Industrial control systems have long been considered immune to cyber attacks as they are mostly isolated from the Internet. Unfortunately, this no longer holds true. Today’s advanced cyber attacks are targeting critical infrastructures and organizations with highly valuable information, leading to sabotage of massive assembly lines, severe economic damages, and data breaches. AhnLab EPS is a compact, optimized security solution for industrial systems based on whitelisting. Find out how EPS ensures the stability of operations and increases endpoint security effectiveness without impacting business productivity. Features: Whitelist Approach Application whitelisting takes a proactive approach, denying everything that is not specifically approved. This approach allows only trusted programs in the whitelist, in contrast to traditional reactive solutions that only block known threats that are explicitly defined in a blacklist. By ensuring that only clean, approved applications can be executed, it protects networks from a broader range of potential threats. Specialized for Industrial Systems The importance and nature of industrial control systems, such as production lines, plants, and Point of Sales (POS) machines, present particular challenges to ensuring their continued security and stability. Coupled with restrictive controls on clients in these systems, EPS ensures stable system operation and security integrity in industrial environments. Complete Network Control Enables you to control the direction of communication and block malicious network IPs and ports in to keep potential risks at bay. Customize your protection for networks and preempt threats. Simplified Endpoint Protection EPS places its powerful antivirus engine on the central server, so that IT administrators do not need to update and maintain the signatures at every endpoint. Learning Mode Administrator can simulate the results when the configured settings or security policies are applied to real circumstances. It helps reduce disruptions to productivity and unexpected errors that are common with untested deployments. Advantages: Stability

• Proactively protects against unknown malware
• Prevents malware-induced security breaches
• Provides system stability without requiring signature or patch updates

Productivity

• Eliminates interruptions caused by malicious or unauthorized software
• Operates around the clock without the need for constant maintenance
• Allows simple administration and implementation

Cost-cutting

• Reduces system and data restoration costs by preventing malware damages
• Reduces time and costs required for system security and maintenance

CB Defense is an industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set. CB Defense is certified to replace AV and designed to deliver the best endpoint security with the least amount of administrative effort. It protects against the full spectrum of modern cyber attacks, including the ability to detect and prevent both known and unknown attacks. CB Defense leverages the powerful capabilities of the CB Predictive Security Cloud, applying our unique streaming analytics to unfiltered endpoint data in order to predict, detect, prevent, respond to and remediate cyber threats. In addition, CB Defense provides a suite of response and remediation tools, including Live Response, which allows security personnel to perform remote live investigations, intervene with ongoing attacks and instantly remediate endpoint threats. For peace of mind, CB Defense customers can also leverage CB ThreatSight, Carbon Black’s managed threat alert service, to validate alerts and uncover new threats. CB Defense is available through MSSPs or directly as software as a service. Key Capabilities Single Agent, Cloud Platform CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and dataset. Streaming Prevention with Minimal False Positives CB Defense’s unique, data-driven prevention technology is certified to replace AV, using predictive modeling that identifies and stops more known and unknown threats including malware, fileless attacks, and ransomware. This technology eliminates the black magic typically associated with machine learning, minimizing misses and false positives. Complete Endpoint Visibility CB Defense gives you a clear, comprehensive picture of endpoint activity using unfiltered, tagged data that allows you to easily search and investigate endpoints, follow the stages of an attack, and identify root cause so you can close security gaps. Improved Efficiency Between Security & IT Ops CB Defense breaks down the walls between IT Operations and Security with simple workflows and built-in tools for live incident response, real-time investigations, and team collaboration. In addition, flexible policy configurations allow you to explicitly tailor your prevention, keeping users happy without compromising security. FEATURES

