"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"en":"Actual cost","ru":"Фактическая стоимость","_type":"localeString"},"received-roi":{"_type":"localeString","en":"Received ROI","ru":"Полученный ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"en":"Comment","ru":"Комментарий","_type":"localeString"},"your-rate":{"_type":"localeString","en":"Your rate","ru":"Ваша оценка"},"i-agree":{"_type":"localeString","en":"I agree","ru":"Я согласен"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}}},"translationsStatus":{"product":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"product":{"translatable_meta":[{"name":"og:title","translations":{"ru":"Конкретный продукт","_type":"localeString","en":"Example product"}},{"name":"og:description","translations":{"ru":"Описание для конкретного продукта","_type":"localeString","en":"Description for one product"}},{"translations":{"en":"Product","ru":"Продукт","_type":"localeString"},"name":"title"},{"translations":{"ru":"Описание продукта","_type":"localeString","en":"Product description"},"name":"description"},{"name":"keywords","translations":{"ru":"Ключевые слова продукта","_type":"localeString","en":"Product keywords"}}],"title":{"_type":"localeString","en":"ROI4CIO: Product","ru":"ROI4CIO: Продукт"},"meta":[{"content":"website","name":"og:type"},{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"}]}},"pageMetaDataStatus":{"product":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{"status-identity":{"id":6437,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Status_Identity.png","logo":true,"scheme":false,"title":"Status Identity","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"status-identity","companyTitle":"Status Identity","companyTypes":["supplier","vendor"],"companyId":7040,"companyAlias":"status-identity","description":"<b>Device insight</b>\r\nStatus Identity leverages the array of sensors within mobile devices, along with application logs to authoritatively identify devices. Changes related to device connectivity, operating system, device ID and others are instantly identified and used to prevent unauthorized devices. \r\n<b>Use behavior and risk analytics</b>\r\nBy applying machine learning algorithms to user behavior analysis and device data, Status Identity creates organizational insight that is unavailable through SIEM tools or Access Governance Platforms. Not only does this approach allow for continuous authentication, it works passively in the background to provide a truly frictionless solution. \r\n<b>Open API</b>\r\nOur flexible APIs can be embedded into existing enterprise access controls to enhance organizational insight and strengthen remediation. With robust reporting capabilities Status Identity’s solution augments SOC resources by automatically stitching hundreds of anomalies observed across multiple entities, users, devices and applications. This allows organizations to implement a holistic and cohesive security strategy. \r\n<b>Benefits:</b>\r\n<ul> <li>Powerful insights with machine learning and behavioral biometrics</li> <li>A truly friction-less user experience</li> <li>Open API for enterprise integrations</li> </ul>","shortDescription":"Authenticate Autonomously. Preserve Privacy\r\n","type":"Software","isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Status Identity","keywords":"","description":"<b>Device insight</b>\r\nStatus Identity leverages the array of sensors within mobile devices, along with application logs to authoritatively identify devices. Changes related to device connectivity, operating system, device ID and others are instantly identifie","og:title":"Status Identity","og:description":"<b>Device insight</b>\r\nStatus Identity leverages the array of sensors within mobile devices, along with application logs to authoritatively identify devices. Changes related to device connectivity, operating system, device ID and others are instantly identifie","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Status_Identity.png"},"eventUrl":"","translationId":6437,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"},{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[{"id":6147,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Randori.jpg","logo":true,"scheme":false,"title":"Randori Recon","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"randori-recon","companyTitle":"Randori","companyTypes":["vendor"],"companyId":8873,"companyAlias":"randori","description":"<p class=\"align-center\"><b>Gain An Attacker’s Perspective </b></p>\r\nIn order to know where attackers will strike, you first need to know how they view your attack surface. With business changes, cloud migration, shadow IT, and M&A, your perimeter is constantly changing. Often escaping vulnerability scans and yearly assessments, these changes represent windows of opportunities for attackers looking to bypass your defenses. Discover them with Randori Recon. Just like real threat actors, Randori continuously profiles your external attack surface, looking for unexpected changes. Customers use this view to uncover blind spots, misconfigurations, and process failures they otherwise would have missed. This continuous view is built using a black box approach. No installation or setup is required. \r\n<ul> <li>Discover Your Unknowns. View your perimeter like an attacker to expose misconfigurations and process failures. No installation required. </li> <li>Prioritize Your Findings. Find your top targets—where an attacker will strike first. Patent-pending Target Temptation model built on hacker logic. </li> <li>Reduce Your Attack Surface. Stay a step ahead of shadow IT and new business projects. Alerts inform you of new risk as it appears. </li> </ul>","shortDescription":"Security Begins With Knowing What to Protect \r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Randori Recon","keywords":"","description":"<p class=\"align-center\"><b>Gain An Attacker’s Perspective </b></p>\r\nIn order to know where attackers will strike, you first need to know how they view your attack surface. With business changes, cloud migration, shadow IT, and M&A, your perimeter is constantly","og:title":"Randori Recon","og:description":"<p class=\"align-center\"><b>Gain An Attacker’s Perspective </b></p>\r\nIn order to know where attackers will strike, you first need to know how they view your attack surface. With business changes, cloud migration, shadow IT, and M&A, your perimeter is constantly","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Randori.jpg"},"eventUrl":"","translationId":6146,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6157,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Red_Canary_MDR.png","logo":true,"scheme":false,"title":"Red Canary MDR","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"red-canary-mdr","companyTitle":"Red Canary","companyTypes":["supplier","vendor"],"companyId":5920,"companyAlias":"red-canary","description":"Shut down threats that bypass your preventative controls—without hiring a small army. Red Canary delivers world-class detection and response at a fraction of the cost of building the capability in-house. \r\n<ul> <li>Endpoint Telemetry. Red Canary analyzes your endpoint telemetry using our cloud-based detection engine composed of thousands of behavioral analytic use cases. </li> <li>Evolving Detection. Our team of experts maintains industry-leading detection coverage for attacker techniques and investigates every potential threat via our proprietary analyst workbench. </li> <li>Investigation & Automation. We only alert you to confirmed threats. A detailed threat report is posted in your Red Canary Portal where you can customize automated response actions. </li> <li>Your Security Ally. We take our role as your ally seriously. We’re on-call for security consulting and IR support whenever you need us. </li> </ul>\r\n<b>Outmaneuver evolving threats </b>\r\nRed Canary leverages proprietary detection, analytics, and automation technology with an in-house team of expert security analysts to continuously adapt and expand detection coverage. When a new threat is observed in a customer environment or in our lab, we immediately incorporate new threat intelligence to instantly enhance protection for our entire community. And it’s all mapped back to ATT&CK to speed communication and understanding.\r\n<b>Comprehensive protection in minutes </b>\r\nRed Canary rapidly deploys best-in-class detection and response technology and services, enabling you to benefit from the speed and simplicity that comes with cloud-based delivery. If you already have an EDR solution, we seamlessly integrate with your existing deployment. Within minutes of starting with Red Canary, you are covered.\r\n<b>Focus on real threats </b>\r\nRed Canary’s CIRT gives you a team of highly trained threat detection and incident response experts providing constant watch over your environment, performing full investigation potential threats around the clock. With 99.99% confirmed threat accuracy and full-context reports that arm you with the answers you need to take immediate action, Red Canary empowers your team to focus on meaningful security activities instead of chasing false positives and low risk alarms.\r\n<b>Eliminate threats while you sleep </b>\r\nRed Canary is the only MDR solution with its own fully integrated incident response automation as a service product. Red Canary Act drives out delays in incident response processes, significantly lowering mean time to resolution and shrinking attacker dwell times. A few clicks is all it takes to implement incident response playbooks and stop attackers where they stand.","shortDescription":"Detect. Investigate. Remediate. 24/7","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Red Canary MDR","keywords":"","description":"Shut down threats that bypass your preventative controls—without hiring a small army. Red Canary delivers world-class detection and response at a fraction of the cost of building the capability in-house. \r\n<ul> <li>Endpoint Telemetry. Red Canary analyzes your ","og:title":"Red Canary MDR","og:description":"Shut down threats that bypass your preventative controls—without hiring a small army. Red Canary delivers world-class detection and response at a fraction of the cost of building the capability in-house. \r\n<ul> <li>Endpoint Telemetry. Red Canary analyzes your ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Red_Canary_MDR.png"},"eventUrl":"","translationId":6156,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).