{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"product":{"reference-bonus":{"ru":"Предложить бонус за референс","_type":"localeString","en":"Offer a reference bonus"},"configurator":{"_type":"localeString","en":"Сonfigurator","ru":"Конфигуратор"},"i-sell-it":{"ru":"I sell it","_type":"localeString","en":"I sell it"},"i-use-it":{"_type":"localeString","en":"I use it","ru":"I use it"},"roi-calculator":{"ru":"ROI-калькулятор","_type":"localeString","en":"ROI-calculator"},"selling":{"ru":"Продают","_type":"localeString","en":"Selling"},"using":{"en":"Using","ru":"Используют","_type":"localeString"},"show-more-button":{"en":"Show more","ru":"Показать еще","_type":"localeString"},"hide-button":{"_type":"localeString","en":"Hide","ru":"Скрыть"},"supplier-popover":{"en":"supplier","ru":"поставщик","_type":"localeString"},"implementation-popover":{"ru":"внедрение","_type":"localeString","en":"deployment"},"manufacturer-popover":{"en":"manufacturer","ru":"производитель","_type":"localeString"},"short-description":{"ru":"Краткое описание","_type":"localeString","en":"Pitch"},"i-use-it-popover":{"ru":"Внесите свое внедрение и получите бонус от ROI4CIO или поставщика.","_type":"localeString","en":"Make your introduction and get a bonus from ROI4CIO or the supplier."},"details":{"ru":"Детальнее","_type":"localeString","en":"Details"},"description":{"ru":"Описание","_type":"localeString","en":"Description"},"product-features":{"en":"Product features","ru":"Особенности продукта","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"solutions":{"_type":"localeString","en":" Problems that solves","ru":"Проблемы которые решает"},"values":{"ru":"Ценности","_type":"localeString","en":"Values"},"сomparison-matrix":{"en":"Comparison matrix","ru":"Матрица сравнения","_type":"localeString"},"testing":{"ru":"Тестирование","_type":"localeString","en":"Testing"},"compare":{"en":"Compare with competitors","ru":"Сравнить с конкурентами","_type":"localeString"},"characteristics":{"ru":"Характеристики","_type":"localeString","en":" Characteristics"},"transaction-features":{"en":"Transaction Features","ru":"Особенности сделки","_type":"localeString"},"average-discount":{"en":"Partner average discount","ru":"Средняя скидка партнера","_type":"localeString"},"deal-protection":{"_type":"localeString","en":"Deal protection","ru":"Защита сделки"},"average-deal":{"ru":"Средний размер сделки","_type":"localeString","en":"Average deal size"},"average-time":{"_type":"localeString","en":"Average deal closing time","ru":"Средний срок закрытия сделки"},"login":{"_type":"localeString","en":"Login","ru":"Войти"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"to-know-more":{"_type":"localeString","en":"To know more","ru":"Чтобы узнать больше"},"scheme":{"_type":"localeString","en":" Scheme of work","ru":"Схема работы"},"competitive-products":{"en":" Competitive products","ru":"Конкурентные продукты","_type":"localeString"},"implementations-with-product":{"ru":"Внедрения с этим продуктом","_type":"localeString","en":"Deployments with this product"},"user-features":{"en":"User features","ru":"Особенности пользователей","_type":"localeString"},"job-roles":{"_type":"localeString","en":" Roles of Interested Employees","ru":"Роли заинтересованных сотрудников"},"organizational-features":{"ru":"Организационные особенности","_type":"localeString","en":"Organizational Features"},"calculate-price":{"ru":"Рассчитать цену продукта","_type":"localeString","en":" Calculate product price"},"selling-stories":{"_type":"localeString","en":" Selling stories","ru":"Продающие истории"},"materials":{"ru":"Материалы","_type":"localeString","en":"Materials"},"about-product":{"_type":"localeString","en":"About Product","ru":"О продукте"},"or":{"ru":"или","_type":"localeString","en":"or"},"program-sends-data":{"_type":"localeString","en":"Program Sends Data"},"calculate-roi":{"ru":"Рассчитать ROI продукта","_type":"localeString","en":"Calculate Product ROI"},"complementary-categories":{"_type":"localeString","en":"Complementary Categories","ru":"Схожие категории"},"program-receives-data":{"_type":"localeString","en":"Program Receives Data"},"rebate":{"en":"Bonus","ru":"Бонус","_type":"localeString"},"rebate-for-poc":{"ru":"Бонус 4 POC","_type":"localeString","en":"Bonus 4 POC"},"configurator-content":{"_type":"localeString","en":"Calculate price for this product here","ru":"Рассчитайте стоимость продукта"},"configurator-link":{"ru":"тут","_type":"localeString","en":"here"},"vendor-popover":{"_type":"localeString","en":"vendor","ru":"производитель"},"user-popover":{"ru":"пользователь","_type":"localeString","en":"user"},"select-for-presentation":{"ru":"выбрать продукт для презентации","_type":"localeString","en":"select product for presentation"},"auth-message":{"_type":"localeString","en":"You have to register or login.","ru":"Вам нужно зарегистрироваться или войти."},"add-to-comparison":{"en":"Add to comparison","ru":"Добавить в сравнение","_type":"localeString"},"added-to-comparison":{"en":"Added to comparison","ru":"Добавлено в сравнения","_type":"localeString"},"roi-calculator-content":{"en":"Calculate ROI for this product here","ru":"Рассчитайте ROI для данного продукта","_type":"localeString"},"not-yet-converted":{"en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString"},"videos":{"ru":"Видео","_type":"localeString","en":"Videos"},"vendor-verified":{"en":"Vendor verified","ru":"Подтверждено производителем","_type":"localeString"},"event-schedule":{"ru":"Расписание событий","_type":"localeString","en":"Events schedule"},"scheduling-tip":{"ru":"Выберите удобную дату и время и зарегистрируйтесь на ивент.","_type":"localeString","en":"Please, сhoose a convenient date and time and register for the event."},"register-to-schedule":{"en":"To register for the event please log in or register on the site.","ru":"Для того чтобы зарегистрироваться на ивент пожалуйста авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString"},"comparison-matrix":{"ru":"Матрица сравнений","_type":"localeString","en":"Comparison matrix"},"compare-with-competitive":{"ru":"Сравнить с конкурентными","_type":"localeString","en":" Compare with competitive"},"avg-deal-closing-unit":{"ru":"месяцев","_type":"localeString","en":"months"},"under-construction":{"_type":"localeString","en":"Current feature is still developing to become even more useful for you.","ru":"Данная услуга всё ещё находится в разработке."},"product-presentation":{"ru":"Презентация продукта","_type":"localeString","en":"Product presentation"},"go-to-comparison-table":{"_type":"localeString","en":" Go to comparison table","ru":"Перейти к таблице сравнения"},"see-product-details":{"ru":"Детали","_type":"localeString","en":"See Details"}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"ru":"Как это работает","_type":"localeString","en":"How does it works","de":"Wie funktioniert es"},"login":{"_type":"localeString","en":"Log in","de":"Einloggen","ru":"Вход"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"en":"FAQ","de":"FAQ","ru":"FAQ","_type":"localeString"},"references":{"ru":"Мои запросы","_type":"localeString","en":"Requests","de":"References"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"en":"Business boosting","ru":"Развитие бизнеса","_type":"localeString"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"en":"For suppliers","ru":"Поставщикам","_type":"localeString"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"_type":"localeString","en":"Are you sure you want to delete","ru":"Подтвердите удаление"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"en":"Make online presentations","_type":"localeString"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"en":"Our Products","_type":"localeString"},"it_it_catalogs":{"en":"IT catalogs","_type":"localeString"}},"footer":{"copyright":{"_type":"localeString","en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены"},"company":{"ru":"О компании","_type":"localeString","en":"My Company","de":"Über die Firma"},"about":{"en":"About us","de":"Über uns","ru":"О нас","_type":"localeString"},"infocenter":{"de":"Infocenter","ru":"Инфоцентр","_type":"localeString","en":"Infocenter"},"tariffs":{"ru":"Тарифы","_type":"localeString","en":"Subscriptions","de":"Tarife"},"contact":{"_type":"localeString","en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами"},"marketplace":{"en":"Marketplace","de":"Marketplace","ru":"Marketplace","_type":"localeString"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche"},"calculate":{"ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost","de":"Kosten berechnen"},"get_bonus":{"en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString"},"salestools":{"de":"Salestools","ru":"Salestools","_type":"localeString","en":"Salestools"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"_type":"localeString","en":"ROI calculators","de":"ROI-Rechner","ru":"ROI калькуляторы"},"matrix":{"en":"Comparison matrix","de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString"},"b4r":{"de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference"},"our_social":{"de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString","en":"Our social networks"},"subscribe":{"_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"en":"Privacy Policy","ru":"Политика конфиденциальности","_type":"localeString"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"en":"blog","ru":"блог","_type":"localeString"},"pay4content":{"en":"we pay for content","ru":"платим за контент","_type":"localeString"},"categories":{"ru":"категории","_type":"localeString","en":"categories"},"showForm":{"en":"Show form","ru":"Показать форму","_type":"localeString"},"subscribe__title":{"en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"_type":"localeString","en":"username@gmail.com","ru":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter","de":"roi4presenter","ru":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"_type":"localeString","en":"Home","ru":"Главная"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"en":"Leave comment","ru":"Оставить комментарий","_type":"localeString"},"firstname":{"ru":"Имя","_type":"localeString","en":"First name"},"lastname":{"en":"Last name","ru":"Фамилия","_type":"localeString"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"_type":"localeString","en":"Position","ru":"Должность"},"actual-cost":{"_type":"localeString","en":"Actual cost","ru":"Фактическая стоимость"},"received-roi":{"_type":"localeString","en":"Received ROI","ru":"Полученный ROI"},"saving-type":{"en":"Saving type","ru":"Тип экономии","_type":"localeString"},"comment":{"ru":"Комментарий","_type":"localeString","en":"Comment"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}}},"translationsStatus":{"product":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"product":{"title":{"en":"ROI4CIO: Product","ru":"ROI4CIO: Продукт","_type":"localeString"},"meta":[{"name":"og:type","content":"website"},{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"}],"translatable_meta":[{"name":"og:title","translations":{"ru":"Конкретный продукт","_type":"localeString","en":"Example product"}},{"name":"og:description","translations":{"en":"Description for one product","ru":"Описание для конкретного продукта","_type":"localeString"}},{"translations":{"ru":"Продукт","_type":"localeString","en":"Product"},"name":"title"},{"name":"description","translations":{"_type":"localeString","en":"Product description","ru":"Описание продукта"}},{"translations":{"ru":"Ключевые слова продукта","_type":"localeString","en":"Product keywords"},"name":"keywords"}]}},"pageMetaDataStatus":{"product":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{"tunnelbear-vpn":{"id":6562,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/TunnelBear.png","logo":true,"scheme":false,"title":"TunnelBear VPN","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"tunnelbear-vpn","companyTitle":"TunnelBear","companyTypes":["vendor"],"companyId":9012,"companyAlias":"tunnelbear","description":"<div style=\"text-align:center;\"><b>Why millions of people are using TunnelBear </b>\r\n<b>Stop password and data theft </b>\r\nHackers can steal passwords and data over insecure public WiFi. TunnelBear blocks them to keep you secure. \r\n<b>Protect your online privacy </b>\r\nNetwork owners and internet providers can see everything you do online. With TunnelBear on, they can't see a thing. \r\n<b>Access global content </b>\r\nSome content is only available in certain regions. TunnelBear changes your virtual location so you can see it anywhere. \r\n<b>Prevent IP-based tracking </b>\r\nAd services use your IP address to track your behaviour across sites. TunnelBear stops them by assigning you a new IP. \r\n<b>Bypass local censorship </b>\r\nSome governments block popular websites and apps. TunnelBear unblocks them by changing your virtual location. \r\n<b>And way, way more </b>\r\nPlay on new game servers, prevent speed throttling, and unblock apps and websites on school and work networks. \r\n<div style=\"text-align:center;\"><b>Everything a VPN should have (and more) </b>\r\n<b>Engineered for speed </b>\r\nOur global server network is optimized to let you surf and stream quickly. No throttling, no buffering, no fuss. \r\n<b>Security you can rely on </b>\r\nTunnelBear is the only VPN in the world to publish regular, independent security audits of our apps. \r\n<b>Strong Encryption </b>\r\nTunnelBear uses strong AES 256-bit encryption by default. Weaker encryption isn't even an option. ","shortDescription":"A more secure way to browse the web\r\n","type":"Software","isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"TunnelBear VPN","keywords":"","description":"<div style=\"text-align:center;\"><b>Why millions of people are using TunnelBear </b>\r\n<b>Stop password and data theft </b>\r\nHackers can steal passwords and data over insecure public WiFi. TunnelBear blocks them to keep you secure. \r\n<b>Protect your online priva","og:title":"TunnelBear VPN","og:description":"<div style=\"text-align:center;\"><b>Why millions of people are using TunnelBear </b>\r\n<b>Stop password and data theft </b>\r\nHackers can steal passwords and data over insecure public WiFi. TunnelBear blocks them to keep you secure. \r\n<b>Protect your online priva","og:image":"https://old.roi4cio.com/fileadmin/user_upload/TunnelBear.png"},"eventUrl":"","translationId":6562,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"}],"characteristics":[],"concurentProducts":[{"id":6461,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/SurfEasy.png","logo":true,"scheme":false,"title":"SurfEasy VPN","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"surfeasy-vpn","companyTitle":"SurfEasy","companyTypes":["supplier","vendor"],"companyId":6821,"companyAlias":"surfeasy","description":"SurfEasy VPN uses encryption to help block hackers from stealing the personal info you send and receive over Wi-Fi \r\n<b>Features:</b>\r\n<ul> <li>No-log network. We don’t retain any logs related to your online, browsing or downloading activity, so even we don’t know what you’re up to. </li> <li>Bank-grade encryption. We use bank-grade encryption to ensure that your information has protection by the highest-quality technology. </li> <li>One click IP masking. Switch your location with just one click. </li> <li>500 ultra fast servers in 28 countries (and increasing). With servers in 28 countries and counting, you can access your favorite apps and websites from abroad, just like at home. </li> <li>Enhanced Tracker Blocker. Our tracker blocking algorithm blocks tracking cookies used by advertisers to follow you online, giving you a private and peaceful online experience. </li> <li>Unlimited simultaneous use on 5 devices. Enjoy unlimited use on all your devices, even if you use them at the same time. </li> <li>No data limits on all paid plans. All our paid plans give you no data limits, meaning you never have to worry about VPN usage limits. </li> <li>Available on multiple platforms. SurfEasy VPN supports Windows, Mac, iOS, and Android. We also offer extensions for Opera and Chrome browsers. </li> <li>Friendly phone/email/chat support. Our support team lives up to the friendly Canadian stereotype and are available 7 days a week (9am -5pm Est, English only) to help with whatever you need. </li> <li>99.9% uptime. Our reliable network maintains a 99.9% uptime. </li> <li>14-day money back guarantee for monthly plans. Not satisfied? Get your money back! We offer a hassle-free cancellation and refund policy. </li> </ul>","shortDescription":"Help keep your online activity private with SurfEasy VPN\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"SurfEasy VPN","keywords":"","description":"SurfEasy VPN uses encryption to help block hackers from stealing the personal info you send and receive over Wi-Fi \r\n<b>Features:</b>\r\n<ul> <li>No-log network. We don’t retain any logs related to your online, browsing or downloading activity, so even we don’t ","og:title":"SurfEasy VPN","og:description":"SurfEasy VPN uses encryption to help block hackers from stealing the personal info you send and receive over Wi-Fi \r\n<b>Features:</b>\r\n<ul> <li>No-log network. We don’t retain any logs related to your online, browsing or downloading activity, so even we don’t ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/SurfEasy.png"},"eventUrl":"","translationId":6461,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":43,"title":"Data Encryption","alias":"data-encryption","description":"<span style=\"font-weight: bold;\">Data encryption</span> translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext. Currently, encryption is one of the most popular and effective data security methods used by organizations. \r\nTwo main types of data encryption exist - <span style=\"font-weight: bold;\">asymmetric encryption</span>, also known as public-key encryption, and <span style=\"font-weight: bold;\">symmetric encryption</span>.<br />The purpose of data encryption is to protect digital data confidentiality as it is stored on computer systems and transmitted using the internet or other computer networks. The outdated data encryption standard (DES) has been replaced by modern encryption algorithms that play a critical role in the security of IT systems and communications.\r\nThese algorithms provide confidentiality and drive key security initiatives including authentication, integrity, and non-repudiation. Authentication allows for the verification of a message’s origin, and integrity provides proof that a message’s contents have not changed since it was sent. Additionally, non-repudiation ensures that a message sender cannot deny sending the message.\r\nData protection software for data encryption can provide encryption of devices, email, and data itself. In many cases, these encryption functionalities are also met with control capabilities for devices, email, and data. \r\nCompanies and organizations face the challenge of protecting data and preventing data loss as employees use external devices, removable media, and web applications more often as a part of their daily business procedures. Sensitive data may no longer be under the company’s control and protection as employees copy data to removable devices or upload it to the cloud. As a result, the best data loss prevention solutions prevent data theft and the introduction of malware from removable and external devices as well as web and cloud applications. In order to do so, they must also ensure that devices and applications are used properly and that data is secured by auto-encryption even after it leaves the organization.\r\nEncryption software program encrypts data or files by working with one or more encryption algorithms. Security personnel use it to protect data from being viewed by unauthorized users.\r\nTypically, each data packet or file encrypted via data encryption programs requires a key to be decrypted to its original form. This key is generated by the software itself and shared between the data/file sender and receiver. Thus, even if the encrypted data is extracted or compromised, its original content cannot be retrieved without the encryption key. File encryption, email encryption, disk encryption and network encryption are widely used types of data encryption software.<br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is Encryption software?</span></h1>\r\nEncryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.There are many software products which provide encryption. Software encryption uses a cipher to obscure the content into ciphertext. One way to classify this type of software is by the type of cipher used. Ciphers can be divided into two categories: <span style=\"font-weight: bold;\">public key ciphers</span> (also known as asymmetric ciphers), and <span style=\"font-weight: bold;\">symmetric key ciphers</span>. Encryption software can be based on either public key or symmetric key encryption.\r\nAnother way to classify crypto software is to categorize its purpose. Using this approach, software encryption may be classified into software which encrypts "<span style=\"font-weight: bold;\">data in transit</span>" and software which encrypts "<span style=\"font-weight: bold;\">data at rest</span>". Data in transit generally uses public key ciphers, and data at rest generally uses symmetric key ciphers.\r\nSymmetric key ciphers can be further divided into stream ciphers and block ciphers. Stream ciphers typically encrypt plaintext a bit or byte at a time, and are most commonly used to encrypt real-time communications, such as audio and video information. The key is used to establish the initial state of a keystream generator, and the output of that generator is used to encrypt the plaintext. Block cipher algorithms split the plaintext into fixed-size blocks and encrypt one block at a time. For example, AES processes 16-byte blocks, while its predecessor DES encrypted blocks of eight bytes.<br />There is also a well-known case where PKI is used for data in transit of data at rest.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">How Data Encryption is used?</span></h1>\r\nThe purpose of data encryption is to deter malicious or negligent parties from accessing sensitive data. An important line of defense in a cybersecurity architecture, encryption makes using intercepted data as difficult as possible. It can be applied to all kinds of data protection needs ranging from classified government intel to personal credit card transactions. Data encryption software, also known as an encryption algorithm or cipher, is used to develop an encryption scheme which theoretically can only be broken with large amounts of computing power.\r\nEncryption is an incredibly important tool for keeping your data safe. When your files are encrypted, they are completely unreadable without the correct encryption key. If someone steals your encrypted files, they won’t be able to do anything with them.\r\nThere different types of encryption: hardware and software. Both offer different advantages. So, what are these methods and why do they matter?