• Signatures and cloud-based reputation to stop malware

• Streaming prevention to stop advanced fileless attacks

• Online and offline prevention

• Flexible prevention policies

• Customizable executive dashboard

• Interactive attack chain visualization

• Live Response: real-time threat remediation

• PCI and HIPAA compliant

• Open APIs integrate with your security stack

Delivers the best performance in its class Up to 44.5 Gbps of real-world firewall throughput Up to 6.9 Gbps of real-world IPS throughput Supports sub 5 micro-second low-latency transactions Supports high availability and serviceability Offers a variety of network options to work in any network environment Offers Lights-Out-Management option for remote out-of-band management Enables service without downtime thanks to hot-swap and redundant components Reduces costs through security consolidation Extends easily to add more security features without adding a new appliance Available in four complete and Software Blade packages that meet any security need Available in a low-cost, high-performance package with extended memory for maximum connection capacity Features Maximum security and performance The Check Point 21000 Appliances offer maximum availability of business-critical applications and the best performance available in their class. High port density with up to 37x1GbE ports for network segmentation 110 Gbps firewall throughput and sub-5µs latency for mission-critical applications Comes in compact 2-rack unit chassis Comes with acceleration and clustering technologies Reliability and high serviceability Meet the uncompromising high availability standards of modern data centers; the 21000 Appliances are designed to be highly serviceable, even when deployed in customer networks. Hot-swappable redundant power supplies, hard disk drives and fans An advanced Lights-Out-Management card provides out-of-band remote management to remotely diagnose, start, restart and manage the appliance from a remote location Prevent unknown threats Check Point provides complete zero-day threat prevention and alerts when under attack. Threat Extraction delivers zero-malware documents in zero seconds. Threat Emulation inspects files for malicious content in a virtual sandbox. When Threat Emulation discovers new threats, a signature is sent to the Check Point ThreatCloud database which documents and shares information on the newly identified malware with other Check Point customers — providing immediate protection against zero-day threats. Security acceleration module for greater performance confidence With the optional Security Acceleration Module, you can confidently increase firewall and VPN bandwidth through your 21000 Appliance without performance degradation. Check Point’s innovative, purpose-built SecurityCore™ technology uses parallel and security processing power to accelerate security performance. Offloads security processing from the general purpose appliance CPU Available as a bundle for significant savings right out of the box High network capacity Deploy the Check Point 21000 Appliances in any network environment. Up to 37 10/100/1000Base-T ports Up to 36 1000base-F SFP, or up to 13 10GBase-F SFP+ ports Three front-facing expansion slots Up to 1,024 VLANs for higher network segmentation Pre-configured with Next Generation Software Blade packages Pre-configured with Next Generation Software Blade packages The Check Point 21000 Appliances offer a complete and consolidated security solution available in five Next Generation Security Software Blade packages. Next Generation Firewall—identify and control applications by user and scan content to stop threats (included Blades: IPS and Application Control) Next Generation Secure Web Gateway—enable secure use of Web 2.0 with real-time multilayer protection against web-borne malware (included Blades: Application Control, URL Filtering, Antivirus and SmartEvent) Next Generation Data Protection—preemptively protect sensitive information from unintentional loss, educate users on proper data-handling policies and empower them to remediate incidents in real-time (included Blades: IPS, Application Control and Data-Loss Prevention). Next Generation Threat Prevention—apply multiple layers of protection to prevent sophisticated cyber-threats (included Blades: IPS, Application Control, Antivirus, Anti-Bot, URL Filtering and Email Security) Next Generation Threat Extraction—(NGTX): advanced next-gen zero-day threat prevention, NGTP with Threat Emulation and Threat Extraction. Additional Software Blade upgrades are available to further extend and customize protection options