&nbsp; The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6413,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Specops_Software.jpg","logo":true,"scheme":false,"title":"Specops Software Key Recovery","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"specops-software-key-recovery","companyTitle":"Specops Software","companyTypes":["vendor"],"companyId":8968,"companyAlias":"specops-software","description":"Specops Key Recovery is a self-service solution for unlocking computers encrypted by BitLocker and Symantec Endpoint Encryption. A user who is locked out at the pre-boot authentication screen can use Specops Key Recovery to unlock their computer, without calling the helpdesk. For added security, users are verified with multi-factor authentication before receiving a recovery key. The solution supports a number of authentication factors, including Symantec VIP and Mobile Code. \r\n<b>Self-service for BitLocker </b>\r\nBitLocker lockouts can be caused by hardware changes or occur when working remotely. When a lockout is triggered, the user must call the helpdesk for a recovery password, and use it to unlock their computer. To verify the user, the helpdesk will commonly use security questions, which are prone to social engineering. Specops Key Recovery reduces calls to the helpdesk, and increases security. The solution verifies users with multi-factor authentication so they can receive a recovery key. \r\n<b>Self-service for Symantec Endpoint Encryption </b>\r\nSymantec Endpoint Encryption lockouts occur when a user forgets their password or changes their password while working remotely. If the user has forgotten the old password they will need to contact the helpdesk for a recovery key every time they restart their computer. When combined with our self-service password reset solution, Specops Key Recovery can update the cached credentials, triggering a re-encryption with the new password. This will allow the user to authenticate with their new password, even if they are outside the corporate network. \r\n<b>MFA with pre-enrollment </b>\r\nWith Specops Key Recovery administrators can enroll users for multi-factor authentication without requiring users to do this themselves. This is possible with identity services that have identifier information stored in Active Directory, such as Symantec VIP, Mobile Code, and Manager Identification. The enrollment information can also be used for self-service password reset, allowing users to manage their passwords in a secure way. ","shortDescription":"Flexible Security For Your Peace of Mind\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Specops Software Key Recovery","keywords":"","description":"Specops Key Recovery is a self-service solution for unlocking computers encrypted by BitLocker and Symantec Endpoint Encryption. A user who is locked out at the pre-boot authentication screen can use Specops Key Recovery to unlock their computer, without calli","og:title":"Specops Software Key Recovery","og:description":"Specops Key Recovery is a self-service solution for unlocking computers encrypted by BitLocker and Symantec Endpoint Encryption. A user who is locked out at the pre-boot authentication screen can use Specops Key Recovery to unlock their computer, without calli","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Specops_Software.jpg"},"eventUrl":"","translationId":6413,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3854,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/preempt.png","logo":true,"scheme":false,"title":"Preempt Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"preempt-platform","companyTitle":"Preempt Security","companyTypes":["vendor"],"companyId":5533,"companyAlias":"preempt-security","description":"<b>Preempt</b> empowers organizations to easily reduce user risk on their attack surface and preempt threats in real time with Conditional Access. Our patented technology continuously analyzes, adapts and responds to threats based on identity, behavior and risk to auto-resolve insider threats and targeted attacks.\r\n<b>Identity and Risk Insights</b>\r\nPreempt provides a continuous health and risk assessment revealing password problems, privileged access, stale accounts, stealthy admins, Active Directory (AD) configuration issues and more. Actionable insights allow your security team to easily reduce risk and your attack surface making it easier to pass your next audit.\r\n<b><i>Understand Identity Everywhere</i></b>\r\n<b>Continuously discover all users</b>\r\n<ul> <li>Privilege Users </li> <li>Stealthy Admins </li> <li>Stale Accounts </li> <li>Employees </li> <li>Service Accounts </li> </ul>\r\n<b>Identify Vulnerabilities</b>\r\n<ul> <li>Weak Passwords </li> <li>NTLM Hashes </li> <li>Inactive Accounts </li> <li>Vulnerable OS </li> <li>Users or Admins with SPN’s </li> </ul>\r\n<b>Identity Health Actions</b>\r\n<ul> <li>Reset Password </li> <li>Demote User </li> <li>Isolate User </li> <li>Disable User or Accounts </li> <li>And more </li> </ul>\r\n<b>Detect Threats in Real-time </b>\r\nCredential based attacks continue to be the number one way organizations are compromised. Preempt approaches threat detection differently. Our User and Entity Behavior Analytics (UEBA) learns the behavior and develops a risk score for every user and device on the network. Trusted and untrusted access is baselined through analysis of live authentication traffic combined with SSO, Cloud Directories, VPN, supervised and unsupervised learning and more.\r\n<b>Confidently Preempt Threats With Conditional Access </b>\r\nThreats aren’t black or white so responding to possible threats with a simple block or allow won’t work. Whether it’s simply adding MFA in front of your most sensitive applications or responding in real-time to suspicious behavior, Preempt’s Conditional Access gives you the flexibility to respond in real-time to prevent threats without disrupting real business.\r\n<b>Ease of Deployment</b>\r\nPreempt works with your authentication infrastructure to provide consistent insights, threat detection, and adaptive enforce across your organization. The two-tier platform architecture allows you to get up and running quickly, and easily access just the features you need.","shortDescription":"Continuous. Adaptive. Automated. Conditional Access\r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Preempt Platform","keywords":"","description":"<b>Preempt</b> empowers organizations to easily reduce user risk on their attack surface and preempt threats in real time with Conditional Access. Our patented technology continuously analyzes, adapts and responds to threats based on identity, behavior and ris","og:title":"Preempt Platform","og:description":"<b>Preempt</b> empowers organizations to easily reduce user risk on their attack surface and preempt threats in real time with Conditional Access. Our patented technology continuously analyzes, adapts and responds to threats based on identity, behavior and ris","og:image":"https://old.roi4cio.com/fileadmin/user_upload/preempt.png"},"eventUrl":"","translationId":3853,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).&nbsp; The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as &quot;on-demand software&quot;, and was formerly referred to as &quot;software plus services&quot; by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term &quot;Software as a Service&quot; (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure.&nbsp; While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies.&nbsp; Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"},{"id":836,"title":"DRP - Digital Risk Protection","alias":"drp-digital-risk-protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3372,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/cybereason-logo.png","logo":true,"scheme":false,"title":"Cybereason Platform","vendorVerified":0,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":0,"alias":"cybereason-platform","companyTitle":"Cybereason","companyTypes":["supplier","vendor"],"companyId":5261,"companyAlias":"cybereason","description":"&nbsp;The Cybereason platform is powered by a custom-built in-memory graph, the only truly automated hunting engine anywhere. It detects behavioral patterns across every endpoint and surfaces malicious operations in an exceptionally user-friendly interface.\r\n<span style=\"font-weight: bold;\"><br /></span>\r\n<span style=\"font-weight: bold;\">Cybereason Offerings</span>\r\n<span style=\"text-decoration: underline;\">Deep Hunting Platform</span>\r\nThe Cybereason Deep Hunting Platform delivers endpoint detection and response (EDR), nextgeneration antivirus (NGAV), managed threat hunting, and threat intelligence — all in one solution and one single lightweight sensor.<br />Built using Cybereason's proprietary cybersecurity data analytics architecture, the platform focuses on collecting and analyzing behavioral data and correlating disparate data points to identify malicious operations and facilitate immediate action. The Cybereason Deep Hunting Platform doesn't simply secure your data; it leverages your data to secure.<br /><br /><span style=\"text-decoration: underline;\">Cybereason Complete Endpoint Protection</span>\r\nImplement comprehensive endpoint protection with Cybereason’s Complete Endpoint Protection platform. The solution integrates the power of EDR and next-generation antivirus (NGAV) so you can replace your legacy AV with a single advanced endpoint solution.\r\n<ul><li>Combination of centralized and endpoint-side analytics</li></ul>\r\n<ul><li>Behavioral analysis in the Cybereason Hunting Engine</li></ul>\r\n<ul><li>Full attack lifecycle protection</li></ul>\r\n<ul><li>Single sensor and single Response Interface</li></ul>\r\n<br /><span style=\"text-decoration: underline;\">Cybereason RansomFree</span>\r\nKeep your personal files safe from ransomware with Cybereason RansomFree. Built on the same Cybereason detection methodology, RansomFree is protection software designed to detect and stop ransomware from encrypting your files. With a mission to help everyone – not just large enterprises, it provides RansomFree at no cost because protection should be accessible to everyone.","shortDescription":"Cybereason is an endpoint detection and response platform that offers real-time cyber threat detection and incident investigation solutions.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cybereason Platform","keywords":"","description":"&nbsp;The Cybereason platform is powered by a custom-built in-memory graph, the only truly automated hunting engine anywhere. It detects behavioral patterns across every endpoint and surfaces malicious operations in an exceptionally user-friendly interface.\r\n<","og:title":"Cybereason Platform","og:description":"&nbsp;The Cybereason platform is powered by a custom-built in-memory graph, the only truly automated hunting engine anywhere. It detects behavioral patterns across every endpoint and surfaces malicious operations in an exceptionally user-friendly interface.\r\n<","og:image":"https://old.roi4cio.com/fileadmin/user_upload/cybereason-logo.png"},"eventUrl":"","translationId":3373,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).&nbsp; The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as &quot;on-demand software&quot;, and was formerly referred to as &quot;software plus services&quot; by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term &quot;Software as a Service&quot; (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure.&nbsp; While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies.&nbsp; Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"},{"id":824,"title":"ATP - Advanced Threat Protection","alias":"atp-advanced-threat-protection","description":" Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.\r\nThe primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.\r\nAdvanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.\r\nEnterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.","materialsDescription":" <span style=\"font-weight: bold;\">How Advanced Threat Protection Works?</span>\r\nThere are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:\r\n<ul><li><span style=\"font-weight: bold;\">Real-time visibility</span> – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.</li><li><span style=\"font-weight: bold;\">Context</span> – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.</li><li><span style=\"font-weight: bold;\">Data awareness</span> – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.