\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Software Encryption</span></h1>\r\n<p class=\"align-left\">As the name implies, software encryption uses features of encryption software to encrypt your data. Cryptosoft typically relies on a password; give the right password, and your files will be decrypted, otherwise they remain locked. With encryption enabled, it is passed through a special algorithm that scrambles your data as it is written to disk. The same software then unscrambles data as it is read from the disk for an authenticated user.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Pros.</span>Crypto programs is typically quite cheap to implement, making it very popular with developers. In addition, software-based encryption routines do not require any additional hardware.<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Cons.</span>Types of encryption software is only as secure as the rest of your computer or smartphone. If a hacker can crack your password, the encryption is immediately undone.<br />Software encryption tools also share the processing resources of your computer, which can cause the entire machine to slow down as data is encrypted/decrypted. You will also find that opening and closing encrypted files is much slower than normal because the process is relatively resource intensive, particularly for higher levels of encryption</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Hardware encryption</span></h1>\r\n<p class=\"align-left\">At the heart of hardware encryption is a separate processor dedicated to the task of authentication and encryption. Hardware encryption is increasingly common on mobile devices. <br />The encryption protection technology still relies on a special key to encrypt and decrypt data, but this is randomly generated by the encryption processor. Often times, hardware encryption devices replace traditional passwords with biometric logons (like fingerprints) or a PIN number that is entered on an attached keypad<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Pros.</span>Hardware offers strong encryption, safer than software solutions because the encryption process is separate from the rest of the machine. This makes it much harder to intercept or break. </p>\r\n<p class=\"align-left\">The use of a dedicated processor also relieves the burden on the rest of your device, making the encryption and decryption process much faster.<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Cons.</span>Typically, hardware-based encrypted storage is much more expensive than a software encryption tools. <br />If the hardware decryption processor fails, it becomes extremely hard to access your information.<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">The Data Recovery Challenge. </span>Encrypted data is a challenge to recover. Even by recovering the raw sectors from a failed drive, it is still encrypted, which means it is still unreadable. </p>\r\n<p class=\"align-left\">Hardware encrypted devices don’t typically have these additional recovery options. Many have a design to prevent decryption in the event of a component failure, stopping hackers from disassembling them. The fastest and most effective way to deal with data loss on an encrypted device is to ensure you have a complete backup stored somewhere safe. For your PC, this may mean copying data to another encrypted device. For other devices, like your smartphone, backing up to the Cloud provides a quick and simple economy copy that you can restore from. As an added bonus, most Cloud services now encrypt their users’ data too. <br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Encryption.png"},{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6497,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/TheGreenBow.png","logo":true,"scheme":false,"title":"TheGreenBow VPN Client for Windows","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"thegreenbow-vpn-client-for-windows","companyTitle":"TheGreenBow","companyTypes":["supplier","vendor"],"companyId":6822,"companyAlias":"thegreenbow","description":"Enterprises need to have remote access to the company's applications and servers quickly, easily and securely. TheGreenBow VPN Client enables employees to work from home or on the road, and IT managers to connect in remote desktop sharing to the enterprise infrastructure. The VPN Client offers a range of features from simple authentication via simple login to advanced full PKI integration capabilities. \r\n<b>Main Features:</b>\r\n<b>Remote Desktop Sharing </b>\r\nMultiple Remote Desktop Sharing sessions may be configured in the 'Remote Sharing' tab. This feature enables a user to share his machine on the corporate network from a remote location like home. When the user click on one of the Remote Desktop Sharing session, the associated VPN tunnel automatically opened, and an Remote Desktop Protocol session is launched to reached the remote machine. \r\n<b>USB Mode </b>\r\nTheGreenBow VPN Client brings the capability to secure VPN configurations and VPN security elements (e.g. PreShared key, Certificates, .) onto an USB Drive and out of the computer. This gives users the ability to attach a VPN Configuration: \r\n<ul> <li>to a specific computer: therefore the VPN tunnels defined in the VPN configuration can only be used on that specific computer. </li> <li>to a specific USB drive: therefore the VPN tunnels defined in the VPN configuration can only be used with specific USB Drive. </li> </ul>\r\n<b>Script configuration </b>\r\nScripts may be configured in the 'Scripts' tab. This tab can be found in Phase 2 Settings panel. Scripts or applications can be enabled for each step of a VPN tunnel opening and closing process: \r\n<ul> <li>Before tunnel is opened </li> <li>Right after the tunnel is opened </li> <li>Before tunnel closes </li> <li>Right after tunnel is closed </li> </ul>\r\nThis feature enables to execute scripts (batches, scripts, applications...) at each step of a tunnel connection for a variety of purposes e.g. to check current software release, to check database availability before launching backup application, to check a software is running, a logon is set... . It also enables to configure various network configuration before, during and after tunnel connections.","shortDescription":"Remote Access with TheGreenBow VPN Client\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"TheGreenBow VPN Client for Windows","keywords":"","description":"Enterprises need to have remote access to the company's applications and servers quickly, easily and securely. TheGreenBow VPN Client enables employees to work from home or on the road, and IT managers to connect in remote desktop sharing to the enterprise inf","og:title":"TheGreenBow VPN Client for Windows","og:description":"Enterprises need to have remote access to the company's applications and servers quickly, easily and securely. TheGreenBow VPN Client enables employees to work from home or on the road, and IT managers to connect in remote desktop sharing to the enterprise inf","og:image":"https://old.roi4cio.com/fileadmin/user_upload/TheGreenBow.png"},"eventUrl":"","translationId":6497,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3762,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/esdenera_networks.png","logo":true,"scheme":false,"title":"Esdenera Networks Firewall 3","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"esdenera-networks-firewall-3","companyTitle":"Esdenera Networks","companyTypes":["supplier","vendor"],"companyId":5935,"companyAlias":"esdenera-networks","description":"The Esdenera Firewall 3 is a professional network appliance that has been built for enterprise networks, Infrastructure-as-a-Service (IaaS), and remote access solutions. It is build upon Esdenera's TNOS network operating system, a high-secure OpenBSD-based platform. In addition to the leading packet filter and stateful firewalling capabilities, Esdenera introduces applications identities, a programmable approach to detect apps, stacks and things that turns it into a truly next generation firewall.\r\n<b>Features:</b>\r\n<b>Rules</b>\r\nThe enhanced PF packet filter provides a Stateful SPI-Firewall that filters, translates and normalizes network sessions of the IPv4 and IPv6 Internet protocols. And it can do much more – with built-in redundancy and failover options.\r\n<b>Identities</b>\r\nUse identities to filter on more than addresses and ports. They can describe people, things, applications, services, or entire software stacks using dynamic tables or accelerated, customizable programs.\r\n<b>Relays</b>\r\nRelays are stream-based and application-aware network engines. They can manage your web traffic, load balance connections, assign sophisticated user policies or inspect TLS connections as a trusted machine in the middle.\r\n<b>Why use Esdenera® Firewall 3</b>\r\n<ul> <li>Trusted Code</li><p> </p> <li>NFV Services</li><p> </p> <li>Cloud-ready</li><p> </p> <li>Built for SDN</li><p> </p> </ul>","shortDescription":"The Esdenera® Firewall 3 is a next generation firewall","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":8,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Esdenera Networks Firewall 3","keywords":"","description":"The Esdenera Firewall 3 is a professional network appliance that has been built for enterprise networks, Infrastructure-as-a-Service (IaaS), and remote access solutions. It is build upon Esdenera's TNOS network operating system, a high-secure OpenBSD-based pla","og:title":"Esdenera Networks Firewall 3","og:description":"The Esdenera Firewall 3 is a professional network appliance that has been built for enterprise networks, Infrastructure-as-a-Service (IaaS), and remote access solutions. It is build upon Esdenera's TNOS network operating system, a high-secure OpenBSD-based pla","og:image":"https://old.roi4cio.com/fileadmin/user_upload/esdenera_networks.png"},"eventUrl":"","translationId":3761,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":39,"title":"IaaS - Infrastructure as a Service","alias":"iaas-infrastructure-as-a-service","description":"<span style=\"font-weight: bold;\">Infrastructure as a service</span> (IaaS) are online services that provide high-level APIs used to dereference various low-level details of underlying network infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc. A hypervisor, such as Xen, Oracle VirtualBox, Oracle VM, KVM, VMware ESX/ESXi, or Hyper-V, LXD, runs the virtual machines as guests. Pools of hypervisors within the cloud operational system can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements.\r\nTypically IaaS solutions involve the use of a cloud orchestration technology like Open Stack, Apache Cloudstack or Open Nebula. This manages the creation of a virtual machine and decides on which hypervisor (i.e. physical host) to start it, enables VM migration features between hosts, allocates storage volumes and attaches them to VMs, usage information for billing and lots more.\r\nAn alternative to hypervisors are Linux containers, which run in isolated partitions of a single Linux kernel running directly on the physical hardware. Linux cgroups and namespaces are the underlying Linux kernel technologies used to isolate, secure and manage the containers. Containerisation offers higher performance than virtualization, because there is no hypervisor overhead. Also, container capacity auto-scales dynamically with computing load, which eliminates the problem of over-provisioning and enables usage-based billing.\r\nIaaS clouds often offer additional resources such as a virtual-machine disk-image library, raw block storage, file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles.\r\nAccording to the Internet Engineering Task Force (IETF), the most basic cloud-service model is that of providers offering IT infrastructure – virtual machines and other resources – as a service to subscribers.\r\nIaaS cloud providers supply these resources on-demand from their large pools of equipment installed in data centers. For wide-area connectivity, customers can use either the Internet or carrier clouds (dedicated virtual private networks). To deploy their applications, cloud users install operating-system images and their application software on the cloud infrastructure. In this model, the cloud user patches and maintains the operating systems and the application software. Cloud infrastructure providers typically bill IaaS services on a utility computing basis: cost reflects the amount of resources allocated and consumed.","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">Infrastructure as a Service Benefits </span></h1>\r\n<span style=\"font-weight: bold; \">Cost savings:</span> An obvious benefit of moving to the managed IaaS model is lower infrastructure costs. No longer do organizations have the responsibility of ensuring uptime, maintaining hardware and networking equipment, or replacing old equipment. IaaS technology also saves enterprises from having to buy more capacity to deal with sudden business spikes. Organizations with a smaller IT infrastructure generally require a smaller IT staff as well. The pay-as-you-go model also provides significant cost savings. \r\n<span style=\"font-weight: bold; \">Scalability and flexibility:</span> One of the greatest benefits of IaaS is the ability to scale up and down quickly in response to an enterprise’s requirements. Infrastructure as a Service providers generally have the latest, most powerful storage, servers and networking technology to accommodate the needs of their customers. This on-demand scalability provides added flexibility and greater agility to respond to changing opportunities and requirements. \r\n<span style=\"font-weight: bold; \">Faster time to market:</span> Competition is strong in every sector, and time to market is one of the best ways to beat the competition. Because IaaS vendors elasticity and scalability, organizations can ramp up and get the job done (and the product or service to market) more rapidly.\r\n<span style=\"font-weight: bold; \">Support for DR, BC and high availability:</span> While every enterprise has some type of disaster recovery plan, the technology behind those plans is often expensive and unwieldy. Organizations with several disparate locations often have different disaster recovery and business continuity plans and technologies, making management virtually impossible.\r\n<span style=\"font-weight: bold; \">Focus on business growth:</span> Time, money and energy spent making technology decisions and hiring staff to manage and maintain the technology infrastructure is time not spent on growing the business. By moving infrastructure to a global infrastructure services, organizations can focus their time and resources where they belong, on developing innovations in applications and solutions.\r\n<h1 class=\"align-center\">IaaS, PaaS and SaaS: What’s the Difference?</h1>\r\nPlatform as a Service (PaaS) is the next step up from IaaS products, where the provider also supplies the operating environment including the operating system, application services, middleware and other ‘runtimes’ for cloud users. It’s used for development environments where the business can focus on creating an app but wants someone else to maintain the deployment platform. It means you have much simpler workloads but you can’t necessarily be as flexible as you want.\r\nAt the highest level of orchestration is Software as a Service. In SaaS infrastructure applications are accessed on demand. Here you just open your browser and go, consuming software rather than installing and running it. A user simply logs on to access the provider’s application. Users can decide how the app will work but pretty much everything else is the responsibility of the software provider.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IaaS.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_NGFW.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6073,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Perimeter_81.png","logo":true,"scheme":false,"title":"Perimeter 81 Zero Trust Network Access","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"perimeter-81-zero-trust-network-access","companyTitle":"Perimeter 81","companyTypes":["supplier","vendor"],"companyId":5770,"companyAlias":"perimeter-81","description":"<p class=\"align-center\"><b>Fully Customizable, Zero Trust Networking </b></p>\r\nPerimeter 81’s Zero Trust Network Access it is a suite of networking capabilities service designed to assure the security and integrity of organization’s network.\r\n<b>Multi-Regional Deployment </b>\r\nDeploy private gateways in different locations to ensure your network can best serve international branches and employees with reduced latency and optimal speed. \r\n<b>Policy-Based Segmentation </b>\r\nEasily segment network access with our group creation and G Suite/ Google Cloud, Okta, Microsoft Azure AD and Active Directory/LDAP Identity Provider integration. \r\n<b>Built-In Two Factor Verification </b>\r\nAdd an extra layer of security, prevent remote attacks and ensure regulatory compliance with SMS notifications, Google Authenticator and Duo Security authentication. \r\n<b>Precise Split Tunneling </b>\r\nControl whether you tunnel all your network traffic, or specific subnets, from our single-click client applications to Perimeter 81’s multi-tenant Network as a Service. \r\n<b>Site-to-Site Interconnectivity </b>\r\nInterconnect your cloud environments, including AWS, Azure, and Google Cloud, or create a secure communication link between two different networks located at different sites. \r\n<b>Network Auditing & Monitoring </b>\r\nGain more insight into your network’s health, activity and security, including visibility into group and server creation, team member authentication, password changes and more. \r\n<b><i>Defining Zero Trust for Your Network </i></b>\r\n<ul> <li>Segment Your Network. Network segmentation allows organizations to define internal trust boundaries to granularly control traffic flow, enable secure network access and implement network monitoring. </li> <li>Establish Trust Zones. Trust zones are comprised of distinct pockets of infrastructure where resources operate at the same trust level and similar functionality, minimizing pathways and limiting malicious threats. </li> <li>Manage Your Infrastructure. Efficiently monitor the network via centralized management capabilities, allowing data to be processed by tools that may further enhance network visibility, detect unknown threats, or support compliance reporting. </li> </ul>","shortDescription":"Perimeter 81’s ZeroTrust Network Access it is a solution for zero-trust access to on-premise resources and critical cloud environments with one unified cloud platform","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Perimeter 81 Zero Trust Network Access","keywords":"","description":"<p class=\"align-center\"><b>Fully Customizable, Zero Trust Networking </b></p>\r\nPerimeter 81’s Zero Trust Network Access it is a suite of networking capabilities service designed to assure the security and integrity of organization’s network.\r\n<b>Multi-Re","og:title":"Perimeter 81 Zero Trust Network Access","og:description":"<p class=\"align-center\"><b>Fully Customizable, Zero Trust Networking </b></p>\r\nPerimeter 81’s Zero Trust Network Access it is a suite of networking capabilities service designed to assure the security and integrity of organization’s network.\r\n<b>Multi-Re","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Perimeter_81.png"},"eventUrl":"","translationId":6072,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"},{"id":375,"title":"Mobile Enterprise Security","alias":"mobile-enterprise-security","description":" Because mobile devices are easily lost or stolen, data on those devices is vulnerable. Enterprise mobility management is a set of systems intended to prevent unauthorized access to enterprise applications and/or corporate data on mobile devices. These can include password protection, encryption and/or remote wipe technology, which allows an administrator to delete all data from a misplaced device. With many systems, security policies can be centrally managed and enforced. Such device management systems are programmed to support and cooperate with the application programming interfaces (APIs) from various device makers to increase security compliance.\r\nThe data transfer between mobile device and the enterprise should always be encrypted, for example through a VPN tunnel or over HTTPS.\r\nMobile devices in companies with "bring your own device" (BYOD) policies are often used both personally and professionally. In these cases, corporate IT has less control over whether malware is on the device and what damage may be caused to corporate data. Apart from careful user behavior - data storage on the mobile device should be limited and centrally organized.","materialsDescription":" <span style=\"font-weight: bold;\">What is mobile security?</span>\r\nMobile security refers to the set of technologies and practices that aim to protect mobile devices against operating system vulnerabilities, network and app attacks, or mobile malware. Technologies such as enterprise mobility management (EMM) solutions manage compliance policies and issues relating to device privilege or loss.\r\n<span style=\"font-weight: bold;\">What are mobile security threats?</span>\r\nMobile security threats are vulnerabilities or attacks that attempt to compromise your phone's operating system, internet connection, Wi-Fi and Bluetooth connections, or apps. Smartphones possess very different behaviors and capabilities compared to PCs or laptops and need to be equipped to detect attacks specific to mobile devices. Mobile devices contain unique functions and behaviors making traditional IT security solutions ineffective for securing mobile devices. One of the primary differences in how mobile devices are different from PCs and laptops is administration privileges. There are several administrators for a PC or laptop making it simple for corporate IT to install security software and monitor computers for problems. On mobile devices, the administration is handled by the device owner. The device owner is the only one that can install apps or allow other management profiles on the device. This means the burden of securing the mobile device and its data falls entirely on the user--who may not have the time or expertise to provide proper mobile device security.\r\n<span style=\"font-weight: bold;\">Why is mobile security important?</span>\r\nMobile security is very important since our mobile device is now our primary computing device. On average, users spend more than 5 hours each day on a mobile device conducting company and personal business. The shift in device usage habits has also moved the prime target for hackers from PCs to our mobile devices. Since mobile devices are now a prime target, we need to secure them and arm them with threat detection and malware protection just like PCs. Smartphones are able to circumvent traditional security controls, and typically represent a massive blind spot for IT and security teams. Hackers know this, which no doubt contributed to the number of smartphone attacks recorded between January and July 2016. The number of attacks nearly doubled compared to the last six months of 2015. During that same time period, smartphones accounted for 78% of all mobile network infections.