Ekran System performs user activity monitoring on servers and workstations with local, RDP, and terminal session recording for Windows and Citrix platforms as well as Telnet SSH session recording for Linux servers. Benefits Unlike focused software to track user activity (i.e. solutions to record terminal server sessions only or PC activity monitoring tools), Ekran System is a universal solution providing you with detailed user activity audit logs for any end-point in your corporate network via a single Web-based console. Thus you record RDP sessions and local user activity on end-points, perform terminal server user monitoring and Telnet SSH session monitoring using a single tool enabling cross-analytic options. When you choose Ekran System computer monitoring software, you receive: Universal and network protocol agnostic monitoring Simple and integrated video format Multifactor search and corresponding reports Incident response tools Affordable floating licensing When to use Ekran System Ekran System is a universal user activity control software and can assist with multiple business tasks from staff PC monitoring to sensitive data access control: Monitor employee computer activity Record user activity on critical servers Control privileged user activity Audit third-party IT service providers accessing your infrastructure Track work with critical data and applications Advanced video format Solutions are based on the principles of passive computer activity monitoring with advanced indexed video format at its core. Video recording is an efficient tool to log and monitor user activity as it is all-inclusive and integrated, thus allowing for quick comprehension, reconstruction, and the tools to respond to a security incident. Real-time Monitoring Tool Ekran System allows you to perform the monitoring of user activity in real time, and if a user session is still running you can connect to it and monitor a live user screen. Besides recordings and alert functionality, Ekran System live sessions provide tools for a proper incident response. If dangerous activity is detected you can manually block the user. Record filtering Software to monitor user activity will log thousands of user actions over a typical day. Solutions for monitoring computer activity of a number of users should provide some tools to make logging more focused. Ekran System gives you several recording filtering options. You may record a selected number of key applications or optionally set up a list of private/non-critical applications or URLs you do not wish to monitor. Client Protection Ekran System Client and its data are protected from unauthorized intrusions of users with any privileges. By enabling the Protected Mode, you prevent Client uninstallation, process interruption, solution component editing and other monitoring blocking actions. Offline Monitoring Option If the network connection on the Client computer breaks for an undisclosed time, Ekran System Client will continue to work gathering monitored data in the offline mode to then send it to the server once the connection resumes.

By leveraging FireEye’s unique technologies and threat intelligence, FireEye Network Security detects what other security solutions miss, providing holistic security from the perimeter to the network core. Ideal for next-generation networks that need flexible and scalable deployment options, FireEye Network Security offerings provide strong security for a myriad of environments and customer needs. FireEye Network Security is designed for high-performance, pervasive and consistent protection against threats across your organization with integrated security workflow and actionable contextual intelligence. It enables you to:

• Accurately detect and immediately stop attacks that evade other security devices, including file-based sandboxes
• Understand and prioritize critical alerts with reliable execution evidence and contextual insights
• Proactively defend and investigate threats with tactical intelligence from FireEye or a third party using the Structured Threat Information eXpression (STIX) format as well as contextual and strategic threat intelligence
• Deploy Network Security with integrated all-in-one hardware appliances or with a scalable and flexible on-premise or cloud-based distributed model
• Future-proof your investment with an extensible, modular architecture
• Provide your Microsoft Windows and Apple OS X users with the same level of threat protection
• Achieve quick protection with machine-, attacker- and victim-based intelligence applied as updates to your defenses every 60 minutes
• Shorten the solution payback period by eliminating the operational cost of triaging alerts manually
• Integrate and automate your security workflow to easily prioritize, investigate and respond to alerts across different threat vectors

FireEye SmartVision Edition is a network traffic analysis (NTA) solution that detects suspicious lateral traffic within an enterprise network. Unlike other network security solutions that sit at the perimeter to thwart malicious incoming attacks, FireEye SmartVision Edition can be deployed throughout the network — at the core, across network segments and in front of key server assets — to detect malicious internal traffic. With FireEye SmartVision Edition, security analysts and administrators gain new insight and visibility of suspicious lateral traffic that firewalls and other security gateways miss. By using easy to deploy, lightweight sensors working in conjunction with FireEye’s industry - leading Cloud MVX™ technology, customers can scale SmartVision Edition visibility across the entire network — from the data center to remote branch office locations. At the heart of SmartVision Edition is advanced threat detection software, which includes an advanced correlation and analytics engine and a machine learning module to detect attempted data exfiltration, bolstered by 120+ intrusion detection rules that identify weak indicators of compromise Benefits

• Detects formerly undetectable suspicious lateral traffic

• Decreases time to detect postbreach activities

• Provides flexibility to scale throughout the entire network

• Enables visibility into network segmentation initiatives

• Improves network forensics and incident response

• Reduces attacker dwell time

Components of SmartVision edition Three components are required to enable SmartVision Edition:

1. A minimum of one or more SmartVision Sensors (hardware or virtual)

2. Connection to a FireEye MVX engine (either on-premise, Smart Grid or via Cloud MVX*)

3. FireEye OS release 8.1.2 or greater with SmartVision activated

Patch management: Fix vulnerabilities before an attack

Patch management is vital to your business. Network security breaches are most commonly caused by missing network patches. GFI LanGuard scans and detects network vulnerabilities before they are exposed, reducing the time required to patch machines on your network. GFI LanGuard patches Microsoft ®, Mac® OS X®, Linux® and more than 60 third-party applications, and deploys both security and non-security patches.