</li></ul>\r\nWhen a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:\r\n<ul><li>Halting attacks in progress or mitigating threats before they breach systems</li><li>Disrupting activity in progress or countering actions that have already occurred as a result of a breach</li><li>Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-ATP.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"},{"id":852,"title":"Network security","alias":"network-security","description":" Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.\r\nNetwork security starts with authentication, commonly with a username and a password. Since this requires just one detail authenticating the user name — i.e., the password—this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g., a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g., a fingerprint or retinal scan).\r\nOnce authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network like wireshark traffic and may be logged for audit purposes and for later high-level analysis. Newer systems combining unsupervised machine learning with full network traffic analysis can detect active network attackers from malicious insiders or targeted external attackers that have compromised a user machine or account.\r\nCommunication between two hosts using a network may be encrypted to maintain privacy.\r\nHoneypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot. A honeypot can also direct an attacker's attention away from legitimate servers. A honeypot encourages attackers to spend their time and energy on the decoy server while distracting their attention from the data on the real server. Similar to a honeypot, a honeynet is a network set up with intentional vulnerabilities. Its purpose is also to invite attacks so that the attacker's methods can be studied and that information can be used to increase network security. A honeynet typically contains one or more honeypots.","materialsDescription":" <span style=\"font-weight: bold;\">What is Network Security?</span>\r\nNetwork security is any action an organization takes to prevent malicious use or accidental damage to the network’s private data, its users, or their devices. The goal of network security is to keep the network running and safe for all legitimate users.\r\nBecause there are so many ways that a network can be vulnerable, network security involves a broad range of practices. These include:\r\n<ul><li><span style=\"font-weight: bold;\">Deploying active devices:</span> Using software to block malicious programs from entering, or running within, the network. Blocking users from sending or receiving suspicious-looking emails. Blocking unauthorized use of the network. Also, stopping the network's users accessing websites that are known to be dangerous.</li><li><span style=\"font-weight: bold;\">Deploying passive devices:</span> For instance, using devices and software that report unauthorized intrusions into the network, or suspicious activity by authorized users.</li><li><span style=\"font-weight: bold;\">Using preventative devices:</span> Devices that help identify potential security holes, so that network staff can fix them.</li><li><span style=\"font-weight: bold;\">Ensuring users follow safe practices:</span> Even if the software and hardware are set up to be secure, the actions of users can create security holes. Network security staff is responsible for educating members of the organization about how they can stay safe from potential threats.</li></ul>\r\n<span style=\"font-weight: bold;\">Why is Network Security Important?</span>\r\nUnless it’s properly secured, any network is vulnerable to malicious use and accidental damage. Hackers, disgruntled employees, or poor security practices within the organization can leave private data exposed, including trade secrets and customers’ private details.\r\nLosing confidential research, for example, can potentially cost an organization millions of dollars by taking away competitive advantages it paid to gain. While hackers stealing customers’ details and selling them to be used in fraud, it creates negative publicity and public mistrust of the organization.\r\nThe majority of common attacks against networks are designed to gain access to information, by spying on the communications and data of users, rather than to damage the network itself.\r\nBut attackers can do more than steal data. They may be able to damage users’ devices or manipulate systems to gain physical access to facilities. This leaves the organization’s property and members at risk of harm.\r\nCompetent network security procedures keep data secure and block vulnerable systems from outside interference. This allows the network’s users to remain safe and focus on achieving the organization’s goals.\r\n<span style=\"font-weight: bold;\">Why Do I Need Formal Education to Run a Computer Network?</span>\r\nEven the initial setup of security systems can be difficult for those unfamiliar with the field. A comprehensive security system is made of many pieces, each of which needs specialized knowledge.\r\nBeyond setup, each aspect of security is constantly evolving. New technology creates new opportunities for accidental security leaks, while hackers take advantage of holes in security to do damage as soon as they find them. Whoever is in charge of the network’s security needs to be able to understand the technical news and changes as they happen, so they can implement safety strategies right away.\r\nProperly securing your network using the latest information on vulnerabilities helps minimize the risk that attacks will succeed. Security Week reported that 44% of breaches in 2014 came from exploits that were 2-4 years old.\r\nUnfortunately, many of the technical aspects of network security are beyond those who make hiring decisions. So, the best way an organization can be sure that their network security personnel are able to properly manage the threats is to hire staff with the appropriate qualifications.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6445,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/StrikeForce.png","logo":true,"scheme":false,"title":"StrikeForce ProtectID","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"strikeforce-protectid","companyTitle":"StrikeForce Technologies","companyTypes":["supplier","vendor"],"companyId":6955,"companyAlias":"strikeforce-technologies","description":"ProtectID® is designed to deliver affordable, flexible, and redundant authentication models for Banks, Corporations, Universities, Government Agencies, and Social Networking websites. ProtectID® can be managed on-site or via our hosted cloud service. \r\nStrikeForce Technologies exists in a competitive industry flooded by many different types of cybersecurity technology offerings. We have many distinguishing factors which set us apart from our competition. Our ability to offer a “hybrid” solution consisting of both on-site and hosted cloud services, as well as our ownership of the patents relating to our cybersecurity technologies, allows us to better protect you from all possible angles. \r\n<b>Various Authentication Methods </b>\r\nProtectID® has a multitude of potential authentications methods. These methods include:\r\n<ul> <li>Out-of-Band Phone – #, PIN, OTP, and/or Voice </li> <li>OTP Delivery to Phone via MS, Voice, Email, and/or Push </li> <li>Out-of-Band Push – Accept/Deny, PIN, and/or Fingerprint </li> <li>Hard Tokens – Key Fob, USB Key, and/or Wallet Cards </li> <li>Mobile Tokens – iOS, Android, and/or Blackberry </li> <li>Desktop Tokens – Windows, OS X & MacOS, and/or Linux </li> <li>Support for FIDO *coming soon* </li> </ul>\r\n<b>Secure Access </b>\r\nProtectID® secures access to the following resources: \r\n<ul> <li>VPN – IPSec or SSL VPNs </li> <li>Citrix Networks </li> <li>Web Applications – On- Site or Cloud OWA, Sharepoint, Office365, and more </li> <li>Windows Desktop Login </li> <li>Transactions via Out-of-Band Verification </li> </ul>\r\n<b>Easy to Provision </b>\r\nExplore multiple provisioning methods including \r\n<ul> <li>Self Service Portal </li> <li>Web Manager </li> <li>HTTP Provisioning Interface </li> <li>Mobile “One Touch” Provisioning </li> </ul>\r\n<b>Flexible Deployment </b>\r\nProtectID® has multiple deployment options including: \r\n<ul> <li>On-Site </li> <li>Cloud</li> <li>Hybrid On-Site + Cloud </li> <li>OEM – Become a Cloud Authentication Provider </li> <li>Flexible Pricing Models </li> </ul>","shortDescription":"The Out-of-Band Authentication Pioneer\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"StrikeForce ProtectID","keywords":"","description":"ProtectID® is designed to deliver affordable, flexible, and redundant authentication models for Banks, Corporations, Universities, Government Agencies, and Social Networking websites. ProtectID® can be managed on-site or via our hosted cloud service. \r\nStrikeF","og:title":"StrikeForce ProtectID","og:description":"ProtectID® is designed to deliver affordable, flexible, and redundant authentication models for Banks, Corporations, Universities, Government Agencies, and Social Networking websites. ProtectID® can be managed on-site or via our hosted cloud service. \r\nStrikeF","og:image":"https://old.roi4cio.com/fileadmin/user_upload/StrikeForce.png"},"eventUrl":"","translationId":6445,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4912,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Optimal_IdM.png","logo":true,"scheme":false,"title":"The OptimalCloud","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"the-optimalcloud","companyTitle":"Optimal IdM","companyTypes":["supplier","vendor"],"companyId":5293,"companyAlias":"optimal-idm","description":"<span style=\"font-weight: bold;\">A Complete Identity as a Service (IDaaS) Solution</span>\r\nThe OptimalCloud™ is a scalable and customizable Identity and Access Management (IAM) solution that deploys easily and provides seamless and secure access to thousands of applications using single sign-on technology. The OptimalCloud offers multi-factor authentication and authorization from any data store, provides delegated administration and user management enablement, can be deployed in the cloud, or federated to other organizations. The OptimalCloud also comes with 24 x 7 x 365 support and a guaranteed 99.9% uptime.\r\n<span style=\"font-weight: bold;\">Why The OptimalCloud?</span>\r\nBelow are a few of the key features that set The OptimalCloud ahead of the competition as an Identity as a Service software:\r\n<ul><li>Affordable flat monthly fee</li><li>Completely customizable enterprise-level solution…Your Cloud, Your Way</li><li>Private dedicated single-tenant and multi-tenant options with servers in data-centers of your choice around the globe</li><li>Syncing of on-premise identities to the cloud is *NOT* required</li><li>Included support for ALL standards including WS-Federation, WS-Trust, SAML, Shibboleth, OpenID Connect, OAuth2, SCIM &amp; REST</li><li>Comprehensive cloud solution including self-service password reset, self-registration, delegated administration, complete identity management, and one-click workflow approvals</li><li>Deep OAuth2, OpenID Connect &amp; SAML integrations with developer portal access and complete working projects</li><li>Granular delegated administration authority that can be tied to users and/or organizations</li></ul>","shortDescription":"An end-to-end, scalable and customizable enterprise Identity and Access Management (IAM) solution.