\r\n<span style=\"font-weight: bold;\">Which mobile security is best for enterprises?</span>\r\nThere are a number of mobile security solutions available on the market, but identifying which mobile security is best for enterprises entails using specific criteria. As is often the case, solutions designed for consumers and end-users may not be as robust, full-featured, reliable and scalable as solutions designed specifically for the enterprise. In particular, mobile security solutions that are suitable for enterprise use should include scalability, autonomous functionality, machine learning, on-device operation, and protection from zero-day threats. Enterprises also need to consider flexible deployment models to take advantage of existing infrastructure or cloud computing environments.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Mobile_Enterprise_Security.png"},{"id":485,"title":"Web security","alias":"web-security","description":" Web security basically means protecting a website or web application by detecting, preventing and responding to cyber threats.\r\nWebsites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cybercrime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised.\r\nThat’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it.\r\nThere are a lot of factors that go into web security and web protection. Any website or application that is secure is surely backed by different types of checkpoints and techniques for keeping it safe.\r\nThere are a variety of security standards that must be followed at all times, and these standards are implemented and highlighted by the OWASP. Most experienced web developers from top cybersecurity companies will follow the standards of the OWASP as well as keep a close eye on the Web Hacking Incident Database to see when, how, and why different people are hacking different websites and services.\r\nEssential steps in protecting web apps from attacks include applying up-to-date encryption, setting proper authentication, continuously patching discovered vulnerabilities, avoiding data theft by having secure software development practices. The reality is that clever attackers may be competent enough to find flaws even in a fairly robust secured environment, and so a holistic security strategy is advised.\r\nThere are different types of technologies available for maintaining the best security standards. Some popular technical solutions for testing, building, and preventing threats include black and white box testing tools, fuzzing tools, WAF, security or vulnerability scanners, password cracking tools, and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What is Malware?</span>\r\nThe name malware is short for ‘malicioussoftware’. Malware includes any software program that has been created to perform an unauthorised — and often harmful — action on a user’s device. Examples of malware include:\r\n<ul><li>Computer viruses</li><li>Word and Excel macro viruses</li><li>Boot sector viruses</li><li>Script viruses — including batch, Windows shell, Java and others</li><li>Keyloggers</li><li>Password stealers</li><li>Backdoor Trojan viruses</li><li>Other Trojan viruses</li><li>Crimeware</li><li>Spyware</li><li>Adware... and many other types of malicious software programs</li></ul>\r\n<span style=\"font-weight: bold; \">What is the difference between a computer virus and a worm?</span>\r\n<span style=\"font-weight: bold; \">Computer virus.</span> This is a type of malicious program that can replicate itself — so that it can spread from file to file on a computer, and can also spread from one computer to another. Computer viruses are often programmed to perform damaging actions — such as corrupting or deleting data. The longer a virus remains undetected on your machine, the greater the number of infected files that may be on your computer.\r\n<span style=\"font-weight: bold; \">Worms.</span> Worms are generally considered to be a subset of computer viruses — but with some specific differences:\r\n<ul><li>A worm is a computer program that replicates, but does not infect other files.</li><li>The worm will install itself once on a computer — and then look for a way to spread to other computers.</li><li>Whereas a virus is a set of code that adds itself to existing files, a worm exists as a separate, standalone file.</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Trojan virus?</span>\r\nA Trojan is effectively a program that pretends to be legitimate software — but, when launched, it will perform a harmful action. Unlike computer viruses and worms, Trojans cannot spread by themselves. Typically, Trojans are installed secretly and they deliver their malicious payload without the user’s knowledge.\r\nCybercriminals use many different types of Trojans — and each has been designed to perform a specific malicious function. The most common are:\r\n<ul><li>Backdoor Trojans (these often include a keylogger)</li><li>Trojan Spies</li><li>Password stealing Trojans</li><li>Trojan Proxies — that convert your computer into a spam distribution machine</li></ul>\r\n<span style=\"font-weight: bold; \">Why are Trojan viruses called Trojans?</span>\r\nIn Greek mythology — during the Trojan war — the Greeks used subterfuge to enter the city of Troy. The Greeks constructed a massive wooden horse — and, unaware that the horse contained Greek soldiers, the Trojans pulled the horse into the city. At night, the Greek soldiers escaped from the horse and opened the city gates — for the Greek army to enter Troy.\r\nToday, Trojan viruses use subterfuge to enter unsuspecting users’ computers and devices.\r\n<span style=\"font-weight: bold; \">What is a Keylogger?</span>\r\nA keylogger is a program that can record what you type on your computer keyboard. Criminals use keyloggers to obtain confidential data — such as login details, passwords, credit card numbers, PINs and other items. Backdoor Trojans typically include an integrated keylogger.\r\n<span style=\"font-weight: bold; \">What is Phishing?</span>\r\nPhishing is a very specific type of cybercrime that is designed to trick you into disclosing valuable information — such as details about your bank account or credit cards. Often, cybercriminals will create a fake website that looks just like a legitimate site — such as a bank’s official website. The cybercriminal will try to trick you into visiting their fake site — typically by sending you an email that contains a hyperlink to the fake site. When you visit the fake website, it will generally ask you to type in confidential data — such as your login, password or PIN.\r\n<span style=\"font-weight: bold; \">What is Spyware?</span>\r\nSpyware is software that is designed to collect your data and send it to a third party — without your knowledge or consent. Spyware programs will often:\r\n<ul><li>Monitor the keys you press on your keyboard — using a keylogger</li><li>Collect confidential information — such as your passwords, credit card numbers, PIN numbers and more</li><li>Gather — or ‘harvest’ — email addresses from your computer</li><li>Track your Internet browsing habits</li></ul>\r\n<span style=\"font-weight: bold; \">What is a Rootkit?</span>\r\nRootkits are programs that hackers use in order to evade detection while trying to gain unauthorised access to a computer. Rootkits have been used increasingly as a form of stealth to hide Trojan virus activity. When installed on a computer, rootkits are invisible to the user and also take steps to avoid being detected by security software.\r\nThe fact that many people log into their computers with administrator rights — rather than creating a separate account with restricted access — makes it easier for cybercriminals to install a rootkit.\r\n<span style=\"font-weight: bold; \">What is a Botnet?</span>\r\nA botnet is a network of computers controlled by cybercriminals using a Trojan virus or other malicious program.\r\n<span style=\"font-weight: bold;\">What is a DDoS attack?</span>\r\nA Distributed-Denial-of-Service (DDoS) attack is similar to a DoS. However, a DDoS attack is conducted using multiple machines. Usually, for a DDoS attack, the hacker will use one security compromised computer as the ‘master’ machine that co-ordinates the attack by other ‘zombie machines’. Typically, the cybercriminal will compromise the security on the master and all of the zombie machines, by exploiting a vulnerability in an application on each computer — to install a Trojan or other piece of malicious code.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/security-web-application-security.png"},{"id":856,"title":"Secure Communications","alias":"secure-communications","description":" <span style=\"font-weight: bold;\">Secure communication</span> is when two entities are communicating and do not want a third party to listen in. For that, they need to communicate in a way not susceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what was said. Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe to say that no communication is guaranteed secure in this sense, although practical obstacles such as legislation, resources, technical issues (interception and encryption), and the sheer volume of communication serve to limit surveillance.\r\nWith many communications taking place over long distances and mediated by technology, and increasing awareness of the importance of interception issues, technology, and its compromise are at the heart of this debate.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Encryption</span></span> is a method in which data is rendered hard to read by an unauthorized party. Since encryption methods are created to extremely hard to break, many communication methods either use deliberately weaker encryption than possible or have backdoors inserted to permit rapid decryption. In some cases, government authorities have required backdoors to be installed in secret. Many methods of encryption are also subject to "man in the middle" attack whereby a third party who can 'see' the establishment of the secure communication is made privy to the encryption method, this would apply for example to the interception of computer use at an ISP. Provided it is correctly programmed, sufficiently powerful, and the keys not intercepted, encryption would usually be considered secure.\r\nEncryption can be implemented in a way that requires the use of encryption, i.e. if encrypted communication is impossible then no traffic is sent, or opportunistically. Opportunistic encryption is a lower security method to generally increase the percentage of generic traffic which is encrypted. This is analogous to beginning every conversation with "Do you speak Navajo?" If the response is affirmative, then the conversation proceeds in Navajo, otherwise, it uses the common language of the two speakers. This method does not generally provide authentication or anonymity but it does protect the content of the conversation from eavesdropping.\r\nAn Information-theoretic security technique known as physical layer encryption ensures that a wireless communication link is provably secure with communications and coding techniques.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Steganography</span></span> ("hidden writing") is also the means by which data can be hidden within other more innocuous data. Thus a watermark proving ownership embedded in the data of a picture, in such a way it is hard to find or remove unless you know how to find it. Or, for communication, the hiding of important data (such as a telephone number) in apparently innocuous data (an MP3 music file). An advantage of steganography is plausible deniability, that is unless one can prove the data is there (which is usually not easy), it is deniable that the file contains any.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Identity-based networks</span></span> are one of the tools to obtain security. Unwanted or malicious behavior is possible on the web since the internet is inherently anonymous. True identity-based networks replace the ability to remain anonymous and are inherently more trustworthy since the identity of the sender and recipient are known. (The telephone system is an example of an identity-based network.)\r\nRecently, <span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">anonymous networking</span></span> also has been used to secure communications. In principle, a large number of users running the same system can have communications routed between them in such a way that it is very hard to detect what the complete message is, which user sent it, and where it is ultimately coming from or going to. Examples are Crowds, Tor, I2P, Mixminion, various anonymous P2P networks, and others.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Anonymous communication devices</span></span> are also one of the tools to obtain security. In theory, an unknown device would not be noticed, since so many other devices are in use. This is not altogether the case in reality, due to the presence of systems such as Carnivore and Echelon, which can monitor communications over entire networks and the fact that the far end may be monitored as before. Examples include payphones, Internet cafes, etc.\r\nPrograms offering more security are <span style=\"font-weight: bold;\">secure instant messaging, VoIP, secure email, IRC and webchat,</span> and so on.","materialsDescription":" <span style=\"font-weight: bold; \">What are the types of security?</span>\r\nSecurity can be broadly categorized under the following headings, with examples:\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">1. Hiding the content or nature of a communication</span></span>\r\n<ul><li><span style=\"font-style: italic; \">Code</span> – a rule to convert a piece of information (for example, a letter, word, phrase, or gesture) into another form or representation (one sign into another sign), not necessarily of the same type. In communications and information processing, encoding is the process by which information from a source is converted into symbols to be communicated. Decoding is the reverse process, converting these code symbols back into information understandable by a receiver. One reason for coding is to enable communication in places where ordinary spoken or written language is difficult or impossible. For example, semaphore, where the configuration of flags held by a signaler or the arms of a semaphore tower encodes parts of the message, typically individual letters, and numbers. Another person standing a great distance away can interpret the flags and reproduce the words sent.</li><li><span style=\"font-style: italic; \">Encryption</span></li><li><span style=\"font-style: italic; \">Steganography</span></li><li><span style=\"font-style: italic; \">Identity-Based</span></li></ul>\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">2. Hiding the parties to a communication – preventing identification, promoting anonymity</span></span>\r\n<ul><li>"Crowds" and similar anonymous group structures – it is difficult to identify who said what when it comes from a "crowd"</li><li>Anonymous communication devices – unregistered cellphones, Internet cafes</li><li>Anonymous proxies</li><li>Hard to trace routing methods – through unauthorized third-party systems, or relays</li></ul>\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">3. Hiding the fact that communication takes place</span></span>\r\n<ul><li>"Security by obscurity" – similar to a needle in a haystack</li><li>Random traffic – creating random data flow to make the presence of genuine communication harder to detect and traffic analysis less reliable</li></ul>\r\nEach of the three is important, and depending on the circumstances any of these may be critical. For example, if a communication is not readily identifiable, then it is unlikely to attract attention for identification of parties, and the mere fact communication has taken place (regardless of content) is often enough by itself to establish an evidential link in legal prosecutions. It is also important with computers, to be sure where the security is applied, and what is covered.\r\n<span style=\"font-weight: bold; \">What are the methods used to "break" security?</span>\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Bugging</span></span>\r\nThe placing covertly of monitoring and/or transmission devices either within the communication device, or in the premises concerned.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Computers (general)</span></span>\r\nAny security obtained from a computer is limited by the many ways it can be compromised – by hacking, keystroke logging, backdoors, or even in extreme cases by monitoring the tiny electrical signals given off by keyboard or monitors to reconstruct what is typed or seen (TEMPEST, which is quite complex).\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Laser audio surveillance</span></span>\r\nSounds, including speech, inside rooms, can be sensed by bouncing a laser beam off a window of the room where a conversation is held and detecting and decoding the vibrations in the glass caused by the sound waves.\r\n<span style=\"font-weight: bold; \">What are the systems offering partial security?</span>\r\n<span style=\"font-weight: bold; \">Anonymous cellphones.</span> Cellphones can easily be obtained, but are also easily traced and "tapped". There is no (or only limited) encryption, the phones are traceable – often even when switched off – since the phone and SIM card broadcast their International Mobile Subscriber Identity (IMSI). It is possible for a cellphone company to turn on some cellphones when the user is unaware and use the microphone to listen in on you, and according to James Atkinson, a counter-surveillance specialist cited in the same source, "Security-conscious corporate executives routinely remove the batteries from their cell phones" since many phones' software can be used "as-is", or modified, to enable transmission without user awareness and the user can be located within a small distance using signal triangulation and now using built-in GPS features for newer models. Transceivers may also be defeated by jamming or Faraday cage.\r\nSome cellphones (Apple's iPhone, Google's Android) track and store users' position information so that movements for months or years can be determined by examining the phone.\r\n<span style=\"font-weight: bold; \">Landlines.</span> Analog landlines are not encrypted, it lends itself to being easily tapped. Such tapping requires physical access to the line which can be easily obtained from a number of places, e.g. the phone location, distribution points, cabinets and the exchange itself. Tapping a landline in this way can enable an attacker to make calls that appear to originate from the tapped line.\r\n<span style=\"font-weight: bold;\">Anonymous Internet.</span> Using a third-party system of any kind (payphone, Internet cafe) is often quite secure, however, if that system is used to access known locations (a known email account or 3rd party) then it may be tapped at the far end, or noted, and this will remove any security benefit obtained. Some countries also impose mandatory registration of Internet cafe users.\r\nAnonymous proxies are another common type of protection, which allows one to access the net via a third party (often in a different country) and make tracing difficult. Note that there is seldom any guarantee that the plaintext is not tappable, nor that the proxy does not keep its own records of users or entire dialogs. As a result, anonymous proxies are a generally useful tool but may not be as secure as other systems whose security can be better assured. Their most common use is to prevent a record of the originating IP, or address, being left on the target site's own records. Typical anonymous proxies are found at both regular websites such as Anonymizer.com and spynot.com, and on proxy sites which maintain up to date lists of large numbers of temporary proxies in operation.\r\nA recent development on this theme arises when wireless Internet connections ("Wi-Fi") are left in their unsecured state. The effect of this is that any person in range of the base unit can piggyback the connection – that is, use it without the owner being aware. Since many connections are left open in this manner, situations where piggybacking might arise (willful or unaware) have successfully led to a defense in some cases, since it makes it difficult to prove the owner of the connection was the downloader or had knowledge of the use to which unknown others might be putting their connection. An example of this was the Tammie Marson case, where neighbors and anyone else might have been the culprit in the sharing of copyright files. Conversely, in other cases, people deliberately seek out businesses and households with unsecured connections, for illicit and anonymous Internet usage, or simply to obtain free bandwidth.\r\n<span style=\"font-weight: bold;\">Programs offering more security.</span>\r\n<span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">Secure instant messaging</span></span> – Some instant messaging clients use end-to-end encryption with forwarding secrecy to secure all instant messages to other users of the same software. Some instant messaging clients also offer end-to-end encrypted file transfer support and group messaging.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">VoIP</span></span> – Some VoIP clients implement ZRTP and SRTP encryption for calls.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Secure email</span></span> – some email networks are designed to provide encrypted and/or anonymous communication. They authenticate and encrypt on the users own computer, to prevent transmission of plain text, and mask the sender and recipient. Mixminion and I2P-Bote provide a higher level of anonymity by using a network of anonymizing intermediaries, similar to how Tor works, but at a higher latency.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">IRC and webchat</span></span> – Some IRC clients and systems use client-to-server encryption such as SSL/TLS. This is not standardized.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/diseno-plano-de-icon.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":5079,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/ZenMate_logo.jpg","logo":true,"scheme":false,"title":"ZenMate VPN","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"zenmate-vpn","companyTitle":"ZenMate","companyTypes":["supplier"],"companyId":5433,"companyAlias":"zenmate","description":"We believe security should be simple.<span style=\"font-weight: bold;\"> ZenMate VPN</span> gives you security, privacy, and peace of mind. Just one click will turn your device from vulnerable to protected and keep cybercriminals away!\r\n<span style=\"font-weight: bold;\">ZenMate VPN</span> is available for:\r\n<ul><li>Mac</li><li>Chrome</li><li>Apple TV</li><li>Win</li><li>Opera</li><li>Gaming</li><li>iOS</li><li>Open VPN</li><li>Chromebook</li><li>Android</li><li>Linux</li><li>Raspberry Pi</li><li>Firefox</li><li>Firestick TV</li><li>Smart TV</li></ul>","shortDescription":"At ZenMate VPN we strive towards providing users around the world with free and anonymous Internet experience.