 Network auditing: Analyze your network centrally

GFI LanGuard provides a detailed analysis of the state of your network. This includes applications or default configurations posing a security risk. GFI LanGuard also gives you a complete picture of installed applications; hardware on your network; mobile devices that connect to the Exchange servers; the state of security applications (antivirus, anti-spam, firewalls, etc.); open ports; and any existing shares and services running on your machines.

Vulnerability assessment: Discover security threats early

More than 60,000 vulnerability assessments are carried out across your networks, including virtual environments, mobile and network devices. GFI LanGuard scans your operating systems, virtual environments and installed applications through vulnerability check databases such as OVAL and SANS Top 20. GFI LanGuard enables you to analyze the state of your network security, identify risks and address how to take action before it is compromised.

• Patch management across multiple operating systems. GFI LanGuard is compatible with Microsoft®, Mac OS X® and Linux®, operating systems, as well as many third-party applications. Scan your network automatically or on demand. Auto-download missing patches or roll-back patches.

• Integrates with third-party security app. GFI LanGuard integrates with more than 4,000 critical security applications, including: antivirus, anti-spyware, firewall, anti-phishing, backup client, VPN client, URL filtering, patch management, web browser, instant messaging, peer-to-peer, disk encryption, data loss prevention and device access control. It provides status reports and lists of instant messaging or peer-to-peer applications installed on your network. It also rectifies any issues that require attention such as triggering antivirus or anti-spyware updates.

• Know what’s happening on your network. GFI LanGuard's network auditing gives you a comprehensive view of your network – including connected USB devices smartphones and tablets, as well as installed software, open shares, open ports, weak passwords and any hardware information. Secure your network by closing ports, deleting obsolete users or disabling wireless access points.

• Network and software auditing. Security audits. The interactive dashboard provides a summary of the current network security status and a history of all relevant changes in the network over time. Drill down through information, from network-wide security sensors to individual security scan results.

• Manage reporting. Reports can be exported to popular formats like PDF, HTML, XLS, XLSX, RTF and CSV, and can be scheduled and sent by email. They can also be used as a template to create new custom reports and are fully re-brandable.

• Run agent-less or agent-based modes. GFI LanGuard can be configured to run in agent-less or agent-based mode. Agent technology enables automated network security audits and distributes the scanning load across client machines.

 

Our end-to-end protection platform combines advanced data analytics with real-time scoring to outsmart threats and approve more orders so you can focus on growing your business without the fear of fraud.

All the tools you need to safeguard your revenue

Order fraud protection Approve more orders while cutting out fraud. Receive a single, actionable score that accounts for more than just payment factors. From device fingerprinting to behavioral analytics, our scoring algorithm considers over 170 factors to determine whether a transaction is fraudulent. Ad fraud protection Stop common forms of advertising fraud, including click fraud, impression fraud, retargeting fraud, and affiliate fraud. Identify which ad campaigns are allowing bots to eat away at your budget and which ones are bringing in the best returns. Site performance monitoring Set alerts for unexpected downtime, certificate expirations, and other performance problems, which help keep your site running smoothly and let you address issues before they affect your users.

Adaptable to your business, no matter your industry

• Ecommerce platforms. Help your merchants strengthen their defenses against fraud with a solution that can be implemented in just minutes.
• Payment gateways. Enhance your risk analysis with deep analytics and risk scoring to verify purchases and reduce fraud.
• Online merchants. Reduce chargebacks with early detection and prevent fraudulent transactions before they occur — without affecting conversions.
• Event ticketing. Identify risky accounts and block suspicious transactions while improving the ticketing experience for legitimate buyers.