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"The OptimalCloud","keywords":"","description":"<span style=\"font-weight: bold;\">A Complete Identity as a Service (IDaaS) Solution</span>\r\nThe OptimalCloud™ is a scalable and customizable Identity and Access Management (IAM) solution that deploys easily and provides seamless and secure access to thousands o","og:title":"The OptimalCloud","og:description":"<span style=\"font-weight: bold;\">A Complete Identity as a Service (IDaaS) Solution</span>\r\nThe OptimalCloud™ is a scalable and customizable Identity and Access Management (IAM) solution that deploys easily and provides seamless and secure access to thousands o","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Optimal_IdM.png"},"eventUrl":"","translationId":4913,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances.&nbsp; \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6453,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Sterling_Identity.jpg","logo":true,"scheme":false,"title":"Sterling Identity","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"sterling-identity","companyTitle":"Sterling Identity (SureID)","companyTypes":["supplier","vendor"],"companyId":6720,"companyAlias":"sterling-identity","description":"Know Who You’re Hiring\r\nWith thousands of data breaches happening every year, companies need more assurance than ever that their candidates are who they say they are. At the same time, companies are hiring more remote and gig workers, making in-person identity verification more difficult. \r\nYour Process, Our Expertise\r\nUsing Sterling Identity Vertification’s REST APIs, you can integrate identity authentication and validation into your existing systems and processes. It meets Know Your Client due diligence requirements and is constantly updated with the newest changes to identity documents around the world. When AI can’t authenticate the documents automatically, human experts review them immediately, so you still get fast results. We can customize the candidate’s experience, too, so you capture exactly what you need – no more, and no less. It’s simple, easy, and effective – and backed by the best background screening company in the market. \r\n<ul> <li>Faster screening and onboarding</li> <li>Higher-quality biographic data for fewer screening errors</li> <li>Reduced fraud and impersonation</li> <li>Simple, guided mobile candidate experience available anywhere, anytime</li> <li>Near-instant results that integrate seamlessly into your current hiring process</li> </ul>","shortDescription":"Make Identity the Foundation of Your Hiring Practice","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Sterling Identity","keywords":"","description":"Know Who You’re Hiring\r\nWith thousands of data breaches happening every year, companies need more assurance than ever that their candidates are who they say they are. At the same time, companies are hiring more remote and gig workers, making in-person identity","og:title":"Sterling Identity","og:description":"Know Who You’re Hiring\r\nWith thousands of data breaches happening every year, companies need more assurance than ever that their candidates are who they say they are. At the same time, companies are hiring more remote and gig workers, making in-person identity","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Sterling_Identity.jpg"},"eventUrl":"","translationId":6453,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances.&nbsp; \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6198,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/ivanti-logo-01.png","logo":true,"scheme":false,"title":"Ivanti Security Controls","vendorVerified":1,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":2,"alias":"ivanti-security-controls","companyTitle":"Ivanti (LANDESK)","companyTypes":["supplier","vendor"],"companyId":3047,"companyAlias":"ivanti-landesk","description":"With IT teams spending too much time managing security device sprawl, and Security teams suffering a labor shortage, Ivanti simplifies security with a unified solution that targets your biggest attack vectors. In Ivanti Security Controls (formerly Ivanti Patch for Windows) we’ve brought together the security tools global experts agree create the highest barriers to modern cyber attacks—discovery of the authorized and unauthorized software in your environment, so you can protect and defend against it; patch management for your heterogeneous OS and thirdparty app environment; dynamic whitelisting; and granular privilege management—as well as additional patch tools that help IT and Security work together better to better protect the business.\r\n<span style=\"font-weight: bold;\">Patch for Windows and Linux</span><br />\r\nIvanti Security Controls is a single automated patching solution that spans not only physical and virtual Windows servers but workstations as well. And we’ve added Red Hat Enterprise Linux and CentOS patch support to the leading Windows patching solution on the market—further non-Windows OSes to be added in 2019.\r\n<ul><li><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Patch your virtual servers.</span></span> Find online and offline workstations and servers, scan for missing patches, and deploy them. Then patch everything from the OS and apps to virtual machines (VMs) and even the ESXi hypervisor with the product’s deep integration with VMware. It’s possible to keep even offline virtual images in a constant state of readiness to be deployed. (You don’t want to go through the two-step process of creating a VM and having to patch it. If offline templates are kept current all the time, you can deploy a VM without having to worry about whether it’s up to date.)</li></ul>\r\n<ul><li><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Patch without an agent.</span></span> Agentless technology lets you assess and deploy patches to the workstations and servers connected to your network while minimizing the impact on both your team and system workloads. Alternatively, you can use the agent to create as many different agent policies as necessary to manage your network, offering significant patching flexibility, and to provide a higher degree of patch accuracy in environments where devices are not continuously connected to the network. Assign different agent configurations to different devices in your organization.</li></ul>\r\n<ul><li><span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">Patch your Windows and Linux machines.</span></span> You need patch management software in your toolbox that can handle today’s heterogenous environments. Extending patching beyond Windows is a must. And doing this efficiently, using a single interface and automated tool, not only frees up IT, but also reduces human error while enhancing your defenses.</li></ul>\r\n<ul><li><span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">Patch your applications. </span></span>Third-party applications such as Adobe Acrobat Flash and Reader, Google Chrome, Mozilla Firefox, and Oracle Java are the apps and browser add-ons hackers target most. We provide the largest patch catalog in the industry, and our content team puts all the patches through a gauntlet of testing, so you don’t have to take that on yourselves. We can save you and your team time better used to focus on core business goals.</li></ul>\r\n<span style=\"font-weight: bold;\">Whitelisting and Privilege Management Done Right</span><br />\r\nIvanti Security Controls offers a more dynamic whitelisting option as well, using trust models in place of lists, which reduces the ramp-up, cost of ownership once running, and performance impact, while still delivering a high degree of security. It also lets IT take back admin rights but still enable users to do what they need to, including easing the process of adding additional permissions if needed.\r\n<ul><li><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Simplify whitelisting.</span></span> We can provide authorized access to applications, services, and components without making IT manage extensive lists manually and without constraining users. Trusted Ownership™, for example, allows NTFS ownership of a file to simplify the process of whitelisting. Using a handful of trusted accounts to define ownership of trusted files allows easy implementation of a whitelist, and continuous addition and update of applications through your management systems, as the trusted owners are the accounts performing the install and update\\upgrade efforts.</li></ul>\r\n<ul><li><span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">Control the keys to the kingdom.</span></span> There are many vulnerabilities that, if exploited, give the attacker permissions equal to the current user. Attackers can use stolen credentials and that user’s admin rights to gain full access to information and systems and spread further into your network. And providing full admin rights on a server has other risks as well, like the ability to start or stop services and install or remove software in error.</li></ul>\r\nThere are still companies that can enforce a policy of total lockdown of user permissions, but generally users require some ability that inevitably requires us to grant them administrative privileges on their system.<br />Microsoft provides just two levels of control: user or a full admin. There’s some variation in between, but not enough to make it a good experience for the user or administrator.<br />\r\nWe implement Just Enough Administration (JEA) and Just-in-Time Administration (JIT) – letting you take back your admin rights but still enable users to do what they need to, including easing the process of escalating or adding additional permissions if needed.<br />\r\nNow you can choose. Take a full admin back down to a regular user, and provide escalation of privileges where and when needed, from access to install applications, install a printer, use PowerShell, or whatever the user may need, but nothing more than what the user should have. Or you can take that full administrator and strip away the things they should not have access to. Take PowerShell away, for example, or access to specific capabilities. Limit administrative privilege to specific consoles, applications, services, and commands, reducing the risk of admins introducing malware, halting essential services, or affecting performance of mission-critical services.<br />\r\n<span style=\"font-weight: bold;\">More Tools to Save You Time and Money</span><br />\r\nIvanti Security Controls also includes the following features that make it even easier for Security and IT Ops to undertake the business of securing your organization.\r\n<ul><li><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Integrate and automate beyond Ivanti.</span></span> Patch REST APIs enable Security Controls to integrate with other products, automate shared processes, and provide remote access and control of the console.</li></ul>\r\n<ul><li><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Bridge the gap between Security and IT Ops with CVE to patch list creation.</span></span> Ivanti Security Controls can take a vulnerability assessment from whatever vendor the organization is using, find all the patches that relate to those Common Vulnerabilities and Exposures (CVEs), and build a patch group of updates that can be quickly approved for remediation in the environment. It’s a huge time-saver replacing today’s manual process.