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"ZenMate VPN","keywords":"","description":"We believe security should be simple.<span style=\"font-weight: bold;\"> ZenMate VPN</span> gives you security, privacy, and peace of mind. Just one click will turn your device from vulnerable to protected and keep cybercriminals away!\r\n<span style=\"font-weight:","og:title":"ZenMate VPN","og:description":"We believe security should be simple.<span style=\"font-weight: bold;\"> ZenMate VPN</span> gives you security, privacy, and peace of mind. Just one click will turn your device from vulnerable to protected and keep cybercriminals away!\r\n<span style=\"font-weight:","og:image":"https://old.roi4cio.com/fileadmin/user_upload/ZenMate_logo.jpg"},"eventUrl":"","translationId":5080,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"},{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6894,"logoURL":"https://old.roi4cio.com/fileadmin/content/1_10.png","logo":true,"scheme":false,"title":"PureDome","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"puredome","companyTitle":"PureDome","companyTypes":["supplier","vendor"],"companyId":10321,"companyAlias":"puredome","description":"<p dir=\"ltr\" style=\"line-height: 1.38; text-align: justify; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">PureDome is the cutting-edge corporate VPN that comes fortified with integrated cybersecurity, seamless remote team connectivity, and robust data access solutions. Empower your business with an impregnable fortress that safeguards your valuable assets and supercharges productivity – all within a centralized platform.</span></p>\r\n<p><strong id=\"docs-internal-guid-a5fe9e70-7fff-0e77-d49e-5a48103ea90f\" style=\"font-weight: normal;\"> </strong></p>\r\n<p dir=\"ltr\" style=\"line-height: 1.38; text-align: justify; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">With PureDome's intuitive dashboard, you gain full control over your corporate network, efficiently managing teams and employees, creating customized groups, and controlling permissions – all through a unified point of administration.</span></p>\r\n<p><strong style=\"font-weight: normal;\"> </strong></p>\r\n<p dir=\"ltr\" style=\"line-height: 1.38; text-align: justify; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Moreover you can experience a host of remarkable features, including the top-of-the-line Wireguard protocol, cloud-based gateways ensuring lightning-fast connections, and the ability to access your network securely from anywhere. Your data remains inviolable with the impenetrable AES 256-bit encryption and obfuscation techniques, preventing even the most determined cyber threats from gaining entry. Safety is paramount with PureDome's Internet Kill Switch, which instantly severs the connection if the VPN link is compromised, ensuring your sensitive information stays locked away from prying eyes. Take advantage of the split tunneling feature, allowing users to access both corporate and public networks simultaneously, elevating productivity to new heights.</span></p>\r\n<p> </p>\r\n<p dir=\"ltr\" style=\"line-height: 1.38; text-align: justify; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;\">Choose PureDome today and embrace a tailored VPN solution that fortifies your business against the evolving digital landscape. Stay ahead of the curve with unrivaled protection and watch your business thrive like never before!</span></p>","shortDescription":"Increase the network security of your business and remote teams in just a few clicks.\r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"PureDome","keywords":"","description":"<p dir=\"ltr\" style=\"line-height: 1.38; text-align: justify; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: no","og:title":"PureDome","og:description":"<p dir=\"ltr\" style=\"line-height: 1.38; text-align: justify; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant: no","og:image":"https://old.roi4cio.com/fileadmin/content/1_10.png"},"eventUrl":"","translationId":6894,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"},{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":303,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/UserGate_Proxy___Firewall.png","logo":true,"scheme":false,"title":"UserGate Proxy & Firewall","vendorVerified":0,"rating":"1.40","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"usergate-proxy-firewall","companyTitle":"Entensys","companyTypes":["vendor"],"companyId":2811,"companyAlias":"entensys","description":"Control Internet Access. Protect from Advanced Threats.\r\nUserGate Proxy & Firewall is an easy to use and affordable software alternative to numerous hardware gateway security appliances. It is used by more than 40,000 small and medium sized businesses and distributed enterprises across the globe.\r\n\r\nNetwork Firewall, IDPS, and Router\r\nEnforce uninterrupted connectivity, network access controls, and regulate Internet traffic.\r\nKeep viruses, worms, Trojans, and spyware from infesting your network.\r\nGuarantee the bandwidth levels required to serve business-critical applications.\r\nMonitoring User Internet Activity\r\n\r\nControl access to websites and enforce any reasonable corporate policy.\r\nLink the headquarters to remote users and branch offices through a Secure VPN connection\r\nProduct Overview\r\nUserGate Proxy & Firewall is an all-in-one gateway security solution combining a network firewall, router, gateway antivirus, intrusion detection and prevention (IDPS), VPN server, web filtering, reporting and statistics and other important functions. It allows you to manage network traffic, optimize bandwidth, and provide Internet access control.\r\n\r\nHow does it work?\r\nUserGate Proxy & Firewall can be installed on any Windows-based machine and works as a web security gateway. It provides Internet access sharing, web security, and traffic management. UserGate works basing on user account and applicable policies. The product lets administrators control traffic flow and trace web pages visited by employees. Numerous policies can be used to grant or restrict access to specific website categories, control downloads or application use, set traffic quotas, and keep detailed statistics.\r\n","shortDescription":"UserGate Proxy & Firewall is an easy to use and affordable software alternative to numerous hardware gateway security appliances. It is used by more than 40,000 small and medium sized businesses and distributed enterprises across the globe.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"UserGate Proxy & Firewall","keywords":"access, Internet, Firewall, UserGate, traffic, network, Proxy, security","description":"Control Internet Access. Protect from Advanced Threats.\r\nUserGate Proxy & Firewall is an easy to use and affordable software alternative to numerous hardware gateway security appliances. It is used by more than 40,000 small and medium sized businesses and ","og:title":"UserGate Proxy & Firewall","og:description":"Control Internet Access. Protect from Advanced Threats.\r\nUserGate Proxy & Firewall is an easy to use and affordable software alternative to numerous hardware gateway security appliances. It is used by more than 40,000 small and medium sized businesses and ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/UserGate_Proxy___Firewall.png"},"eventUrl":"","translationId":304,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":50,"title":"IPC - Information Protection and Control","alias":"ipc-information-protection-and-control","description":"Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information. For example, removing a hard drive from a personal computer, an insider will not be able to read the information on it. This allows you to prevent the compromise of confidential data even in the event of loss, theft or seizure (for example, when organizing operational events by special services specialists, unscrupulous competitors or raiders).\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":"<span style=\"font-weight: bold; \">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold; \">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold; \">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold; \">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/IPC_-_Information_Protection_and_Control.png"},{"id":487,"title":"Secure Web Gateway","alias":"secure-web-gateway","description":" <span style=\"font-weight: bold; \">Secure Web gateway</span> solutions protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. \r\nThese gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM) and Skype. Native or integrated data leak prevention is also increasingly included. Data leak prevention features are also essential. Let's take a look at some of these features in more detail:\r\n<span style=\"font-weight: bold;\">Real-Time Traffic Inspection.</span> A secure web gateway inspects web traffic in real-time, analyzing content against corporate policies and ensuring any content that is inappropriate or which contravenes company policy is blocked. The majority of secure web gateways allow administrators to enforce common security policy templates straight off the shelf and also configure policies that are suited to their business model or compliance requirements.\r\n<span style=\"font-weight: bold;\">Protection for Off-Grid Workers.</span> As workforces become more distributed, there is a need for security solutions to offer protection on an anywhere, anytime and any device basis. A secure web gateway allows roaming users to authenticate seamlessly and to have the same security policies applies to their devices as they would if they were in the office. The result is a protected connection no matter where they are working and total peace of mind that all internet traffic is secure.\r\n<span style=\"font-weight: bold;\">Time and Content-Based Access.</span> Whether you need to restrict access to the internet at specific times, or you wish to control access to particular web content, your secure web gateway can be configured to suit your acceptable use policy and compliance requirements. Individual users can be allocated time quotas or schedules that ensure maximum productivity or only permitted access to websites that are relevant to their job roles.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention.</span> As its name suggests, data leak prevention stops your corporate data from being leaked to or stolen by a third party. From detecting common business terms such as payment card industry (PCI) number patterns and phrases or personally identifiable information, a web security gateway coupled with data leak prevention software can be a very robust line of defense from both internal and external threats.","materialsDescription":"<h1 class=\"align-center\"> Secure web gateway market</h1>\r\nThere are a variety of <span style=\"font-weight: bold;\">secure web gateway vendors</span> operating - among them Symantec, iboss, F5, Check Point Software, zScaler, Barracuda, Forcepoint, McAfee and Cisco<span style=\"font-style: italic;\">. </span>Most of these companies are now emphasizing <span style=\"font-weight: bold;\">cloud web gateway</span>. Although many still carry, maintain and market their on-premises versions, the competitive battleground has largely shifted to the cloud.\r\nAccording to Gartner, Symantec and Cisco are the market leaders in terms of revenue. Their efforts in this space give an indication of where the market is heading. Symantec favors proxy-based SWG appliances and services. Cisco, on the other hand, has concentrated on a hybrid of DNS and proxy capabilities. Both have acquired CASB technology and have been integrating it with their secure web gateway services. Cisco has also added DNS-based inspection into its package. This allows it to use DNS for most inspection traffic to raise performance. More involved content inspection of potentially risky websites can be done using HTTP/HTTPS proxying.\r\nCloud based secure web gateway offerings have been growing at around 30 percent per year for the last several years, according to Gartner. When coupled with growing integration with other security features, on-premises standalone secure web gateways are slowly giving way to larger cloud-based suites that incorporate gateway security. \r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Web_Gateway.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":251,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Sophos_UTM.gif","logo":true,"scheme":false,"title":"Sophos UTM","vendorVerified":0,"rating":"1.40","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":1,"alias":"sophos-utm","companyTitle":"Sophos","companyTypes":["vendor"],"companyId":2791,"companyAlias":"sophos","description":"Unified Threat Management makes security simple. Sophos UTM provides the ultimate network security package with everything you need in a single modular appliance. It simplifies your IT security without the complexity of multiple-point solutions. The intuitive interface will help you quickly create policies to control security risks. And clear, detailed reports will give you the insight you need to improve your network performance and protection.\r\n\r\n<span style=\"font-weight: bold;\">Highlights</span>\r\n<ul><li>Every feature available on every appliance</li><li>Firewall, VPN, ATP, IPS, email, web filtering and app control</li><li>Hardware, virtualized, software or cloudbased appliance</li><li>Intuitive browserbased interface</li><li>Built-in reporting on all models</li><li>Two-factor authentication with one-time password (OTP) in many areas</li><li>Integrated wireless controller</li></ul>\r\n\r\n<span style=\"font-weight: bold;\">Consolidated network security platform — no compromise</span>\r\nProtect your network using multi-layered proven protection technologies including\r\nAdvanced Threat Protection (ATP), IPS, VPN, email and web filtering combined with the\r\nindustry’s simplest admin interface. We’ve engineered our software and hardware to give\r\nyou the throughput speeds you need. And, you can choose the level of protection you need\r\nwith modular subscriptions as every feature is available on every appliance.\r\n\r\n<span style=\"font-weight: bold;\">All the Next-Gen Firewall features you need</span>\r\nWe’ll give you complete control to block, allow, shape and prioritize applications. Our Deep\r\nLayer-7 inspection (Next-Generation Firewall) ensures true application identification and has\r\nregular automatic updates. And you’ll get feedback on unclassified applications too.\r\n\r\n<span style=\"font-weight: bold;\">Intuitive management and detailed reporting</span>\r\nYou’ll know what’s happening with your users and you’ll have complete control over all the\r\nfeatures you need, with none of the complexity. Easily build policies while getting detailed\r\nreal-time and historical data with our on-box reporting, helping you to fix problems fast. And\r\nour Free Sophos UTM Manager lets you centrally administer several appliances through a\r\nsingle login.\r\n\r\n<span style=\"font-weight: bold;\">Connect remote offices with easy VPN and Wi-Fi</span>\r\nSophos RED (Remote Ethernet Device) provides secure remote access to your off-site\r\nlocations. It’s the first security gateway that requires no technical skills at the remote site.\r\nOnce installed, it forwards traffic to the UTM for complete security. Sophos UTM also works\r\nas a wireless controller; access points are automatically set up and receive complete UTM\r\nprotection.","shortDescription":"Sophos UTM provides the ultimate network security package with everything you need in a single modular appliance. It simplifies your IT security without the complexity of multiple-point solutions.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":13,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Sophos UTM","keywords":"with, security, need, your, Sophos, control, protection, appliance","description":"Unified Threat Management makes security simple. Sophos UTM provides the ultimate network security package with everything you need in a single modular appliance. It simplifies your IT security without the complexity of multiple-point solutions. The intuitive ","og:title":"Sophos UTM","og:description":"Unified Threat Management makes security simple. Sophos UTM provides the ultimate network security package with everything you need in a single modular appliance. It simplifies your IT security without the complexity of multiple-point solutions. The intuitive ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Sophos_UTM.gif"},"eventUrl":"","translationId":252,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":44,"title":"IAM - Identity and Access Management","alias":"iam-identity-and-access-management","description":"<span style=\"font-weight: bold; \">Identity management</span> (IdM), also known as <span style=\"font-weight: bold; \">identity and access management</span> (IAM or IdAM), is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.\r\nWith an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Identity and access management software offers role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create or modify a file. Roles are defined according to job competency, authority and responsibility within the enterprise.\r\nSystems used for identity and access management include single sign-on systems, multi-factor authentication and privileged access management (PAM). These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid cloud.\r\n<span style=\"font-weight: bold; \">Basic components of IAM.</span> On a fundamental level, IAM encompasses the following components:\r\n<ul><li>How individuals are identified in a system.</li><li>How roles are identified in a system and how they are assigned to individuals.</li><li>Adding, removing and updating individuals and their roles in a system.</li><li>Assigning levels of access to individuals or groups of individuals.</li><li>Protecting the sensitive data within the system and securing the system itself.</li></ul>\r\nAccess identity management system should consist of all the necessary controls and tools to capture and record user login information, manage the enterprise database of user identities and orchestrate the assignment and removal of access privileges. That means that systems used for IAM should provide a centralized directory service with oversight as well as visibility into all aspects of the company user base.\r\nTechnologies for identity access and management should simplify the user provisioning and account setup process. User access management software should reduce the time it takes to complete these processes with a controlled workflow that decreases errors as well as the potential for abuse while allowing automated account fulfillment. An identity and access management system should also allow administrators to instantly view and change access rights.\r\nIAM systems should be used to provide flexibility to establish groups with specific privileges for specific roles so that access rights based on employee job functions can be uniformly assigned. Identity access management software should also provide request and approval processes for modifying privileges because employees with the same title and job location may need customized, or slightly different, access.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between identity and access management?</span></h1>\r\nAfter authentication, there needs to be an access control decision. The decision is based on the information available about the user. The difference between identity management and access management is thus:\r\n<ul><li>Identity Management is about managing the attributes related to the user.</li><li>Access Management is about evaluating the attributes based on policies and making Yes/No decisions.</li></ul>\r\nThere are three types of Access Control Systems: \r\n<ul><li>Discretionary Access Control (DAC)</li><li>Mandatory Access Control (MAC)</li><li>Role-Based Access Control (RBAC)</li></ul>\r\n<h1 class=\"align-center\">What are the main benefits of identity management?</h1>\r\nIdentity access and management are useful in many ways: it ensures regulatory compliance, enables cost savings, and simplifies the lives of your customers by enhancing their experience. These are the main benefits of having an IAM solution:\r\n<ul><li><span style=\"font-weight: bold; \">Easily accessible anywhere</span></li></ul>\r\nNowadays, people need their identities all the time to use services and resources. In that sense, they require access to any platform without limits using their IDs, thus eliminating barriers for customers to enter the platform anytime, anywhere.\r\n<ul><li><span style=\"font-weight: bold; \">It encourages the connection between the different parts</span></li></ul>\r\nThe digital transformation that is taking place among more and more organizations forces the need for people, applications and devices to stay connected to each other. And, as expected, all of these processes bring with them some security threats.\r\nHowever, IAM software is a solution that guarantees correct administration with the best identity providers, such as Salesforce, Twitter and Google. Authentication and security are two of the strengths of Identity and Access Management, as well as being extendable and ready for future advances. \r\n<ul><li><span style=\"font-weight: bold; \">It improves productivity</span></li></ul>\r\nIdentity software automates the entry of new personnel and facilitates access to all components of the system with which the company operates. This allows reducing times in the delivery of access so that they begin to produce immediately. For this reason, business agility is also increased by using the advantages that technology makes available to meet the demands of today’s world. \r\n<ul><li><span style=\"font-weight: bold; \">It optimizes user experience</span></li></ul>\r\nRemembering so many usernames and passwords to access social networks, banks and other services on the Internet becomes a challenge for people. Thanks to user identity management system, people can get an identity that provides access to different systems. Single sign-on (SSO) allows customers and partners to access different internal and external applications with the same access method. That way the user experience will not be affected.\r\n<ul><li><span style=\"font-weight: bold; \">Secure your brand at all levels</span></li></ul>\r\nThere will be no risk of security breach, regardless of whether a connection is made from multiple identity providers. Identity management software and access management software enables strong authentication to keep your business and brand secure. Detailed verification of all identities entering the system is performed, in addition to allowing various licenses to limit access levels. At the same time, it monitors through analysis, fraud detection and alert functions that indicate a possible real risk. In short, enterprise identity management system is a reliable tool that employs technology to support digital transformation. A software that provides agility, security and satisfaction to the company’s customers. ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IAM.png"},{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":335,"title":"Secure Content and Threat Management","alias":"secure-content-and-threat-management","description":" Secure content management is the set of processes and technologies that supports the collection, managing, and publishing of information. It involves processes for protecting the company from viruses, spam and undesirable web pages to not only provide enhanced security but also address productivity and potential human resources issues. Even after controlling the number of avenues through which information can enter, after the implementation of perimeter security, the cyber attackers still find ways to piggyback across valid communication channels.\r\nSecure Content Management technologies have evolved rapidly over the last few years due to the complexity of threats associated with email and web gateways. Businesses are increasingly focusing on eliminating this threat by adopting the 2 gateways, rather than the purely productive driven anti-spam and web-filtering techniques.\r\nSecure Content Management solutions are gaining traction due to the increased need for handling voluminous content that is getting generated in organizations on a daily basis. The rising adoption of digitalization, Bring Your Own Device (BYOD), growth of e-commerce, and social media has increased the amount of content generated in inter-organizations and intra-organizations.\r\nSCM solutions offer clients with the benefit of paper-free workflow, accurate searching of the required information, and better information sharing, and also addresses required industry standards and regulations. SCM solutions enable clients with handling essential enterprise information and save time and cost associated with searching for the required business data for making key business decisions.\r\nThe solutions offered for Secure Content Management includes:\r\n<span style=\"font-style: italic;\">Anti-Spam:</span> Spam Filters are introduced for spam e-mail which not only consumes time and money but also network and mail server resources.\r\n<span style=\"font-style: italic;\">Web Surfing:</span> Limiting the websites that end-users are allowed to access will increase work productivity, ensure maximum bandwidth availability and lower the liability issues.\r\n<span style=\"font-style: italic;\">Instant Messaging:</span> Convenient and growing, but difficult to handle, this technology serves as a back door for viruses and worms to enter your network. It also provides a way for sensitive information to be shared over the network.<br /><br /><br />","materialsDescription":" <span style=\"font-weight: bold;\">What are the reasons for adopting secure content management?</span>\r\nFollowing are the reasons for creating the need for secure content management:\r\n<ul><li>Lost productivity</li><li>Introduction of malicious code</li><li>Potential liability</li><li>Wasted network resources</li><li>Control over intellectual property</li><li>Regulatory Compliance</li></ul>\r\nBecause of these reasons, there is rising concern over the security of the organization and creating the need for the adoption of Secure content Management from the clients.\r\n<span style=\"font-weight: bold;\">Strategy Adopted for implementing Secure Content Management</span>\r\nThe strategy applied for Secure Content Management includes the 4 step process including\r\n<span style=\"font-weight: bold;\">Discover</span> involves Identifying and Defining the process of Data Management and collecting the data created.\r\n<span style=\"font-weight: bold;\">Classify</span> is the process of identifying critical data and segregating between secure information and unstructured information.\r\n<span style=\"font-weight: bold;\">Control</span> involves the process of data cleansing, Encrypting the digital content and Securing critical information.\r\n<span style=\"font-weight: bold;\">Govern</span> is the process of creating Service Level Agreements for usage rules, retention rules.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Content_and_Threat_Management.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"},{"id":544,"title":"DLP - Appliance","alias":"dlp-appliance","description":"DLP (Data Loss Prevention) is a technology for preventing leakage of confidential information from an information system to the outside, as well as technical software and hardware devices for such prevention of leakage. According to most definitions, information leakage is the unauthorized distribution of restricted access data that is not controlled by the owner of this data. This implies that the person who committed the leak has the rights to access information.\r\nThe most effective way to ensure data security on corporate computers today is to use specialized data leakage prevention tools (Data Leak Prevention or DLP). DLP solutions are designed to eliminate the “human factor” and prevent misconduct by preventing (and fixing) data leaks from a computer for as many scripts as possible.\r\nEmail and webmail services, instant messaging services, social networks and forums, cloud file storages, FTP servers - all these benefits of the Internet can at any moment be a channel for leaking corporate information, disclosure of which may be undesirable or even dangerous for business.\r\nYou shouldn’t disregard traditional local channels - data storage devices (flash drives, disks, memory cards), printers and data transfer interfaces and synchronization with smartphones.\r\nAn effective DLP solution should control the widest possible range of network communications channels, local devices, and interfaces. At the same time, the effectiveness of a DLP solution is determined by the flexibility of the settings and the ability to ensure a successful combination of business interests and security.\r\nToday, DLP products are a rapidly growing information security industry, and new products are released very often. Installing a DLP system will allow you to distinguish confidential information from the usual, which in turn will reduce the cost of the entire complex for the protection of information and resources in general. No unimportant moment when choosing a DLP-system is its price, but Data Leak Prevention has a modularity that allows you to protect the channels you need and not pay extra for protecting unnecessary ones.","materialsDescription":"<span style=\"font-weight: bold;\">What Is Data Loss Prevention (DLP)?</span>\r\nData loss prevention, or DLP, is a set of technologies, products, and techniques that are designed to stop sensitive information from leaving an organization.\r\nData can end up in the wrong hands whether it’s sent through email or instant messaging, website forms, file transfers, or other means. DLP strategies must include solutions that monitor for, detect, and block the unauthorized flow of information.\r\n<span style=\"font-weight: bold;\">How does DLP work?</span>\r\nDLP technologies use rules to look for sensitive information that may be included in electronic communications or to detect abnormal data transfers. The goal is to stop information such as intellectual property, financial data, and employee or customer details from being sent, either accidentally or intentionally, outside the corporate network.\r\n<span style=\"font-weight: bold;\">Why do organizations need DLP solutions?</span>\r\nThe proliferation of business communications has given many more people access to corporate data. Some of these users can be negligent or malicious. The result: a multitude of insider threats that can expose confidential data with a single click. Many government and industry regulations have made DLP a requirement.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DLP_Appliance.png"},{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":550,"title":"Web filtering - Appliance","alias":"web-filtering-appliance","description":" <span style=\"font-weight: bold; \">A web filter appliance</span> is a device that allows the user to filter all online content for censorship purposes, such that any links, downloads, and email containing offensive materials or pornography is outright blocked or removed. Web filtering appliance can also help you prevent malware infection because, more often than not, malware is usually hidden within links that promise porn or controversial content. Moreover, because the number of online hazards is un stopped increasing every day, it's always prudent to get a web filter appliance that can adapt to the changing times and the ever-evolving hazards posed by the Internet.\r\nAt any rate, content filtering appliance has a distinct advantage over their software counterparts in terms of stable restriction features, unrestricted monitoring, no platform-based limitations, easy upgrades and improvements, and so on. That's because the best web filters are fully integrated software and hardware systems that optimize their hybrid attributes when it comes to content filtering by gaining full, unmitigated control over online usage through well-defined policies as mandated by the owner of the network or the IT security administrator.\r\nGetting a web content filtering appliance that has a list of premium-grade and detailed content analysis with predefined categories (which includes keywords for pornography, game downloads, drugs, violence, adult content, offensive content, racist content, controversial content, and the like) is a must for any major network. All of the items you'll ever need to block should be easily selectable with a click of your mouse as well; after all, sophisticated technology aside, a good web filter appliance should also be intuitive and practical to use as well.<br /> ","materialsDescription":"<h1 class=\"align-center\">How a Web Content Filter Appliance Works</h1>\r\n<p class=\"align-left\">Typically a web content filter appliance protects Internet users and networks by using a combination of blacklists, URIBL and SURBL filters, category filters and keyword filters. Blacklists, URIBL and SURBL filters work together to prevent users visiting websites known to harbor malware, those that have been identified as fake phishing sites, and those who hid their true identity by using the whois privacy feature or a proxy server. Genuine websites have no reason to hide their true identity.</p>\r\n<p class=\"align-left\">In the category filtering process, the content of millions of webpages are analyzed and assigned a category. System administrators can then choose which categories to block access to (i.e. online shopping, alcohol, pornography, gambling, etc.) depending on whether the web content filter appliance is providing a service to a business, a store, a school, a restaurant, or a workplace. Most appliances for filtering web content also offer the facility to create bespoke categories.</p>\r\n<p class=\"align-left\">Keyword filters have multiple uses. They can be used to block access to websites containing specific words (for example the business name of a competitor), specific file extensions (typically those most commonly used for deploying malware and ransomware), and specific web applications; if, for example, a business wanted to allow its marketing department access to Facebook, but not FaceTime. Effectively, the keyword filters fine-tune the category settings, enhance security and increase productivity.</p>\r\n<h1 class=\"align-center\">Are there any home web filter appliance?</h1>\r\nFor children today, the Internet has always existed. To them, it’s second nature to pop online and watch a funny video, find a fact, or chat with a friend. But, of course, the Internet is also filled with a lot of dark corners (It’s a hop, skip, and a click to adult content). Parents, then, are presented with the daunting task of not only monitoring what sites their children visit but also their screen time consumption. There are a number of home content filtering appliance that allow parents to do just this. The best parental control apps and devices, be they hardware or software, not only put parents in command of such things as the content their children can view and the amount of time they can spend online but help restore a parent’s sense of control. With them, parents, from can restrict access to only specific sites and apps, filter dangerous or explicit web-content, manage time, and even track their location.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering_Appliance.png"},{"id":556,"title":"Antispam - Appliance","alias":"antispam-appliance","description":"Anti-spam appliances are software or hardware devices integrated with on-board software that implement spam filtering and/or anti-spam for instant messaging (also called "spim") and are deployed at the gateway or in front of the mail server. They are normally driven by an operating system optimized for spam filtering. They are generally used in larger networks such as companies and corporations, ISPs, universities, etc.\r\nThe reasons hardware anti-spam appliances might be selected instead of software could include:\r\n<ul><li>The customer prefers to buy hardware rather than software</li><li>Ease of installation</li><li>Operating system requirements</li><li>Independence of existing hardware</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">How does an Antispam Appliance Work?</span>\r\nSince an antispam appliance is hardware, it can be placed at the entry point of the email server to inspect and filter every message that enters the email server. An antispam appliance is capable of evaluating IP addresses that are included in the email messages from the sender. The appliance can also examine the message content and then compare it against the criteria and parameters that have been set for receiving email messages.\r\n<span style=\"font-weight: bold;\">Advantages of an Antispam Appliance</span>\r\nAntispam appliances are capable of providing more email security to large networks because it is hardware that is specifically designed to handle email security on larger networks. Also, since an antispam appliance is hardware, it is much easier to install and configure on a network, as opposed to software that may require a specific operating system infrastructure. For example, if the organization is running the Linux operating system, this type of system will not support antispam filtering software.\r\nAnother advantage of using an antispam appliance is its ability to protect a large network from codes that are designed to destroy the individual computers on the network. These are malicious codes that can enter the email server and then transmit to the email client via spam. When the individual computers get infected, it slows the productivity of the organization and interrupts the network processes.\r\nAlthough many large networks deploy a vulnerability assessment program that can protect the network against criminals with malicious intent, sometimes vulnerability assessment is not enough to protect the massive amounts of email that enter an email server on a large network. This is why it is important to deploy an antispam appliance to provide added security for your email server and the email clients on the individual computers that are connected to the network.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam_Appliance.png"},{"id":560,"title":"IPC - Information Protection and Control - Appliance","alias":"ipc-information-protection-and-control-appliance","description":" Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC class hardware solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information.\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":" <span style=\"font-weight: bold;\">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC apparel solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold;\">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold;\">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold;\">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IPC_Information_Protection_and_Control_Appliance.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":77,"logoURL":"https://old.roi4cio.com/fileadmin/content/Ustroistvo_Check_Point_600.png","logo":true,"scheme":false,"title":"Check Point 600 Appliance","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":38,"alias":"check-point-600-appliance","companyTitle":"Check Point","companyTypes":["vendor"],"companyId":171,"companyAlias":"check-point","description":"<div class=\"row rowdefault\" style=\"box-sizing: border-box; margin-left: -15px; margin-right: -15px; \">\r\n<div id=\"benefits-and-quote\" class=\"row rowdefault\" style=\"box-sizing: border-box; margin-left: -15px; margin-right: -15px; margin-top: 1.3em; \"> Benefits\r\n\r\nSecures your small business with advanced security\r\n\r\nProtects against viruses, spam, dangerous applications and malicious websites\r\nDesigned from the ground up for the needs of small businesses\r\n\r\nConnects securely to your office network from any laptop, smartphone or tablet\r\nSets up in minutes with easy and intuitive web-based management\r\nSimplifies your security management with optional Check Point SMB Managed Security Services\r\nKeeps you connected with flexibility, speed and power\r\n\r\nSupports multiple Internet access options, including Ethernet, ADSL, 3G and 4G\r\nProvides integrated wireless security with guest access\r\nDelivers market-leading speeds with 100 Mbps of real-world throughput\r\n\r\n\r\nFeatures\r\n\r\nEnterprise-caliber firewall and threat protection\r\nSmall companies shouldn’t have to settle for less security. The Check Point 600 Appliance has the industry’s highest-ranked next-generation firewall, IPS and threat prevention security technologies to deliver robust protection from modern cyber-threats. You’ll get the same level of protection enjoyed by Fortune 100 companies—at SMB prices.\r\n\r\n\r\nA comprehensive protection suite\r\nLeveraging the proven and flexible Software Blade Architecture, the 600 Appliance delivers multilayer security to the small-office environment, including:\r\n\r\nFirewall\r\nVPN\r\nAdvanced Networking & Clustering\r\nIdentity Awareness & User Awareness\r\nIPS\r\nApplication Control\r\nURL Filtering\r\nAntivirus\r\nAnti-Bot\r\nAnti-Spam and Email Security\r\n\r\nSecurity managed via the cloud\r\nWe can even help you manage your security appliance through the cloud. With Check Point Cloud-Managed Security Service, you’ll leverage Check Point’s technology leadership and 24/7 security expertise to ensure your network will be monitored and protected at all times. Learn more about the features and benefits of this service on our Check Point SMB Cloud-Managed Security Service page.\r\n\r\nFlexible network connections with high capacity\r\nThe 600 Appliance comes standard with 10 x 1Gbps Ethernet ports. For added flexibility and convenience, Check Point offers a wireless version that includes a WiFi access point (802.11b/g/n) that supports WEP, WPA and WPA2 authentication, as well as secured guest access capabilities.\r\n\r\nIntegrated ADSL modem\r\nIncluded USB and PCI Express card slots make it easy to create a redundant Internet link for maximum reliability\r\n\r\nSimple management, configuration and deployment\r\nThe Check Point 600 Appliance can be up and ready in minutes, offering hassle-free deployment to small offices with minimal IT support staff.\r\n\r\nSimple web-based local management interface\r\nFirst-time set-up wizard\r\nEasy-to-understand logs and reports for hassle-free device monitoring\r\n<div class=\"row rowdefault\" style=\"box-sizing: border-box; margin-left: -15px; margin-right: -15px; \">","shortDescription":"Small businesses need multi-layered security in a simple, affordable package. The Check Point 600 Appliance is a single, integrated device offering firewall, VPN, IPS, antivirus, application visibility and control, and URL filtering and email security, all in a quiet, compact desktop form factor.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Check Point 600 Appliance","keywords":"with, Check, security, Point, your, Appliance, Security, protection","description":"<div class=\"row rowdefault\" style=\"box-sizing: border-box; margin-left: -15px; margin-right: -15px; \">\r\n<div id=\"benefits-and-quote\" class=\"row rowdefault\" style=\"box-sizing: border-box; margin-left: -15px; margin-right: -15px; margin-top: 1.3em; \"> Benef","og:title":"Check Point 600 Appliance","og:description":"<div class=\"row rowdefault\" style=\"box-sizing: border-box; margin-left: -15px; margin-right: -15px; \">\r\n<div id=\"benefits-and-quote\" class=\"row rowdefault\" style=\"box-sizing: border-box; margin-left: -15px; margin-right: -15px; margin-top: 1.3em; \"> Benef","og:image":"https://old.roi4cio.com/fileadmin/content/Ustroistvo_Check_Point_600.png"},"eventUrl":"","translationId":90,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"},{"id":550,"title":"Web filtering - Appliance","alias":"web-filtering-appliance","description":" <span style=\"font-weight: bold; \">A web filter appliance</span> is a device that allows the user to filter all online content for censorship purposes, such that any links, downloads, and email containing offensive materials or pornography is outright blocked or removed. Web filtering appliance can also help you prevent malware infection because, more often than not, malware is usually hidden within links that promise porn or controversial content. Moreover, because the number of online hazards is un stopped increasing every day, it's always prudent to get a web filter appliance that can adapt to the changing times and the ever-evolving hazards posed by the Internet.\r\nAt any rate, content filtering appliance has a distinct advantage over their software counterparts in terms of stable restriction features, unrestricted monitoring, no platform-based limitations, easy upgrades and improvements, and so on. That's because the best web filters are fully integrated software and hardware systems that optimize their hybrid attributes when it comes to content filtering by gaining full, unmitigated control over online usage through well-defined policies as mandated by the owner of the network or the IT security administrator.\r\nGetting a web content filtering appliance that has a list of premium-grade and detailed content analysis with predefined categories (which includes keywords for pornography, game downloads, drugs, violence, adult content, offensive content, racist content, controversial content, and the like) is a must for any major network. All of the items you'll ever need to block should be easily selectable with a click of your mouse as well; after all, sophisticated technology aside, a good web filter appliance should also be intuitive and practical to use as well.<br /> ","materialsDescription":"<h1 class=\"align-center\">How a Web Content Filter Appliance Works</h1>\r\n<p class=\"align-left\">Typically a web content filter appliance protects Internet users and networks by using a combination of blacklists, URIBL and SURBL filters, category filters and keyword filters. Blacklists, URIBL and SURBL filters work together to prevent users visiting websites known to harbor malware, those that have been identified as fake phishing sites, and those who hid their true identity by using the whois privacy feature or a proxy server. Genuine websites have no reason to hide their true identity.