</li></ul>","shortDescription":"IVANTI SECURITY CONTROLS: IVANTI PATCH FOR WINDOWS, NOW INTEGRATED WITH PATCH FOR LINUX AND IVANTI APPLICATION CONTROL","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Ivanti Security Controls","keywords":"","description":"With IT teams spending too much time managing security device sprawl, and Security teams suffering a labor shortage, Ivanti simplifies security with a unified solution that targets your biggest attack vectors. In Ivanti Security Controls (formerly Ivanti Patch","og:title":"Ivanti Security Controls","og:description":"With IT teams spending too much time managing security device sprawl, and Security teams suffering a labor shortage, Ivanti simplifies security with a unified solution that targets your biggest attack vectors. In Ivanti Security Controls (formerly Ivanti Patch","og:image":"https://old.roi4cio.com/fileadmin/user_upload/ivanti-logo-01.png"},"eventUrl":"","translationId":6199,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement&nbsp; security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6455,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/SurePassID.png","logo":true,"scheme":false,"title":"SurePassID Universal MFA","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"surepassid-universal-mfa","companyTitle":"SurePassID","companyTypes":["supplier","vendor"],"companyId":6722,"companyAlias":"surepassid","description":"SurePassID’s multi-factor authentication (MFA) platform enables our customers to lock down access to any application, by any user, on any device, within any network architecture.\r\n<b>Deploy MFA for challenging requirements </b>\r\nAll MFA solutions are not created equal. SurePassID Universal MFA excels by meeting the most challenging requirements: \r\n<ul> <li>On-premise and hybrid deployment architectures </li> <li>Offline Windows and Mac login using two-factor authentication (2FA) </li> <li>Complex firewall configurations, network pathing, and replication schemes </li> <li>Full auditing – including user logout – for integration with Security Information and Event Management (SIEM) systems </li></ul>\r\n<b>One Platform, Many Benefits </b>\r\n<ul> <li>Comply fast and easy</li> <li>Reduce costs</li> <li>Increase user convenience </li><li>Integrate everywhere</li> <li>Improve extensibility</li> <li>Automate administration</li> </ul>","shortDescription":"The multi-factor authentication (MFA) platform built to secure your universe","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"SurePassID Universal MFA","keywords":"","description":"SurePassID’s multi-factor authentication (MFA) platform enables our customers to lock down access to any application, by any user, on any device, within any network architecture.\r\n<b>Deploy MFA for challenging requirements </b>\r\nAll MFA solutions are not creat","og:title":"SurePassID Universal MFA","og:description":"SurePassID’s multi-factor authentication (MFA) platform enables our customers to lock down access to any application, by any user, on any device, within any network architecture.\r\n<b>Deploy MFA for challenging requirements </b>\r\nAll MFA solutions are not creat","og:image":"https://old.roi4cio.com/fileadmin/user_upload/SurePassID.png"},"eventUrl":"","translationId":6455,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances.&nbsp; \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6465,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/SyferLock.png","logo":true,"scheme":false,"title":"SyferLock GridGuard","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"syferlock-gridguard","companyTitle":"SyferLock Technology Corporation","companyTypes":["supplier","vendor"],"companyId":6723,"companyAlias":"syferlock-technology-corporation","description":"SyferLock delivers unparalleled flexibility through a range of solutions to address diverse and evolving authentication needs. Our zero footprint aspect provides device-less, One-Time Password/PIN generation without any additional client-side hardware or software, and without any dependency on a cell phone like SMS text-based solutions. SyferLock’s methodology also allows the creation of a layered approach to current authentication processes: stand alone, or used in conjunction with other factors. \r\nSyferLock's two-factor and multi-factor authentication solutions enable enterprises and organizations to comply with authentication mandates imposed by HIPAA, CJIS, FedRAMP, FERC, PCI, SOX, FFIEC, BASEL, and GDPR, among others. \r\n<b>Utilizing SyferLock’s Software-Based Authentication Solutions to Cover the Authentication Spectrum </b>\r\nAt one end of the authentication spectrum you have commonly used static reusable passwords. At the other end of the spectrum you have two-factor authentication. No single authentication solution seems to be flexible enough, adaptable enough and secure enough to help with ever changing business cases and user needs until now. SyferLock has created one of the most flexible, adaptable and secure authentication solutions to enable enterprises to cost-effectively address two-factor authentication / multi-factor authentication across a range of uses cases. SyferLock’s two-factor and multi-factor authentication solutions eliminate or mitigate a range of attacks, including: \r\n<ul> <li>Key-Logging</li> <li>Shoulder Surfing</li> <li>Brute Force & Dictionary</li> <li>Interception</li> <li>Cross Site Scripting</li> <li>Replay</li> <li>Automated Attacks</li> <li>Sniffing</li> <li>Stored Browser Passwords</li> <li>Man-in-the-Middle </li> </ul>","shortDescription":"SyferLock’s patented, software-based two-factor / multi-factor authentication solutions provide next generation One-Time Passwords/PINs (OTPs)","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"SyferLock GridGuard","keywords":"","description":"SyferLock delivers unparalleled flexibility through a range of solutions to address diverse and evolving authentication needs. Our zero footprint aspect provides device-less, One-Time Password/PIN generation without any additional client-side hardware or soft","og:title":"SyferLock GridGuard","og:description":"SyferLock delivers unparalleled flexibility through a range of solutions to address diverse and evolving authentication needs. Our zero footprint aspect provides device-less, One-Time Password/PIN generation without any additional client-side hardware or soft","og:image":"https://old.roi4cio.com/fileadmin/user_upload/SyferLock.png"},"eventUrl":"","translationId":6465,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).&nbsp; The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances.&nbsp; \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6214,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Respond_Software.jpg","logo":true,"scheme":false,"title":"Respond Software Analyst","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"respond-software-analyst","companyTitle":"Respond Software","companyTypes":["supplier","vendor"],"companyId":8285,"companyAlias":"respond-software","description":"<b>Accelerate investigations and improve analyst productivity </b>\r\nThe Respond Analyst™ automates the discovery of security incidents by turning resource-intensive monitoring and initial analysis into thorough and consistent investigations. \r\n<ul> <li>Processes millions of alerts in real-time with 100% consistency</li> <li>Connects silos of alerts into incidents</li> <li>Works with heterogeneous security sensors</li> <li>Dramatically reduces waste due to false positives</li> <li>Continuously learns and adapts</li> </ul>\r\n<b>Real-time robotic decision automation </b>\r\n<ul> <li>Integrated reasoning works across all available data sources for better decisions, faster </li> <li>Working at machine speed, data is analyzed, scoped and prioritized </li> <li>100% coverage means no need to filter, tune-down or ignore alerts </li> <li>Always on, continuous monitoring, analysis and triage at a fixed cost </li> </ul>\r\n<b>Security analysis specific to your organization </b>\r\n<ul> <li>Leverage support for STIX/TAXII to bring in specialized threat intelligence </li> <li>Vulnerability scanner integration assists the software in making more informed decisions </li> <li>Classifying assets & users helps manage the risk posed by breaches </li> <li>Combined contextual resources reduce the false positive incident escalations </li> </ul>\r\n<b>Dynamic scoping, prioritization, and notification </b>\r\n<ul> <li>Fully vetted incidents with explanation of why they were escalated </li> <li>Incidents are re-scoped and prioritized as new evidence is uncovered </li> <li>Automated real-time notifications via PagerDuty </li> </ul>\r\n<b>Seamless feedback, learning and integrations </b>\r\n<ul> <li>Thumbs up/down dialog enables your feedback on escalation </li> <li>Global learning provides more experience than the most experienced human analysts </li> <li>Fits immediately into your current SIEM & SOAR tools </li> <li>Easily connects to case management and ticketing systems </li> </ul>","shortDescription":"Power Your Security Team with Automated Monitoring and Triage\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Respond Software Analyst","keywords":"","description":"<b>Accelerate investigations and improve analyst productivity </b>\r\nThe Respond Analyst™ automates the discovery of security incidents by turning resource-intensive monitoring and initial analysis into thorough and consistent investigations. \r\n<ul> <li>Process","og:title":"Respond Software Analyst","og:description":"<b>Accelerate investigations and improve analyst productivity </b>\r\nThe Respond Analyst™ automates the discovery of security incidents by turning resource-intensive monitoring and initial analysis into thorough and consistent investigations. \r\n<ul> <li>Process","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Respond_Software.jpg"},"eventUrl":"","translationId":6213,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6475,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Systancia.png","logo":true,"scheme":false,"title":"Systancia Identities and Authorizations (IGA)","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"systancia-identities-and-authorizations-iga","companyTitle":"Systancia","companyTypes":["supplier","vendor"],"companyId":5997,"companyAlias":"systancia","description":"<div style=\"text-align:center;\"><b>Systancia Identity - Powerful management of your entire ecosystem's identities and authorizations for all your applications, on premise or cloud </b>\r\n<div style=\"text-align:center;\">Systancia Identity, formerly Avencis Hpliance, is an identity governance and administration solution. It allows to manage identities, their membership organizations, their authorizations, and possibly their resources (endowments). Its Workflow module allows the management of many different use cases: flow of people, processes, authorization/resources request... it is provided with an agile synchronization engine that easily integrates into your upstream and downstream repositories. It also provides features such as permission certification and separation of privileged duties (SoD), while allowing traceability and visibility of actions performed via its audit and reporting module. \r\n<b>Data protection and leakage prevention </b>\r\nDue to the growing amount of data within companies and organizations, and the fact that these data are sometimes sensitive, it is essential to protect them against any potentially devastating risk of leakage, as we are reminded daily by the press. \r\n<b>Regulatory compliance, GDPR and ANSSI recommendations </b>\r\nCompliance with multiple regulations is sometimes perceived as a constraint, but it is nevertheless necessary to ensure an effective IS security. \r\n<b>Organizational agility and improvement of employee movement process </b>\r\nEmployee movements (turnover, internal rotation, outsourcing and mergers-acquisitions) require that the IT department benefits from real agility in order to facilitate these movements and increase the level of IS security. \r\n<b>Agility of the IT department and autonomy of professions </b>\r\nSimplify and automate the management of identities and entitlements for greater business autonomy \r\n<b>Choose innovation with Systancia Identity </b>\r\n<ul> <li>Identity lifecycle management with data reconciliation </li> <li>Permissions and authorizations management based on the organizational structure (OrBAC) </li> <li>Automatic provisioning allowing the consolidation of upstream and downstream repositories </li> <li>Re-certification campaigns management and separation of duties (SoD) </li> <li>Workflow allowing to organize tasks in order to simplify and automate the identity management </li> <li>Audits and reports to guarantee regulatory compliance </li> </ul>","shortDescription":"Centralize and monitor user account and authorization management\r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Systancia Identities and Authorizations (IGA)","keywords":"","description":"<div style=\"text-align:center;\"><b>Systancia Identity - Powerful management of your entire ecosystem's identities and authorizations for all your applications, on premise or cloud </b>\r\n<div style=\"text-align:center;\">Systancia Identity, formerly Avencis Hplia","og:title":"Systancia Identities and Authorizations (IGA)","og:description":"<div style=\"text-align:center;\"><b>Systancia Identity - Powerful management of your entire ecosystem's identities and authorizations for all your applications, on premise or cloud </b>\r\n<div style=\"text-align:center;\">Systancia Identity, formerly Avencis Hplia","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Systancia.png"},"eventUrl":"","translationId":6475,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances.&nbsp; \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4941,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/rhebo.png","logo":true,"scheme":false,"title":"Rhebo Industry 4.0 Stability and Security Audit","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"rhebo-industry-40-stability-and-security-audit","companyTitle":"Rhebo GmbH","companyTypes":["vendor"],"companyId":5313,"companyAlias":"rhebo","description":"<span style=\"color: rgb(97, 97, 97); \">The Rhebo Industry 4.0 Stability and Security Audit provides a fast and comprehensive risk analysis of your Industrial Automation &amp; Control System (IACS). With the OT security audit you get a complete assessment of all IACS assets, their properties, connections, communication patterns and hidden threats.<br /><br />A complete plant asset management of the industrial control system is the basis for an effective risk analysis, cybersecurity and operational management. Various industry standards such as IEC 62443 and ISO 27000 recommend complete documentation of all assets, their properties and connections. Whether critical infrastructure, production companies or process industries: Plant asset management of industrial equipment is usually incomplete and difficult. <br /><br />Often there is no general overview of the individual components, especially in complex plants or embedded systems. In addition, new devices that intervene with the control systems are continuously introduced. In most cases, the properties of the components cannot be documented on a daily basis either in order to ensure meaningful plant asset management. Manufacturers use proprietary settings and protocols or hide information as a business secret. These blind spots in the ICS jeopardize both industrial security and availability-oriented operation.<br /><br />Rhebo Industrial Protector recognizes and analyzes in real-time every component that communicates within the industrial control system. This provides you with up-to-date documentation of all components and their properties. This information includes e.g.: <br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Vendor, device name;</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;IP address, MAC address,</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;Version of firmware,</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;Serial number, known vulnerabilities.</span></li></ul>\r\n<span style=\"color: rgb(97, 97, 97); \"><br />Additional you get detailed information about:<br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Communication profiles,</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Communication volumes,</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Connections to other devices (system context diagram),</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Quality of connections regarding cybersecurity and technical flawlessness.</span></li></ul>\r\n<span style=\"color: rgb(97, 97, 97); \"><br />The continuous network monitoring with anomaly detection additionally informs you in real-time about changes in the communication behavior of the individual components. This enables you to immediately detect manipulation attempts, technical error states or overload states for condition based maintenance and operations management.<br /><br />The Rhebo Industry 4.0 Stability and Security Audit provides a comprehensive evaluation of your industrial control system. You receive all information relevant for the evaluation of the security level and immanent cyber risks, e.g.:<br /></span>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Outdated firmware versions,</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Suspicious communication patterns,</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Connections and attempted communication to external servers,</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Vulnerable protocols and ports,</span></li><li><span style=\"color: rgb(97, 97, 97); \">&nbsp;&nbsp;&nbsp; Technical error states which threaten process stability and plant availability.</span></li></ul>\r\n<span style=\"color: rgb(97, 97, 97); \"><br />The detailed audit report and concluding workshop enable you to implement the necessary security mechanisms such as segmentation, gateway configuration and communication rules in a reasonable and targeted manner. Rhebo Industry 4.0 Stability and Security Audits not only allow you to perform a detailed initial risk analysis. They also support you at regular intervals in reviewing the actions taken and implementing your continuous improvement process.</span><br />","shortDescription":"The Rhebo Industry 4.0 Stability and Security Audit provides a fast and comprehensive risk analysis of your industrial control system.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Rhebo Industry 4.0 Stability and Security Audit","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">The Rhebo Industry 4.0 Stability and Security Audit provides a fast and comprehensive risk analysis of your Industrial Automation &amp; Control System (IACS). With the OT security audit you get a complete assessment of al","og:title":"Rhebo Industry 4.0 Stability and Security Audit","og:description":"<span style=\"color: rgb(97, 97, 97); \">The Rhebo Industry 4.0 Stability and Security Audit provides a fast and comprehensive risk analysis of your Industrial Automation &amp; Control System (IACS). With the OT security audit you get a complete assessment of al","og:image":"https://old.roi4cio.com/fileadmin/user_upload/rhebo.png"},"eventUrl":"","translationId":4942,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6477,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/SystoLOCK.png","logo":true,"scheme":false,"title":"Systola SystoLOCK","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"systola","companyTitle":"Systola","companyTypes":["vendor"],"companyId":8985,"companyAlias":"systola","description":"SystoLOCK provides strong protection for all login dialogs, services, and network protocols by eliminating Windows passwords completely from the network. By using the native Windows PKI functionality, logging into Microsoft Windows-based environments with SystoLOCK is done without additional upstreaming. All digital certificates are managed on the server and are not saved on client devices.\r\n<b>How does SystoLOCK improve autentication in Microsoft Windows environments? </b>\r\nSystoLOCK uses OTP (One Time Passwords) and PIN for to authenticate users and does not use passwords. \r\n<b>Why is SystoLOCK a global novelty in Active Directory environments? </b>\r\nSystoLOCK is the first and only MFA solution for Active Directory environments that does not require server-side modifications and protects all network logins, services, and protocols in one swoop. \r\n<b>What is the advantage of SystoLOCK on the network level in terms of performance and Security? </b>\r\nSystoLOCK is the only MFA solution that supports network-level authentication (NLA), enabling RDP sessions to use the slimmer UDP protocol. \r\n<b>Why is SystoLOCK simpler and less expensive than comparable solutions? </b>\r\nIn contrast to expensive smartcards or elaborate special solutions, SystoLOCK easy in administration and licensing. It uses only one license per user. ","shortDescription":"A revolutionary authentication solution that improves security in Microsoft Windows environments\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Systola SystoLOCK","keywords":"","description":"SystoLOCK provides strong protection for all login dialogs, services, and network protocols by eliminating Windows passwords completely from the network. By using the native Windows PKI functionality, logging into Microsoft Windows-based environments with Syst","og:title":"Systola SystoLOCK","og:description":"SystoLOCK provides strong protection for all login dialogs, services, and network protocols by eliminating Windows passwords completely from the network. By using the native Windows PKI functionality, logging into Microsoft Windows-based environments with Syst","og:image":"https://old.roi4cio.com/fileadmin/user_upload/SystoLOCK.png"},"eventUrl":"","translationId":6477,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances.&nbsp; \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"},{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3663,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/adlumin.png","logo":true,"scheme":false,"title":"Adlumin's Sentry","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"adlumins-sentry","companyTitle":"Adlumin","companyTypes":["supplier","vendor"],"companyId":5883,"companyAlias":"adlumin","description":"<b>Adlumin's</b> flagship product Sentry is a cloud delivered SaaS platform that detects identity based attacks in real time using user behavior analytics and active defense. We find attackers impersonating your legitimate employees. As a cloud delivered SaaS application Sentry deploy's in minutes and starts detecting threats immediately by building a pattern of life for every user.