</p>\r\n<p class=\"align-left\">In the category filtering process, the content of millions of webpages are analyzed and assigned a category. System administrators can then choose which categories to block access to (i.e. online shopping, alcohol, pornography, gambling, etc.) depending on whether the web content filter appliance is providing a service to a business, a store, a school, a restaurant, or a workplace. Most appliances for filtering web content also offer the facility to create bespoke categories.</p>\r\n<p class=\"align-left\">Keyword filters have multiple uses. They can be used to block access to websites containing specific words (for example the business name of a competitor), specific file extensions (typically those most commonly used for deploying malware and ransomware), and specific web applications; if, for example, a business wanted to allow its marketing department access to Facebook, but not FaceTime. Effectively, the keyword filters fine-tune the category settings, enhance security and increase productivity.</p>\r\n<h1 class=\"align-center\">Are there any home web filter appliance?</h1>\r\nFor children today, the Internet has always existed. To them, it’s second nature to pop online and watch a funny video, find a fact, or chat with a friend. But, of course, the Internet is also filled with a lot of dark corners (It’s a hop, skip, and a click to adult content). Parents, then, are presented with the daunting task of not only monitoring what sites their children visit but also their screen time consumption. There are a number of home content filtering appliance that allow parents to do just this. The best parental control apps and devices, be they hardware or software, not only put parents in command of such things as the content their children can view and the amount of time they can spend online but help restore a parent’s sense of control. With them, parents, from can restrict access to only specific sites and apps, filter dangerous or explicit web-content, manage time, and even track their location.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering_Appliance.png"},{"id":556,"title":"Antispam - Appliance","alias":"antispam-appliance","description":"Anti-spam appliances are software or hardware devices integrated with on-board software that implement spam filtering and/or anti-spam for instant messaging (also called "spim") and are deployed at the gateway or in front of the mail server. They are normally driven by an operating system optimized for spam filtering. They are generally used in larger networks such as companies and corporations, ISPs, universities, etc.\r\nThe reasons hardware anti-spam appliances might be selected instead of software could include:\r\n<ul><li>The customer prefers to buy hardware rather than software</li><li>Ease of installation</li><li>Operating system requirements</li><li>Independence of existing hardware</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">How does an Antispam Appliance Work?</span>\r\nSince an antispam appliance is hardware, it can be placed at the entry point of the email server to inspect and filter every message that enters the email server. An antispam appliance is capable of evaluating IP addresses that are included in the email messages from the sender. The appliance can also examine the message content and then compare it against the criteria and parameters that have been set for receiving email messages.\r\n<span style=\"font-weight: bold;\">Advantages of an Antispam Appliance</span>\r\nAntispam appliances are capable of providing more email security to large networks because it is hardware that is specifically designed to handle email security on larger networks. Also, since an antispam appliance is hardware, it is much easier to install and configure on a network, as opposed to software that may require a specific operating system infrastructure. For example, if the organization is running the Linux operating system, this type of system will not support antispam filtering software.\r\nAnother advantage of using an antispam appliance is its ability to protect a large network from codes that are designed to destroy the individual computers on the network. These are malicious codes that can enter the email server and then transmit to the email client via spam. When the individual computers get infected, it slows the productivity of the organization and interrupts the network processes.\r\nAlthough many large networks deploy a vulnerability assessment program that can protect the network against criminals with malicious intent, sometimes vulnerability assessment is not enough to protect the massive amounts of email that enter an email server on a large network. This is why it is important to deploy an antispam appliance to provide added security for your email server and the email clients on the individual computers that are connected to the network.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam_Appliance.png"},{"id":560,"title":"IPC - Information Protection and Control - Appliance","alias":"ipc-information-protection-and-control-appliance","description":" Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC class hardware solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information.\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":" <span style=\"font-weight: bold;\">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC apparel solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold;\">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold;\">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold;\">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IPC_Information_Protection_and_Control_Appliance.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":78,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Check_Point_21000.jpg","logo":true,"scheme":false,"title":"Check Point 21000 Appliances","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":38,"alias":"check-point-21000-appliances","companyTitle":"Check Point","companyTypes":["vendor"],"companyId":171,"companyAlias":"check-point","description":"Delivers the best performance in its class\r\n\r\nUp to 44.5 Gbps of real-world firewall throughput\r\nUp to 6.9 Gbps of real-world IPS throughput\r\nSupports sub 5 micro-second low-latency transactions\r\nSupports high availability and serviceability\r\n\r\nOffers a variety of network options to work in any network environment\r\nOffers Lights-Out-Management option for remote out-of-band management\r\nEnables service without downtime thanks to hot-swap and redundant components\r\nReduces costs through security consolidation\r\n\r\nExtends easily to add more security features without adding a new appliance\r\nAvailable in four complete and Software Blade packages that meet any security need\r\nAvailable in a low-cost, high-performance package with extended memory for maximum connection capacity\r\nFeatures\r\n\r\nMaximum security and performance\r\nThe Check Point 21000 Appliances offer maximum availability of business-critical applications and the best performance available in their class.\r\n\r\nHigh port density with up to 37x1GbE ports for network segmentation\r\n110 Gbps firewall throughput and sub-5µs latency for mission-critical applications\r\nComes in compact 2-rack unit chassis\r\nComes with acceleration and clustering technologies\r\n\r\nReliability and high serviceability\r\nMeet the uncompromising high availability standards of modern data centers; the 21000 Appliances are designed to be highly serviceable, even when deployed in customer networks.\r\n\r\nHot-swappable redundant power supplies, hard disk drives and fans\r\nAn advanced Lights-Out-Management card provides out-of-band remote management to remotely diagnose, start, restart and manage the appliance from a remote location\r\n\r\nPrevent unknown threats\r\nCheck Point provides complete zero-day threat prevention and alerts when under attack. Threat Extraction delivers zero-malware documents in zero seconds. Threat Emulation inspects files for malicious content in a virtual sandbox. When Threat Emulation discovers new threats, a signature is sent to the Check Point ThreatCloud database which documents and shares information on the newly identified malware with other Check Point customers — providing immediate protection against zero-day threats.\r\n\r\n\r\nSecurity acceleration module for greater performance confidence\r\nWith the optional Security Acceleration Module, you can confidently increase firewall and VPN bandwidth through your 21000 Appliance without performance degradation. Check Point’s innovative, purpose-built SecurityCore™ technology uses parallel and security processing power to accelerate security performance.\r\n\r\nOffloads security processing from the general purpose appliance CPU\r\nAvailable as a bundle for significant savings right out of the box\r\nHigh network capacity\r\nDeploy the Check Point 21000 Appliances in any network environment.\r\n\r\nUp to 37 10/100/1000Base-T ports\r\nUp to 36 1000base-F SFP, or up to 13 10GBase-F SFP+ ports\r\nThree front-facing expansion slots\r\nUp to 1,024 VLANs for higher network segmentation\r\n\r\nPre-configured with Next Generation Software Blade packages\r\nPre-configured with Next Generation Software Blade packages The Check Point 21000 Appliances offer a complete and consolidated security solution available in five Next Generation Security Software Blade packages.\r\n\r\nNext Generation Firewall—identify and control applications by user and scan content to stop threats (included Blades: IPS and Application Control)\r\nNext Generation Secure Web Gateway—enable secure use of Web 2.0 with real-time multilayer protection against web-borne malware (included Blades: Application Control, URL Filtering, Antivirus and SmartEvent)\r\nNext Generation Data Protection—preemptively protect sensitive information from unintentional loss, educate users on proper data-handling policies and empower them to remediate incidents in real-time (included Blades: IPS, Application Control and Data-Loss Prevention).\r\nNext Generation Threat Prevention—apply multiple layers of protection to prevent sophisticated cyber-threats (included Blades: IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security)\r\nNext Generation Threat Extraction—(NGTX): advanced next-gen zero-day threat prevention, NGTP with Threat Emulation and Threat Extraction.\r\nAdditional Software Blade upgrades are available to further extend and customize protection options","shortDescription":"The 21000 Appliances are designed for data centers with the most demanding requirements for performance and high availability. They are ideal for low-latency transactions, with sub 5 micro-second latency, and they deliver excellent serviceability features for cost-efficient operation.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":7,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Check Point 21000 Appliances","keywords":"security, Check, with, Generation, Next, Threat, Point, 21000","description":"Delivers the best performance in its class\r\n\r\nUp to 44.5 Gbps of real-world firewall throughput\r\nUp to 6.9 Gbps of real-world IPS throughput\r\nSupports sub 5 micro-second low-latency transactions\r\nSupports high availability and serviceability\r\n\r\nOffers a variet","og:title":"Check Point 21000 Appliances","og:description":"Delivers the best performance in its class\r\n\r\nUp to 44.5 Gbps of real-world firewall throughput\r\nUp to 6.9 Gbps of real-world IPS throughput\r\nSupports sub 5 micro-second low-latency transactions\r\nSupports high availability and serviceability\r\n\r\nOffers a variet","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Check_Point_21000.jpg"},"eventUrl":"","translationId":86,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":335,"title":"Secure Content and Threat Management","alias":"secure-content-and-threat-management","description":" Secure content management is the set of processes and technologies that supports the collection, managing, and publishing of information. It involves processes for protecting the company from viruses, spam and undesirable web pages to not only provide enhanced security but also address productivity and potential human resources issues. Even after controlling the number of avenues through which information can enter, after the implementation of perimeter security, the cyber attackers still find ways to piggyback across valid communication channels.\r\nSecure Content Management technologies have evolved rapidly over the last few years due to the complexity of threats associated with email and web gateways. Businesses are increasingly focusing on eliminating this threat by adopting the 2 gateways, rather than the purely productive driven anti-spam and web-filtering techniques.\r\nSecure Content Management solutions are gaining traction due to the increased need for handling voluminous content that is getting generated in organizations on a daily basis. The rising adoption of digitalization, Bring Your Own Device (BYOD), growth of e-commerce, and social media has increased the amount of content generated in inter-organizations and intra-organizations.\r\nSCM solutions offer clients with the benefit of paper-free workflow, accurate searching of the required information, and better information sharing, and also addresses required industry standards and regulations. SCM solutions enable clients with handling essential enterprise information and save time and cost associated with searching for the required business data for making key business decisions.\r\nThe solutions offered for Secure Content Management includes:\r\n<span style=\"font-style: italic;\">Anti-Spam:</span> Spam Filters are introduced for spam e-mail which not only consumes time and money but also network and mail server resources.\r\n<span style=\"font-style: italic;\">Web Surfing:</span> Limiting the websites that end-users are allowed to access will increase work productivity, ensure maximum bandwidth availability and lower the liability issues.\r\n<span style=\"font-style: italic;\">Instant Messaging:</span> Convenient and growing, but difficult to handle, this technology serves as a back door for viruses and worms to enter your network. It also provides a way for sensitive information to be shared over the network.<br /><br /><br />","materialsDescription":" <span style=\"font-weight: bold;\">What are the reasons for adopting secure content management?</span>\r\nFollowing are the reasons for creating the need for secure content management:\r\n<ul><li>Lost productivity</li><li>Introduction of malicious code</li><li>Potential liability</li><li>Wasted network resources</li><li>Control over intellectual property</li><li>Regulatory Compliance</li></ul>\r\nBecause of these reasons, there is rising concern over the security of the organization and creating the need for the adoption of Secure content Management from the clients.\r\n<span style=\"font-weight: bold;\">Strategy Adopted for implementing Secure Content Management</span>\r\nThe strategy applied for Secure Content Management includes the 4 step process including\r\n<span style=\"font-weight: bold;\">Discover</span> involves Identifying and Defining the process of Data Management and collecting the data created.\r\n<span style=\"font-weight: bold;\">Classify</span> is the process of identifying critical data and segregating between secure information and unstructured information.\r\n<span style=\"font-weight: bold;\">Control</span> involves the process of data cleansing, Encrypting the digital content and Securing critical information.\r\n<span style=\"font-weight: bold;\">Govern</span> is the process of creating Service Level Agreements for usage rules, retention rules.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Content_and_Threat_Management.png"},{"id":542,"title":"UTM - Unified Threat Management Appliance","alias":"utm-unified-threat-management-appliance","description":"A unified threat management (UTM) system is a type of network hardware appliance that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.<br />UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nWhile UTM systems and next-generation firewalls (NGFWs) are sometimes comparable, UTM devices include added security features that NGFWs don't offer.\r\nUTM systems provide increased protection and visibility, as well as control over network security, which reduces complexity. UTM systems typically do this via inspection methods that address different types of threats.\r\nThese methods include:\r\n<ul><li>Flow-based inspection, also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li>Proxy-based inspection acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\nUTM devices provide a single platform for multiple network security functions and offer the benefit of a single interface for those security functions, as well as a single point of interface to monitor or analyze security logs for those different functions.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">How do UTM Appliances block a computer virus — or many viruses?</span>\r\nUnified threat management appliances have gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. Preventing these types of attacks can be difficult when using separate appliances and vendors for each specific security task, as each aspect has to be managed and updated individually in order to remain current in the face of the latest forms of malware and cybercrime. By creating a single point of defense and providing a single console, UTM solutions make dealing with varied threats much easier.\r\nWhile unified threat management solutions do solve some network security issues, they aren't without some drawbacks, with the biggest one being that the single point of defense that an UTM appliance provides also creates a single point of failure. Because of this, many organizations choose to supplement their UTM device with a second software-based perimeter to stop any malware that got through or around the UTM firewall.\r\nWhat kind of companies use a Unified Threat Management system?\r\nUTM was originally for small to medium office businesses to simplify their security systems. But due to its almost universal applicability, it has since become popular with all sectors and larger enterprises. Developments in the technology have allowed it to scale up, opening UTM up to more types of businesses that are looking for a comprehensive gateway security solution.\r\n<span style=\"font-weight: bold;\">What security features does Unified Threat Management have?</span>\r\nAs previously mentioned, most UTM services include a firewall, antivirus and intrusion detection and prevention systems. But they also can include other services that provide additional security.\r\n<ul><li>Data loss prevention software to stop data from exfiltrating the business, which in turn prevents a data leak from occurring.</li><li>Security information and event management software for real-time monitoring of network health, which allows threats and points of weakness to be identified.</li><li>Bandwidth management to regulate and prioritize network traffic, ensuring everything is running smoothly without getting overwhelmed.</li><li>Email filtering to remove spam and dangerous emails before they reach the internal network, lowering the chance of a phishing or similar attack breaching your defenses.</li><li>Web filtering to prevent connections to dangerous or inappropriate sites from a machine on the network. This lowers the chance of infection through malvertising or malicious code on the page. It can also be used to increase productivity within a business, i.e. blocking or restricting social media, gaming sites, etc.</li><li>Application filtering to either a blacklist or whitelist which programs can run, preventing certain applications from communicating in and out of the network, i.e. Facebook messenger.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the benefits of Unified Threat Management?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Simplifies the network</span></li></ul>\r\nBy consolidating multiple security appliances and services into one, you can easily reduce the amount of time spent on maintaining many separate systems that may have become disorganized. This can also improve the performance of the network as there is less bloat. A smaller system also requires less energy and space to run.\r\n<ul><li><span style=\"font-weight: bold;\">Provides greater security and visibility</span></li></ul>\r\nA UTM system can include reporting tools, application filtering and virtual private network (VPN) capabilities, all of which defend your network from more types of threats or improve the existing security. Additionally, monitoring and analysis tools can help locate points of weakness or identify ongoing attacks.\r\n<ul><li><span style=\"font-weight: bold;\">Can defend from more sophisticated attacks</span></li></ul>\r\nBecause UTM defends multiple parts of a network it means that an attack targeting multiple points simultaneously can be repelled more easily. With cyber-attacks getting more sophisticated, having defenses that can match them is of greater importance.\r\nHaving several ways of detecting a threat also means a UTM system is more accurate at identifying potential attacks and preventing them from causing damage.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM_Unified_Threat_Management_Appliance.png"},{"id":550,"title":"Web filtering - Appliance","alias":"web-filtering-appliance","description":" <span style=\"font-weight: bold; \">A web filter appliance</span> is a device that allows the user to filter all online content for censorship purposes, such that any links, downloads, and email containing offensive materials or pornography is outright blocked or removed. Web filtering appliance can also help you prevent malware infection because, more often than not, malware is usually hidden within links that promise porn or controversial content. Moreover, because the number of online hazards is un stopped increasing every day, it's always prudent to get a web filter appliance that can adapt to the changing times and the ever-evolving hazards posed by the Internet.\r\nAt any rate, content filtering appliance has a distinct advantage over their software counterparts in terms of stable restriction features, unrestricted monitoring, no platform-based limitations, easy upgrades and improvements, and so on. That's because the best web filters are fully integrated software and hardware systems that optimize their hybrid attributes when it comes to content filtering by gaining full, unmitigated control over online usage through well-defined policies as mandated by the owner of the network or the IT security administrator.\r\nGetting a web content filtering appliance that has a list of premium-grade and detailed content analysis with predefined categories (which includes keywords for pornography, game downloads, drugs, violence, adult content, offensive content, racist content, controversial content, and the like) is a must for any major network. All of the items you'll ever need to block should be easily selectable with a click of your mouse as well; after all, sophisticated technology aside, a good web filter appliance should also be intuitive and practical to use as well.<br /> ","materialsDescription":"<h1 class=\"align-center\">How a Web Content Filter Appliance Works</h1>\r\n<p class=\"align-left\">Typically a web content filter appliance protects Internet users and networks by using a combination of blacklists, URIBL and SURBL filters, category filters and keyword filters. Blacklists, URIBL and SURBL filters work together to prevent users visiting websites known to harbor malware, those that have been identified as fake phishing sites, and those who hid their true identity by using the whois privacy feature or a proxy server. Genuine websites have no reason to hide their true identity.</p>\r\n<p class=\"align-left\">In the category filtering process, the content of millions of webpages are analyzed and assigned a category. System administrators can then choose which categories to block access to (i.e. online shopping, alcohol, pornography, gambling, etc.) depending on whether the web content filter appliance is providing a service to a business, a store, a school, a restaurant, or a workplace. Most appliances for filtering web content also offer the facility to create bespoke categories.</p>\r\n<p class=\"align-left\">Keyword filters have multiple uses. They can be used to block access to websites containing specific words (for example the business name of a competitor), specific file extensions (typically those most commonly used for deploying malware and ransomware), and specific web applications; if, for example, a business wanted to allow its marketing department access to Facebook, but not FaceTime. Effectively, the keyword filters fine-tune the category settings, enhance security and increase productivity.</p>\r\n<h1 class=\"align-center\">Are there any home web filter appliance?</h1>\r\nFor children today, the Internet has always existed. To them, it’s second nature to pop online and watch a funny video, find a fact, or chat with a friend. But, of course, the Internet is also filled with a lot of dark corners (It’s a hop, skip, and a click to adult content). Parents, then, are presented with the daunting task of not only monitoring what sites their children visit but also their screen time consumption. There are a number of home content filtering appliance that allow parents to do just this. The best parental control apps and devices, be they hardware or software, not only put parents in command of such things as the content their children can view and the amount of time they can spend online but help restore a parent’s sense of control. With them, parents, from can restrict access to only specific sites and apps, filter dangerous or explicit web-content, manage time, and even track their location.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering_Appliance.png"},{"id":556,"title":"Antispam - Appliance","alias":"antispam-appliance","description":"Anti-spam appliances are software or hardware devices integrated with on-board software that implement spam filtering and/or anti-spam for instant messaging (also called "spim") and are deployed at the gateway or in front of the mail server. They are normally driven by an operating system optimized for spam filtering. They are generally used in larger networks such as companies and corporations, ISPs, universities, etc.\r\nThe reasons hardware anti-spam appliances might be selected instead of software could include:\r\n<ul><li>The customer prefers to buy hardware rather than software</li><li>Ease of installation</li><li>Operating system requirements</li><li>Independence of existing hardware</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">How does an Antispam Appliance Work?</span>\r\nSince an antispam appliance is hardware, it can be placed at the entry point of the email server to inspect and filter every message that enters the email server. An antispam appliance is capable of evaluating IP addresses that are included in the email messages from the sender. The appliance can also examine the message content and then compare it against the criteria and parameters that have been set for receiving email messages.\r\n<span style=\"font-weight: bold;\">Advantages of an Antispam Appliance</span>\r\nAntispam appliances are capable of providing more email security to large networks because it is hardware that is specifically designed to handle email security on larger networks. Also, since an antispam appliance is hardware, it is much easier to install and configure on a network, as opposed to software that may require a specific operating system infrastructure. For example, if the organization is running the Linux operating system, this type of system will not support antispam filtering software.\r\nAnother advantage of using an antispam appliance is its ability to protect a large network from codes that are designed to destroy the individual computers on the network. These are malicious codes that can enter the email server and then transmit to the email client via spam. When the individual computers get infected, it slows the productivity of the organization and interrupts the network processes.\r\nAlthough many large networks deploy a vulnerability assessment program that can protect the network against criminals with malicious intent, sometimes vulnerability assessment is not enough to protect the massive amounts of email that enter an email server on a large network. This is why it is important to deploy an antispam appliance to provide added security for your email server and the email clients on the individual computers that are connected to the network.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam_Appliance.png"},{"id":560,"title":"IPC - Information Protection and Control - Appliance","alias":"ipc-information-protection-and-control-appliance","description":" Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC class hardware solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information.\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":" <span style=\"font-weight: bold;\">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC apparel solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold;\">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold;\">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold;\">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IPC_Information_Protection_and_Control_Appliance.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":174,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/FortiGate.jpg","logo":true,"scheme":false,"title":"Fortinet FortiGate NGFW","vendorVerified":0,"rating":"2.00","implementationsCount":4,"suppliersCount":0,"supplierPartnersCount":21,"alias":"fortigate","companyTitle":"Fortinet","companyTypes":["vendor"],"companyId":690,"companyAlias":"fortinet","description":"FortiGate NGFWs are network firewalls powered by purpose-built security processing units (SPUs) including the latest NP7 (Network Processor 7). They enable security-driven networking, and are ideal network firewalls for hybrid and hyperscale data centers.\r\nFortinet NGFWs reduce cost and complexity by eliminating points products and consolidating industry-leading security capabilities such as secure sockets layer (SSL) inspection including the latest TLS1.3, web filtering, intrusion prevention system (IPS) to provide fully visibility and protect any edge. Fortinet NGFWs uniquely meet the performance needs of hyperscale and hybrid IT architectures, enabling organizations to deliver optimal user experience, and manage security risks for better business continuity.\r\nFortiGate next-generation firewalls inspect traffic at hyperscale as it enters and leaves the network. These inspections happen at unparalleled speed, scale, and performance to ensure that only legitimate traffic is allowed, all without degrading user experience or creating costly downtime.\r\nAs an integral part of the Fortinet Security Fabric, FortiGate NGFWs can communicate within the comprehensive Fortinet security portfolio as well as third-party security solutions in a multivendor environment. FortiGate NGFWs seamlessly integrate with artificial intelligence (AI)-driven FortiGuard and FortiSandbox services to protect against known and zero-day threats and improve operational efficiency through integration with Fabric Management Center.","shortDescription":"FortiGate is a Top-rated security—NSS Labs “Recommended”. Comprehensive security in one, simplified solution. Flexible deployment options fit your unique requirements","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":19,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Fortinet FortiGate NGFW","keywords":"security, network, your, FortiGate, deployments, small, platform, across","description":"FortiGate NGFWs are network firewalls powered by purpose-built security processing units (SPUs) including the latest NP7 (Network Processor 7). They enable security-driven networking, and are ideal network firewalls for hybrid and hyperscale data centers.\r\n","og:title":"Fortinet FortiGate NGFW","og:description":"FortiGate NGFWs are network firewalls powered by purpose-built security processing units (SPUs) including the latest NP7 (Network Processor 7). They enable security-driven networking, and are ideal network firewalls for hybrid and hyperscale data centers.\r\n","og:image":"https://old.roi4cio.com/fileadmin/user_upload/FortiGate.jpg"},"eventUrl":"","translationId":175,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":536,"title":"WAN optimization - appliance","alias":"wan-optimization-appliance","description":" WAN optimization appliance is a collection of techniques for increasing data-transfer efficiencies across wide-area networks (WANs). In 2008, the WAN optimization market was estimated to be $1 billion and was to grow to $4.4 billion by 2014 according to Gartner, a technology research firm. In 2015 Gartner estimated the WAN optimization market to be a $1.1 billion market.\r\nThe most common measures of TCP data-transfer efficiencies (i.e., optimization) are throughput, bandwidth requirements, latency, protocol optimization, and congestion, as manifested in dropped packets. In addition, the WAN itself can be classified with regards to the distance between endpoints and the amounts of data transferred. Two common business WAN topologies are Branch to Headquarters and Data Center to Data Center (DC2DC). In general, "Branch" WAN links are closer, use less bandwidth, support more simultaneous connections, support smaller connections and more short-lived connections, and handle a greater variety of protocols. They are used for business applications such as email, content management systems, database application, and Web delivery. In comparison, "DC2DC" WAN links tend to require more bandwidth, are more distant and involve fewer connections, but those connections are bigger (100 Mbit/s to 1 Gbit/s flows) and of longer duration. Traffic on a "DC2DC" WAN may include replication, back up, data migration, virtualization, and other Business Continuity/Disaster Recovery (BC/DR) flow.\r\nWAN optimization has been the subject of extensive academic research almost since the advent of the WAN. In the early 2000s, research in both the private and public sectors turned to improve the end-to-end throughput of TCP, and the target of the first proprietary WAN optimization solutions was the Branch WAN. In recent years, however, the rapid growth of digital data, and the concomitant needs to store and protect it, has presented a need for DC2DC WAN optimization. For example, such optimizations can be performed to increase overall network capacity utilization, meet inter-datacenter transfer deadlines, or minimize average completion times of data transfers. As another example, private inter-datacenter WANs can benefit optimizations for fast and efficient geo-replication of data and content, such as newly computed machine learning models or multimedia content.\r\nComponent techniques of Branch WAN Optimization include deduplication, wide-area file services (WAFS), SMB proxy, HTTPS Proxy, media multicasting, web caching, and bandwidth management. Requirements for DC2DC WAN Optimization also center around deduplication and TCP acceleration, however, these must occur in the context of multi-gigabit data transfer rates. ","materialsDescription":" <span style=\"font-weight: bold;\">What techniques does WAN optimization have?</span>\r\n<ul><li><span style=\"font-weight: bold;\">Deduplication</span> – Eliminates the transfer of redundant data across the WAN by sending references instead of the actual data. By working at the byte level, benefits are achieved across IP applications.</li><li><span style=\"font-weight: bold;\">Compression</span> – Relies on data patterns that can be represented more efficiently. Essentially compression techniques similar to ZIP, RAR, ARJ, etc. are applied on-the-fly to data passing through hardware (or virtual machine) based WAN acceleration appliances.</li><li><span style=\"font-weight: bold;\">Latency optimization</span> – Can include TCP refinements such as window-size scaling, selective acknowledgments, Layer 3 congestion control algorithms, and even co-location strategies in which the application is placed in near proximity to the endpoint to reduce latency. In some implementations, the local WAN optimizer will answer the requests of the client locally instead of forwarding the request to the remote server in order to leverage write-behind and read-ahead mechanisms to reduce WAN latency.</li><li><span style=\"font-weight: bold;\">Caching/proxy</span> – Staging data in local caches; Relies on human behavior, accessing the same data over and over.</li><li><span style=\"font-weight: bold;\">Forward error correction</span> – Mitigates packet loss by adding another loss-recovery packet for every “N” packets that are sent, and this would reduce the need for retransmissions in error-prone and congested WAN links.</li><li><span style=\"font-weight: bold;\">Protocol spoofing</span> – Bundles multiple requests from chatty applications into one. May also include stream-lining protocols such as CIFS.</li><li><span style=\"font-weight: bold;\">Traffic shaping</span> – Controls data flow for specific applications. Giving flexibility to network operators/network admins to decide which applications take precedence over the WAN. A common use case of traffic shaping would be to prevent one protocol or application from hogging or flooding a link over other protocols deemed more important by the business/administrator. Some WAN acceleration devices are able to traffic shape with granularity far beyond traditional network devices. Such as shaping traffic on a per-user AND per application basis simultaneously.</li><li><span style=\"font-weight: bold;\">Equalizing</span> – Makes assumptions on what needs immediate priority based on data usage. Usage examples for equalizing may include wide open unregulated Internet connections and clogged VPN tunnels.</li><li><span style=\"font-weight: bold;\">Connection limits</span> – Prevents access gridlock in and to denial of service or to peer. Best suited for wide-open Internet access links, can also be used links.</li><li><span style=\"font-weight: bold;\">Simple rate limits</span> – Prevents one user from getting more than a fixed amount of data. Best suited as a stop-gap first effort for remediating a congested Internet connection or WAN link.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAN_optimization_appliance.png"},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_NGFW.png"},{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-appliance","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular "allow/deny" rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_NGFW.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":185,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/PA-500_next-generation_firewall.png","logo":true,"scheme":false,"title":"PA-500 next-generation firewall","vendorVerified":0,"rating":"2.40","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":5,"alias":"pa-500-next-generation-firewall","companyTitle":"Palo Alto Networks","companyTypes":["vendor"],"companyId":2061,"companyAlias":"palo-alto-networks","description":"The PA-500next-generation firewall is designed to protect medium sized networks. Rack-mountable. Supports fault-tolerant configurations.The PA-500 enables to secure organization through advanced visibility and control of applications, users and content at throughput speeds of up to 250 Mbps. Dedicated computing resources assigned to networking, security, signature matching and management functions ensure predictable performance.\r\n<span style=\"font-weight: bold;\">Key Security Features:</span>\r\nClassifies all applications, on all ports, all the time\r\n• Identifies the application, regardless of port, encryption (SSL\r\nor SSH), or evasive technique employed.\r\n• Uses the application, not the port, as the basis for all\r\nof your safe enablement policy decisions: allow, deny,\r\nschedule, inspect and apply traffic-shaping.\r\n• Categorizes unidentified applications for policy control,\r\nthreat forensics or App-ID™ development.\r\nEnforces security policies for any user, at any location\r\n• Deploys consistent policies to local and remote users\r\nrunning on the Windows®, Mac® OS X®, Linux®, Android®,\r\nor Apple® iOS platforms.\r\n• Enables agentless integration with Microsoft® Active\r\nDirectory® and Terminal Services, LDAP, Novell®\r\neDirectory™ and Citrix®.\r\n• Easily integrates your firewall policies with 802.1X wireless,\r\nproxies, NAC solutions, and any other source of user\r\nidentity information.\r\nPrevents known and unknown threats\r\n• Blocks a range of known threats, including exploits,\r\nmalware and spyware, across all ports, regardless of\r\ncommon threat-evasion tactics employed.\r\n• Limits the unauthorized transfer of files and sensitive data,\r\nand safely enables non-work-related web surfing.\r\n• Identifies unknown malware, analyzes it based on\r\nhundreds of malicious behaviors, and then automatically\r\ncreates and delivers protection.\r\n\r\nThe controlling element of the PA-500 is PAN-OS®,\r\na security-specific operating system that natively\r\nclassifies all traffic, inclusive of applications, threats\r\nand content, and then ties that traffic to the user, regardless\r\nof location or device type. The application, content,\r\nand user – in other words, the business elements that\r\nrun your business –mare then used as the basis of\r\nyour security policies, resulting in an improved security\r\nposture and a reduction in incident response time. ","shortDescription":"Palo Alto Networks® PA-500 is a next-generation firewall appliance for enterprise branch offices and midsize businesses.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":6,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"PA-500 next-generation firewall","keywords":"user, your, policies, then, that, security, regardless, application","description":"The PA-500next-generation firewall is designed to protect medium sized networks. Rack-mountable. Supports fault-tolerant configurations.The PA-500 enables to secure organization through advanced visibility and control of applications, users and content at thr","og:title":"PA-500 next-generation firewall","og:description":"The PA-500next-generation firewall is designed to protect medium sized networks. Rack-mountable. Supports fault-tolerant configurations.The PA-500 enables to secure organization through advanced visibility and control of applications, users and content at thr","og:image":"https://old.roi4cio.com/fileadmin/user_upload/PA-500_next-generation_firewall.png"},"eventUrl":"","translationId":186,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":49,"title":"VPN - Virtual Private Network","alias":"vpn-virtual-private-network","description":"A <span style=\"font-weight: bold; \">virtual private network (VPN)</span> extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g. a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common though not an inherent part of a VPN connection.\r\nAt its most basic level, VPN tunneling creates a point-to-point connection that cannot be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint device needs to be running a VPN client (software application) locally or in the cloud. The VPN client runs in the background and is not noticeable to the end user unless there are performance issues.\r\nThe performance of a VPN can be affected by a variety of factors, among them the speed of users' internet connections, the types of protocols an internet service provider may use and the type of encryption the VPN uses. In the enterprise, performance can also be affected by poor quality of service (QoS) outside the control of an organization's information technology (IT) department.\r\nConsumers use a virtual private network software to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity. Personal VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, it also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.\r\nCompanies and organizations will typically use a VPN security to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of VPNs</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Remote access VPN</span>. Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Site-to-site VPN.</span> In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Mobile VPN.</span> In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Hardware</span>. It offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN appliance.</span> A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides protection, authorization, authentication and encryption for VPNs.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Dynamic multipoint virtual private network (DMVPN</span>). A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">VPN Reconnect.</span> VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. </li></ul>\r\n<p class=\"align-left\"> </p>","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is VPN software?</span></h1>\r\n<span style=\"font-weight: normal;\"></span>VPN software is a tool that allows users to create a secure, encrypted connection over a computer network such as the Internet. The platform was developed to allow for secure access to business applications and other resources.\r\n<header><h1 class=\"align-center\"><span style=\"font-weight: normal;\">How does VPN software work?</span></h1></header>\r\n<p class=\"align-left\">So what does VPN do? Basically, a VPN is a group of computers or networks, which are connected over the Internet. For businesses, VPN services serve as avenues for getting access to networks when they are not physically on the same network. Such a service can also be used to encrypt communications over public networks.