\r\n<b>User &amp; Entity Behavior Analytics (UEBA)</b>\r\n<ul> <li>Artificial Intelligence-Based Decisions</li> <li>No Rules to Write or Hardware to Manage</li> <li>Artificial Intelligence Writes Your SIEM Rules</li> <li>24/7 Network Vulnerability Assessment</li> <li>Analyzes Firewall, VPN Log Data, &amp; Network</li> <li>Automated Anomaly Interpretation</li> <li>User and Device Context/Correlation</li> </ul>\r\n<b>Log/Device Management</b>\r\n<ul> <li>Automated log and Device Ingest</li> <li>Critical Server Log Management</li> <li>Real-time Intrusion Detection Alerts</li> <li>Windows &amp; Linux Server Management</li> <li>Cloud and On-premise Ingest</li> <li>Integrated Compliance Management (PCI, FFIEC, FINRA)</li> <li>Secure &amp; Encrypted Log Management</li> <li>Log Data Normalization</li> </ul>\r\n<b>Automated Compliance</b>\r\n<ul> <li>Includes Reports Designed to Hand to Your Financial Auditor</li> <li>Risk Management, Visualization, and Analysis</li> <li>Automated Reporting for Auditors and Compliance</li> <li>Make Decisions in Minutes, Not Days</li> <li>Financial Compliance Audit Reports Included</li> <li>Know Everything About an Account with 1 Click</li> <li>90-Days of Research Included with SIEM</li> <li>24/7 Anomaly Hunting w/o Hiring Anyone</li> <li>Designed for Financial Institutions</li> <li>Understand Risk with 1 Button Click</li> </ul>\r\n<b>Adlumin</b> collects and indexes data from just about any source imaginable – network traffic, web servers, VPNs, firewalls, custom applications, application servers, hypervisors, GPS systems, and preexisting structured databases. Not only does Adlumin ingest data from any source on your network, we also run sophisticated analytics and machine learning algorithms against all incoming events and use the results as metrics to determine what is anomalous and what is malicious.","shortDescription":"Adlumin detects and stops identity based attacks","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Adlumin's Sentry","keywords":"","description":"<b>Adlumin's</b> flagship product Sentry is a cloud delivered SaaS platform that detects identity based attacks in real time using user behavior analytics and active defense. We find attackers impersonating your legitimate employees. As a cloud delivered SaaS ","og:title":"Adlumin's Sentry","og:description":"<b>Adlumin's</b> flagship product Sentry is a cloud delivered SaaS platform that detects identity based attacks in real time using user behavior analytics and active defense. We find attackers impersonating your legitimate employees. As a cloud delivered SaaS ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/adlumin.png"},"eventUrl":"","translationId":3663,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).&nbsp; The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as &quot;on-demand software&quot;, and was formerly referred to as &quot;software plus services&quot; by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term &quot;Software as a Service&quot; (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure.&nbsp; While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies.&nbsp; Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4945,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/SAASPASS_Logo.png","logo":true,"scheme":false,"title":"The SAASPASS Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"the-saaspass-platform","companyTitle":"SAASpass","companyTypes":["supplier","vendor"],"companyId":5316,"companyAlias":"saaspass","description":"SAASPASS authenticates and secures different objects within the Internet of Things (IoT). The IoT bridges the digital and the physical worlds and SAASPASS merges identity management from both to secure identities, applications and objects within this interconnected web.\r\nSAASPASS solves IoT security and identity management concerns by always providing two-factor authentication through mobile devices, barcode scans and bluetooth low energy (BLE). SAASPASS Proximity with BLE runs invisibly in the background and coordinates identities, interactions and objects with IoT ecosystems.\r\nSAASPASS secures not only obvious digital IoT components like mobile applications and email, but physically integrated items like cars, health wearables, offices and homes. The SAASPASS platform is flexible enough to bring the strong security of office email into a place you surely want strong security--your home.","shortDescription":"SAASPASS authenticates and secures different objects within the Internet of Things (IoT).","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":9,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"The SAASPASS Platform","keywords":"","description":"SAASPASS authenticates and secures different objects within the Internet of Things (IoT). The IoT bridges the digital and the physical worlds and SAASPASS merges identity management from both to secure identities, applications and objects within this interconn","og:title":"The SAASPASS Platform","og:description":"SAASPASS authenticates and secures different objects within the Internet of Things (IoT). The IoT bridges the digital and the physical worlds and SAASPASS merges identity management from both to secure identities, applications and objects within this interconn","og:image":"https://old.roi4cio.com/fileadmin/user_upload/SAASPASS_Logo.png"},"eventUrl":"","translationId":4946,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":483,"title":"Messaging Security","alias":"messaging-security","description":"<span style=\"font-weight: bold; \">Messaging security</span> is a subcategory of <span style=\"font-style: italic; \">unified threat management (UTM) </span>focused on securing and protecting an organization’s communication infrastructure. Communication channels can include email software, messaging apps, and social network IM platforms. This extra layer of security can help secure devices and block a wider range of viruses or malware attacks.\r\nMessaging security helps to ensure the confidentiality and authenticity of an organization’s communication methods. Confidentiality refers to making sure only the intended recipients are able to read the messages and authenticity refers to making sure the identity of each sender or recipient is verified.\r\nOftentimes, attackers aim to gain access to an entire network or system by infiltrating the messaging infrastructure. Implementing proper data and message security can minimize the chance of data leaks and identity theft.\r\n<span style=\"color: rgb(97, 97, 97); \">Encrypted messaging (also known as secure messaging) provides end-to-end encryption for user-to-user text messaging. Encrypted messaging prevents anyone from monitoring text conversations. Many encrypted messenger&nbsp; apps also offer end-to-end encryption for phone calls made using the apps, as well as for files that are sent using the apps.</span>\r\nTwo modern methods of encryption are the <span style=\"font-style: italic; \">Public Key (Asymmetric)</span> and the <span style=\"font-style: italic; \">Private Key (Symmetric</span>) methods. While these two methods of encryption are similar in that they both allow users to encrypt data to hide it from the prying eyes of outsiders and then decrypt it for viewing by an authorized party, they differ in how they perform the steps involved in the process.\r\n<span style=\"font-weight: bold; \">Email</span> security message can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send. \r\n<span style=\"font-weight: bold;\">Encrypted messaging systems </span>must be encrypted end-to-end, so that even the service provider and its staff are unable to decipher what’s in your communications. Ideal solutions is “server-less” encrypted chat where companies won’t store user information anywhere.\r\nIn a more general sense, users of unsecured public Wi-Fi should also consider using a <span style=\"font-weight: bold;\">Virtual Private Network </span>(VPN) application, to conceal their identity and location from Internet Service Providers (ISPs), higher level surveillance, and the attentions of hackers.","materialsDescription":"<h1 class=\"align-center\"> What is messaging security?</h1>\r\nMessaging Security is a program that provides protection for companies' messaging infrastructure. The programs include IP reputation-based anti-spam, pattern-based anti-spam, administrator-defined block/allow lists, mail antivirus, zero-hour malware detection, and email intrusion prevention.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Six Dimensions of Comprehensive Messaging Security</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">IP-Reputation Anti-spam.</span> It checks each email connection request with a database of IP addresses to establish whether a sender is a legitimate or known spam sender and malware. If a sender is recognized it undesirable the messaging Security program drops the connection before the message is accepted.</li><li><span style=\"font-weight: bold; \">Pattern-based anti-spam</span> utilizes a proprietary algorithm to establish a fingerprint-like signature of email messages. When a message comes in, its pattern is calculated and checked against a database to determine if the message matches a known email pattern. </li><li><span style=\"font-weight: bold; \">Block/Allow List Anti-spam.</span> Administrators can create a list of IP addresses or domains that they would like to either block or allow. This method ensures that trusted sources are explicitly allowed and unwanted sources are explicitly denied access.</li><li><span style=\"font-weight: bold; \">Mail Antivirus.</span> This layer of protection blocks a wide range of known viruses and malware attacks.</li><li><span style=\"font-weight: bold; \">Zero-Hour Malware Protection.</span> By analyzing large numbers of messages, outbreaks are detected along with their corresponding messages. These message patterns are then flagged as malicious, giving information about a given attack.</li><li><span style=\"font-weight: bold; \">SmartDefense Email IPS.</span> The messaging security program utilizes SmartDefense Email IPS to stop attacks targeting the messaging infrastructure. </li></ul>\r\n<h1 class=\"align-center\">What are Signal, Wire and LINE messenger security apps like ?</h1>\r\n<p class=\"align-left\">Secure private messenger is a messaging application that emphasizes the privacy and of users using encryption and service transparency. While every modern messenger system is using different security practices (most prominently SSL/HTTPS) - the difference between secure and classic messengers is what we don’t know in the scope of implementation and&nbsp; approach to user data. </p>\r\n<p class=\"align-left\">Message access control and secure messengers evolved into a distinct category due to the growing awareness that communication over the internet is accessible by third parties, and reasonable concerns that the messages can be used against the users.</p>\r\n<h1 class=\"align-center\">Why secure communication is essential for business?</h1>\r\n<p class=\"align-left\">In the context of business operation, communication is a vital element of maintaining an efficient and dynamic working process. It lets you keep everything up to date and on the same page. And since many things are going on at the same time - tools like messengers are one of the many helpers that make the working day a little more manageable.</p>\r\n<p class=\"align-left\">Some of the information, like employee and customer data, proprietary information, data directly linked to business performance or future projections, may be strictly under a non-disclosure agreement. Without proper text message authentication in information security or encryption, it remains vulnerable to exposure. The chances are slim, but the possibility remains. </p>\r\n<p class=\"align-left\">And there are people interested in acquiring that sensitive information, people who like to play dirty because getting a competitive advantage is a decent motivation to go beyond the law. And when private conversations leak, especially the business-related ones - the impact is comparable with the Titanic hitting an iceberg. </p>\r\n<p class=\"align-left\">Encrypted massages in messenger prevents this from happening.</p>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Messaging_Security.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":5713,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Nok_Nok_Labs.png","logo":true,"scheme":false,"title":"Nok Nok S3 Authentication Suite","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"nok-nok-s3-authentication-suite","companyTitle":"Nok Nok Labs","companyTypes":["supplier","vendor"],"companyId":7028,"companyAlias":"nok-nok-labs","description":"The Nok Nok S3 Authentication Suite enables FIDO certified multi-factor authentication (FIDO UAF, FIDO U2F, WebAuthn, and FIDO2) for mobile and web applications. Rather than the unpleasant experience of entering usernames and passwords, users can enjoy using the latest biometric authentication technology that already exists on their devices. \r\n<b>Universal Authentication Server </b>\r\nNok Nok™ Authentication Server in conjunction with Nok Nok App SDK delivers delivers robust multi-factor authentication using the existing security features of a user's device (such as a fingerprint sensor) instead of a password. The Server supports emerging industry standards from the FIDO Alliance and provide organizations with a unified interface to incorporate strong authentication. Key features of the Authentication server: \r\n<ul> <li>Account Recovery</li> <li>Auditing capabilities </li> <li>Federation Support e.g. IBM SAM, PingFederate, ForgeRock </li> <li>FIDO UAF, FIDO U2F, Web Authentication, and FIDO2 Protocol support </li> <li>Industry compliance based implementation e.g. SOX, PSD2, HIPAA etc. </li> <li>Multi-tenancy support </li> <li>Out of Band Authentication Support </li> <li>Policy Based Authentication </li> <li>Reporting capabilities </li> <li>REST API for easy integration into custom web applications </li> <li>Web based administrative user interface </li> </ul>\r\n<b>App SDK for Smart Watch </b>\r\nThe Nok Nok App SDK for Smart Watch allows customers to standardize on next-generation authentication across all digital channels - including smart watches. Smart watch apps can have a strong, device-bound credential that doesn’t need frequent renewal and server-side infrastructure can be standardized to support industry standards, including FIDO next-generation authentication - across all digital channels. \r\n<b>Mobile Passport Application </b>\r\nPassport from Nok Nok is an authentication app that supports the FIDO Universal Authentication Framework (UAF) protocol. Further, it also supports out-of-band authentication to authenticate to selected websites on a laptop or desktop computer. \r\n<b>Gateway </b>\r\nNok Nok Gateway offering is designed to facilitate the ease of FIDO enablement of Mobile Apps and its integration to the Nok Nok Authentication Server. Key benefits of this offering include: Single API call from the Mobile App - to trigger registration, authentication and deregistration process; Easy enablement and handling of network communications/Session management with the Nok Nok Authentication Server. ","shortDescription":"The Nok Nok S3 Authentication Suite is a digital authentication platform that delivers omnichannel passwordless customer authentication","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Nok Nok S3 Authentication Suite","keywords":"","description":"The Nok Nok S3 Authentication Suite enables FIDO certified multi-factor authentication (FIDO UAF, FIDO U2F, WebAuthn, and FIDO2) for mobile and web applications. Rather than the unpleasant experience of entering usernames and passwords, users can enjoy using t","og:title":"Nok Nok S3 Authentication Suite","og:description":"The Nok Nok S3 Authentication Suite enables FIDO certified multi-factor authentication (FIDO UAF, FIDO U2F, WebAuthn, and FIDO2) for mobile and web applications. Rather than the unpleasant experience of entering usernames and passwords, users can enjoy using t","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Nok_Nok_Labs.png"},"eventUrl":"","translationId":5712,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":848,"title":"Multi-factor authentication","alias":"multi-factor-authentication","description":" Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).\r\nTwo-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.\r\nA good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.\r\nTwo other examples are to supplement a user-controlled password with a one-time password (OTP) or code generated or received by an authenticator (e.g. a security token or smartphone) that only the user possesses.\r\nTwo-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or, the second step might be a six digit number generated by an app that is common to the user and the authentication system.","materialsDescription":" <span style=\"font-weight: bold;\">What is MFA?</span>\r\nMulti-factor authentication (MFA) combines two or more independent authentication factors. For example, suppose your website required your clients to enter something only they would know upon login (password), something they have (like a one-time smartphone authentication token provided by special software), and a biometric identifier (like a thumbprint). It is pretty hard for a mortgage cyber-attacker to have all three of those items, especially the biometric identifier.\r\n<span style=\"font-weight: bold;\">Why do I need MFA? What are the benefits?</span>\r\nPasswords are becoming increasingly easy to compromise. They can be stolen, “phished”, guessed, and hacked. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts increases vulnerability.\r\n<span style=\"font-weight: bold;\">How does MFA work?</span>\r\nMulti-factor authentication throws a few roadblocks in the hacker's pathway. Location factors are one way for a security system to identify a person's identity. For example, work schedules and location can determine whether a user is who he says he is. Time is another example of a security layer. If a person uses his phone at a job in the US, it is physically impossible for him to use it again from Europe 15 minutes later. These are especially helpful in online bank fraud and, by extension, mortgage company fraud.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Multi-factor_authentication.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3667,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/alcide.png","logo":true,"scheme":false,"title":"Alcide Kubernetes Advisor","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"alcide-kubernetes-advisor","companyTitle":"Alcide","companyTypes":["supplier","vendor"],"companyId":5885,"companyAlias":"alcide","description":"<b>Alcide Kubernetes Advisor</b> is a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes and Istio security best practices and compliance checks such as Kubernetes vulnerability scanning, hunting misplaced secrets, or excessive secret access, workload hardening from Pod Security to network policies, Istio security configuration and best practices, Ingress controllers for security best practices, Kubernetes API server access privileges and Kubernetes operators security best practices.\r\n<b>Alcide Advisor</b> is an agentless Kubernetes audit, compliance and hygiene scanner that’s built to ensure a friciton free DevSecOps workflows. Alcide Advisor can be plugged early in the development process and before moving to production.\r\nGet a single-pane view for all K8s-related issues: <b>audit</b>, <b>compliance</b>, <b>topology</b>, <b>network</b>, <b>policies</b>, and <b>threats</b> with Alcide Advisor, and integrate it with your CI/CD pipeline.\r\nWith Alcide Advisor, the security checks you can cover includes:\r\n<ul> <li>Kubernetes infrastructure vulnerability scanning</li> <li>Hunting misplaced secrets, or excessive priviliges for secret access</li> <li>Workload hardening from Pod Security to network policies</li> <li>Istio security configuration and best practices</li> <li>Ingress Controllers for security best practices</li> <li>Kubernetes API server access privileges</li> <li>Kubernetes operators security best practices</li> <li>Deployment conformance to labeling, annotating, resource limits and much more</li> </ul>\r\nWhether you are looking to secure Kubernetes cluster hygiene in your CI+CD pipeline, or to ensure consistent multi-cluster conformance, <b>Alcide Kubernetes Advisor</b> provides you with valuable benefits from day one: SecOps get visibility Into Kubernetes black box – from network and hygiene perspective and are able to get high resolution in cluster detection of threats. DevOps get to harden their cluster’s security and detect drifts in their software supply chain. Alcide also supports policy customization by security pros, that are monitored by DevOps. You can apply multiple policies managed by different teams, and violations can be routed to either ChatOps tools like Slack or security toolchain like Splunk.","shortDescription":"Alcide empowers DevOps, Security and Engineering teams with simplified control to manage and secure the evolving data center and hybrid cloud, at any scale","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Alcide Kubernetes Advisor","keywords":"","description":"<b>Alcide Kubernetes Advisor</b> is a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes and Istio security best practices and compliance checks such as Kubernetes vulnerability scanning, hunting misplaced secrets, or excessive secret a","og:title":"Alcide Kubernetes Advisor","og:description":"<b>Alcide Kubernetes Advisor</b> is a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes and Istio security best practices and compliance checks such as Kubernetes vulnerability scanning, hunting misplaced secrets, or excessive secret a","og:image":"https://old.roi4cio.com/fileadmin/user_upload/alcide.png"},"eventUrl":"","translationId":3667,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).&nbsp; The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the &quot;cyclical practice of identifying, classifying, prioritizing, remediating and mitigating&quot; software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"},{"id":465,"title":"UEBA - User and Entity Behavior Analytics","alias":"ueba-user-and-entity-behavior-analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing &quot;malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP.&quot; The addition of &quot;entity&quot; reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. &quot;When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats.&quot;\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be &quot;differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based).&quot; According to the 2015 market guide released by Gartner, &quot;the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased.&quot; The report further projected, &quot;Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems.&quot;","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":["Shortage of inhouse software developers","Shortage of inhouse IT resources","High costs of IT personnel","Shortage of inhouse IT engineers"],"materials":[],"useCases":[],"best_practices":[],"values":["Reduce Costs","Ensure Security and Business Continuity"],"implementations":[],"presenterCodeLng":"","productImplementations":[]}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}