</p>\r\n<p class=\"align-left\">VPNs are usually deployed through local installation or by logging on to a service’s website. To give you an idea as to how VPN works, the software allows your computer to basically exchange keys with a remote server, through which all data traffic is encrypted and kept secure, safe from prying eyes. It lets you browse the Internet without the worry of being tracked, monitored and identified without permission. A VPN also helps in accessing blocked sites and in circumventing censorship.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the features of VPN software?</span></h1>\r\n<p class=\"align-left\">There are a variety of ways by which you can determine what VPN suits you. Here are some features of software VPN solutions and buying factors that you should consider:<br /><br /></p>\r\n<ul><li><span style=\"font-weight: bold;\">Privacy</span>: You should know what kind of privacy you really need. Is it for surfing, downloading or simply accessing blocked sites? Best of VPN programs offer one or more of these capabilities.</li><li><span style=\"font-weight: bold;\">Software/features</span>: Platforms should not be limited to ease of use, they should include features such as kill switches and DNS leak prevention tools which provide a further layer of protection.</li><li><span style=\"font-weight: bold;\">Security</span>: One should consider the level of security that a service offers. This can prevent hackers and agencies from accessing your data.</li><li><span style=\"font-weight: bold;\">Cross-platform support</span>: A VPN solution should be able to run on any device. To do this, setup guides for different platforms should be provided by the vendor.</li><li><span style=\"font-weight: bold;\">The number of servers/countries</span>: For these services, the more servers VPN there are, the better the service. This allows users to connect from virtually all over the world. It will also enable them to change their locations at will.</li><li><span style=\"font-weight: bold;\">Speed</span>: It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to the fact that signals need to travel long distances and the demands of the encryption and decryption processes. Choose a service that has minimal impact on Internet speed.</li><li><span style=\"font-weight: bold;\">Simultaneous connections</span>: Many services allow users to use only one device at a time. However, many VPN service providers allow customers to connect multiple devices all at the same time.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VPN_-_Virtual_Private_Network.png"},{"id":335,"title":"Secure Content and Threat Management","alias":"secure-content-and-threat-management","description":" Secure content management is the set of processes and technologies that supports the collection, managing, and publishing of information. It involves processes for protecting the company from viruses, spam and undesirable web pages to not only provide enhanced security but also address productivity and potential human resources issues. Even after controlling the number of avenues through which information can enter, after the implementation of perimeter security, the cyber attackers still find ways to piggyback across valid communication channels.\r\nSecure Content Management technologies have evolved rapidly over the last few years due to the complexity of threats associated with email and web gateways. Businesses are increasingly focusing on eliminating this threat by adopting the 2 gateways, rather than the purely productive driven anti-spam and web-filtering techniques.\r\nSecure Content Management solutions are gaining traction due to the increased need for handling voluminous content that is getting generated in organizations on a daily basis. The rising adoption of digitalization, Bring Your Own Device (BYOD), growth of e-commerce, and social media has increased the amount of content generated in inter-organizations and intra-organizations.\r\nSCM solutions offer clients with the benefit of paper-free workflow, accurate searching of the required information, and better information sharing, and also addresses required industry standards and regulations. SCM solutions enable clients with handling essential enterprise information and save time and cost associated with searching for the required business data for making key business decisions.\r\nThe solutions offered for Secure Content Management includes:\r\n<span style=\"font-style: italic;\">Anti-Spam:</span> Spam Filters are introduced for spam e-mail which not only consumes time and money but also network and mail server resources.\r\n<span style=\"font-style: italic;\">Web Surfing:</span> Limiting the websites that end-users are allowed to access will increase work productivity, ensure maximum bandwidth availability and lower the liability issues.\r\n<span style=\"font-style: italic;\">Instant Messaging:</span> Convenient and growing, but difficult to handle, this technology serves as a back door for viruses and worms to enter your network. It also provides a way for sensitive information to be shared over the network.<br /><br /><br />","materialsDescription":" <span style=\"font-weight: bold;\">What are the reasons for adopting secure content management?</span>\r\nFollowing are the reasons for creating the need for secure content management:\r\n<ul><li>Lost productivity</li><li>Introduction of malicious code</li><li>Potential liability</li><li>Wasted network resources</li><li>Control over intellectual property</li><li>Regulatory Compliance</li></ul>\r\nBecause of these reasons, there is rising concern over the security of the organization and creating the need for the adoption of Secure content Management from the clients.\r\n<span style=\"font-weight: bold;\">Strategy Adopted for implementing Secure Content Management</span>\r\nThe strategy applied for Secure Content Management includes the 4 step process including\r\n<span style=\"font-weight: bold;\">Discover</span> involves Identifying and Defining the process of Data Management and collecting the data created.\r\n<span style=\"font-weight: bold;\">Classify</span> is the process of identifying critical data and segregating between secure information and unstructured information.\r\n<span style=\"font-weight: bold;\">Control</span> involves the process of data cleansing, Encrypting the digital content and Securing critical information.\r\n<span style=\"font-weight: bold;\">Govern</span> is the process of creating Service Level Agreements for usage rules, retention rules.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Secure_Content_and_Threat_Management.png"},{"id":550,"title":"Web filtering - Appliance","alias":"web-filtering-appliance","description":" <span style=\"font-weight: bold; \">A web filter appliance</span> is a device that allows the user to filter all online content for censorship purposes, such that any links, downloads, and email containing offensive materials or pornography is outright blocked or removed. Web filtering appliance can also help you prevent malware infection because, more often than not, malware is usually hidden within links that promise porn or controversial content. Moreover, because the number of online hazards is un stopped increasing every day, it's always prudent to get a web filter appliance that can adapt to the changing times and the ever-evolving hazards posed by the Internet.\r\nAt any rate, content filtering appliance has a distinct advantage over their software counterparts in terms of stable restriction features, unrestricted monitoring, no platform-based limitations, easy upgrades and improvements, and so on. That's because the best web filters are fully integrated software and hardware systems that optimize their hybrid attributes when it comes to content filtering by gaining full, unmitigated control over online usage through well-defined policies as mandated by the owner of the network or the IT security administrator.\r\nGetting a web content filtering appliance that has a list of premium-grade and detailed content analysis with predefined categories (which includes keywords for pornography, game downloads, drugs, violence, adult content, offensive content, racist content, controversial content, and the like) is a must for any major network. All of the items you'll ever need to block should be easily selectable with a click of your mouse as well; after all, sophisticated technology aside, a good web filter appliance should also be intuitive and practical to use as well.<br /> ","materialsDescription":"<h1 class=\"align-center\">How a Web Content Filter Appliance Works</h1>\r\n<p class=\"align-left\">Typically a web content filter appliance protects Internet users and networks by using a combination of blacklists, URIBL and SURBL filters, category filters and keyword filters. Blacklists, URIBL and SURBL filters work together to prevent users visiting websites known to harbor malware, those that have been identified as fake phishing sites, and those who hid their true identity by using the whois privacy feature or a proxy server. Genuine websites have no reason to hide their true identity.</p>\r\n<p class=\"align-left\">In the category filtering process, the content of millions of webpages are analyzed and assigned a category. System administrators can then choose which categories to block access to (i.e. online shopping, alcohol, pornography, gambling, etc.) depending on whether the web content filter appliance is providing a service to a business, a store, a school, a restaurant, or a workplace. Most appliances for filtering web content also offer the facility to create bespoke categories.</p>\r\n<p class=\"align-left\">Keyword filters have multiple uses. They can be used to block access to websites containing specific words (for example the business name of a competitor), specific file extensions (typically those most commonly used for deploying malware and ransomware), and specific web applications; if, for example, a business wanted to allow its marketing department access to Facebook, but not FaceTime. Effectively, the keyword filters fine-tune the category settings, enhance security and increase productivity.</p>\r\n<h1 class=\"align-center\">Are there any home web filter appliance?</h1>\r\nFor children today, the Internet has always existed. To them, it’s second nature to pop online and watch a funny video, find a fact, or chat with a friend. But, of course, the Internet is also filled with a lot of dark corners (It’s a hop, skip, and a click to adult content). Parents, then, are presented with the daunting task of not only monitoring what sites their children visit but also their screen time consumption. There are a number of home content filtering appliance that allow parents to do just this. The best parental control apps and devices, be they hardware or software, not only put parents in command of such things as the content their children can view and the amount of time they can spend online but help restore a parent’s sense of control. With them, parents, from can restrict access to only specific sites and apps, filter dangerous or explicit web-content, manage time, and even track their location.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_filtering_Appliance.png"},{"id":556,"title":"Antispam - Appliance","alias":"antispam-appliance","description":"Anti-spam appliances are software or hardware devices integrated with on-board software that implement spam filtering and/or anti-spam for instant messaging (also called "spim") and are deployed at the gateway or in front of the mail server. They are normally driven by an operating system optimized for spam filtering. They are generally used in larger networks such as companies and corporations, ISPs, universities, etc.\r\nThe reasons hardware anti-spam appliances might be selected instead of software could include:\r\n<ul><li>The customer prefers to buy hardware rather than software</li><li>Ease of installation</li><li>Operating system requirements</li><li>Independence of existing hardware</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">How does an Antispam Appliance Work?</span>\r\nSince an antispam appliance is hardware, it can be placed at the entry point of the email server to inspect and filter every message that enters the email server. An antispam appliance is capable of evaluating IP addresses that are included in the email messages from the sender. The appliance can also examine the message content and then compare it against the criteria and parameters that have been set for receiving email messages.\r\n<span style=\"font-weight: bold;\">Advantages of an Antispam Appliance</span>\r\nAntispam appliances are capable of providing more email security to large networks because it is hardware that is specifically designed to handle email security on larger networks. Also, since an antispam appliance is hardware, it is much easier to install and configure on a network, as opposed to software that may require a specific operating system infrastructure. For example, if the organization is running the Linux operating system, this type of system will not support antispam filtering software.\r\nAnother advantage of using an antispam appliance is its ability to protect a large network from codes that are designed to destroy the individual computers on the network. These are malicious codes that can enter the email server and then transmit to the email client via spam. When the individual computers get infected, it slows the productivity of the organization and interrupts the network processes.\r\nAlthough many large networks deploy a vulnerability assessment program that can protect the network against criminals with malicious intent, sometimes vulnerability assessment is not enough to protect the massive amounts of email that enter an email server on a large network. This is why it is important to deploy an antispam appliance to provide added security for your email server and the email clients on the individual computers that are connected to the network.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Antispam_Appliance.png"},{"id":560,"title":"IPC - Information Protection and Control - Appliance","alias":"ipc-information-protection-and-control-appliance","description":" Information Protection and Control (IPC) is a technology for protecting confidential information from internal threats. IPC class hardware solutions are designed to protect information from internal threats, prevent various types of information leaks, corporate espionage, and business intelligence. The term IPC combines two main technologies: encryption of storage media at all points of the network and control of technical channels of information leakage using Data Loss Prevention (DLP) technologies. Network, application and data access control is a possible third technology in IPC class systems. IPC includes solutions of the Data Loss Prevention (DLP) class, a system for encrypting corporate information and controlling access to it. The term IPC was one of the first to use IDC analyst Brian Burke in his report, Information Protection and Control Survey: Data Loss Prevention and Encryption Trends.\r\nIPC technology is a logical continuation of DLP technology and allows you to protect data not only from leaks through technical channels, that is, insiders, but also from unauthorized user access to the network, information, applications, and in cases where the direct storage medium falls into the hands of third parties. This allows you to prevent leaks in those cases when an insider or a person who does not have legal access to data gain access to the direct carrier of information.\r\nThe main objective of IPC systems is to prevent the transfer of confidential information outside the corporate information system. Such a transfer (leak) may be intentional or unintentional. Practice shows that most of the leaks (more than 75%) do not occur due to malicious intent, but because of errors, carelessness, carelessness, and negligence of employees - it is much easier to detect such cases. The rest is connected with the malicious intent of operators and users of enterprise information systems, in particular, industrial espionage and competitive intelligence. Obviously, malicious insiders, as a rule, try to trick IPC analyzers and other control systems.","materialsDescription":" <span style=\"font-weight: bold;\">What is Information Protection and Control (IPC)?</span>\r\nIPC (English Information Protection and Control) is a generic name for technology to protect confidential information from internal threats.\r\nIPC apparel solutions are designed to prevent various types of information leaks, corporate espionage, and business intelligence. IPC combines two main technologies: media encryption and control of technical channels of information leakage (Data Loss Prevention - DLP). Also, the functionality of IPC systems may include systems of protection against unauthorized access (unauthorized access).\r\n<span style=\"font-weight: bold;\">What are the objectives of IPC class systems?</span>\r\n<ul><li>preventing the transfer of confidential information beyond the corporate information system;</li><li>prevention of outside transmission of not only confidential but also other undesirable information (offensive expressions, spam, eroticism, excessive amounts of data, etc.);</li><li>preventing the transmission of unwanted information not only from inside to outside but also from outside to inside the organization’s information system;</li><li>preventing employees from using the Internet and network resources for personal purposes;</li><li>spam protection;</li><li>virus protection;</li><li>optimization of channel loading, reduction of inappropriate traffic;</li><li>accounting of working hours and presence at the workplace;</li><li>tracking the reliability of employees, their political views, beliefs, collecting dirt;</li><li>archiving information in case of accidental deletion or damage to the original;</li><li>protection against accidental or intentional violation of internal standards;</li><li>ensuring compliance with standards in the field of information security and current legislation.</li></ul>\r\n<span style=\"font-weight: bold;\">Why is DLP technology used in IPC?</span>\r\nIPC DLP technology supports monitoring of the following technical channels for confidential information leakage:\r\n<ul><li>corporate email;</li><li>webmail;</li><li>social networks and blogs;</li><li>file-sharing networks;</li><li>forums and other Internet resources, including those made using AJAX technology;</li><li>instant messaging tools (ICQ, Mail.Ru Agent, Skype, AOL AIM, Google Talk, Yahoo Messenger, MSN Messenger, etc.);</li><li>P2P clients;</li><li>peripheral devices (USB, LPT, COM, WiFi, Bluetooth, etc.);</li><li>local and network printers.</li></ul>\r\nDLP technologies in IPC support control, including the following communication protocols:\r\n<ul><li>FTP;</li><li>FTP over HTTP;</li><li>FTPS;</li><li>HTTP;</li><li>HTTPS (SSL);</li><li>NNTP;</li><li>POP3;</li><li>SMTP.</li></ul>\r\n<span style=\"font-weight: bold;\">What information protection facilities does IPC technology include?</span>\r\nIPC technology includes the ability to encrypt information at all key points in the network. The objects of information security are:\r\n<ul><li>Server hard drives;</li><li>SAN;</li><li>NAS;</li><li>Magnetic tapes;</li><li>CD/DVD/Blue-ray discs;</li><li>Personal computers (including laptops);</li><li>External devices.</li></ul>\r\nIPC technologies use various plug-in cryptographic modules, including the most efficient algorithms DES, Triple DES, RC5, RC6, AES, XTS-AES. The most used algorithms in IPC solutions are RC5 and AES, the effectiveness of which can be tested on the project [distributed.net]. They are most effective for solving the problems of encrypting data of large amounts of data on server storages and backups.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IPC_Information_Protection_and_Control_Appliance.png"},{"id":562,"title":"DDoS Protection - Appliance","alias":"ddos-protection-appliance","description":"A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks.\r\nBuying a DDoS mitigation appliance can be highly confusing, especially if you have never done this before. While selecting a DDoS protection solution you must understand the right features and have proper background knowledge. In case of distributed denial of service attacks, the bandwidth or resources of any targeted network is flooded with a large amount of malicious traffic. As a result, the system becomes overloaded and crashes. The legitimate users of the network are denied the service. The mail servers, DNS servers and the servers which host high-profile websites are the main target of DDOS attacks. Customers who use services of any shared network are also affected by these attacks. Therefore, anti-DDOS appliances are now vital.","materialsDescription":"<span style=\"font-weight: bold;\">DDoS mitigation solution</span>\r\nThere are two types of DDoS mitigation appliances. These include software and hardware solutions. Identical functions may be claimed by both forms of DDoS protection.\r\n<ul><li>Firewalls are the most common protection appliance, which can deny protocols, IP addresses or ports. However, they are not enough strong to provide protection from the more complicated DDoS attacks.</li><li>Switches are also effective solutions for preventing DDoS attacks. Most of these switches possess rate limiting capability and ACL. Some switches provide packet inspection, traffic shaping, delayed binding and rate limiting. They can detect the fake traffic through balancing and rate filtering.</li><li>Like switches, routers also have rate limiting and ACL capability. Most routers are capable of moving under DoS attacks.</li><li>Intrusion prevention systems are another option for you when it comes to protection from DDoS attacks. This solution can be effective in several cases of DDoS attacks. It can identify DDoS attacks and stop them because they possess the granularity as well as processing power required for identifying the attacks. Then they work in an automated manner to resolve the situation.</li><li>There are also rate-based intrusion prevention mechanisms, which are capable of analyzing traffic granularity. This system can also monitor the pattern of traffic.</li></ul>\r\nYou must check the connectivity while selecting a DDoS mitigation appliance. Capacity is also an important aspect of a DDoS protection solutions. You must figure out the number of ports, IPs, protocols, hosts, URLs and user agents that can be monitored by the appliance. An effective DDoS mitigation solution must also be properly customizable. Your DDoS mitigation appliance should be such that it can be upgraded according to your requirements. These are some important factors that you need to consider while choosing a DDoS mitigation appliance for your system.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection_Appliance.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":["Shortage of inhouse software developers","Shortage of inhouse IT resources","Shortage of inhouse IT engineers","High costs of IT personnel"],"materials":[],"useCases":[],"best_practices":[],"values":["Reduce Costs","Ensure Security and Business Continuity"],"implementations":[],"presenterCodeLng":"","productImplementations":[]}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}