The PA-500next-generation firewall is designed to protect medium sized networks. Rack-mountable. Supports fault-tolerant configurations.The PA-500 enables to secure organization through advanced visibility and control of applications, users and content at throughput speeds of up to 250 Mbps. Dedicated computing resources assigned to networking, security, signature matching and management functions ensure predictable performance. Key Security Features: Classifies all applications, on all ports, all the time • Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed. • Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping. • Categorizes unidentified applications for policy control, threat forensics or App-ID™ development. Enforces security policies for any user, at any location • Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android®, or Apple® iOS platforms. • Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®. • Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information. Prevents known and unknown threats • Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed. • Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing. • Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection. The controlling element of the PA-500 is PAN-OS®, a security-specific operating system that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content, and user – in other words, the business elements that run your business –mare then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time. 

BENEFITS SilentDefense empowers industrial operators with unrivaled visibility, threat detection capability and control of their network. VISIBILITY See what your network devices are doingAssess risks, threats and vulnerabilitiesUnderstand the current resilience state of your network DETECTION Catch known and unknown threats at their earliest stagesPinpoint weak spots and current inefficienciesGather all evidence required for incident response CONTROL

• Know what's going on at all times
• Anticipate problems and threats
• Prioritize incident response and mitigation activity

FEATURES

• Asset inventory and network map
• Obtain full knowledge and awareness of your network through SilentDefense’s automatic asset inventory and device fingerprinting features
• Browse through the interactive network map to understand device behavior, threats and vulnerabilities
• Filter and export the information for reporting and backup

ASSET INVENTORY AND NETWORK MAP VISUAL NETWORK ANALYTICS NETWORK AND PROCESS ANOMALY DETECTION INDUSTRY-SPECIFIC THREAT LIBRARIES DEPLOYMENT

• Deployed in a matter of hours, delivers immediate results
• Connects to the SPAN/mirroring port of network switches or by using network tap technology
• Fully passive, monitors real-time network traffic without any interference or impact on the monitored environment

INTEGRATION

• Natively integrates with all major SIEM solutions, authentication servers and industrial firewalls
• Features a comprehensive API for data extraction and updates
• Its scalable architecture allows to simultaneously monitor multiple network segments and locations from a single screen

AVAILABLE CONFIGURATIONS

• Available both as a software or appliance-based solution
• Runs on commercial off-the-shelf hardware and hypervisors
• Form factors and sizing for appliance-based solutions vary from standard server units to ruggedized hardware depending on the monitored environment and throughput

PROTOCOL SUPPORT

• 15+ open OT protocols, including all smart grid and industrial automation protocols
• Proprietary protocols of all major ICS vendors
• 20+ IT protocols common to industrial environments
• Support for additional protocols is added on a continuous basis or on customer request.

Unified Threat Management makes security simple. Sophos UTM provides the ultimate network security package with everything you need in a single modular appliance. It simplifies your IT security without the complexity of multiple-point solutions. The intuitive interface will help you quickly create policies to control security risks. And clear, detailed reports will give you the insight you need to improve your network performance and protection. Highlights

• Every feature available  on every appliance
• Firewall, VPN, ATP, IPS, email, web filtering and app control
• Hardware, virtualized, software or cloudbased appliance
• Intuitive browserbased interface
• Built-in reporting on all models
• Two-factor authentication with one-time password (OTP) in many areas
• Integrated wireless controller

Consolidated network security platform — no compromise Protect your network using multi-layered proven protection technologies including Advanced Threat Protection (ATP), IPS, VPN, email and web filtering combined with the industry’s simplest admin interface. We’ve engineered our software and hardware to give you the throughput speeds you need. And, you can choose the level of protection you need with modular subscriptions as every feature is available on every appliance. All the Next-Gen Firewall features you need We’ll give you complete control to block, allow, shape and prioritize applications. Our Deep Layer-7 inspection (Next-Generation Firewall) ensures true application identification and has regular automatic updates. And you’ll get feedback on unclassified applications too. Intuitive management and detailed reporting You’ll know what’s happening with your users and you’ll have complete control over all the features you need, with none of the complexity. Easily build policies while getting detailed real-time and historical data with our on-box reporting, helping you to fix problems fast. And our Free Sophos UTM Manager lets you centrally administer several appliances through a single login. Connect remote offices with easy VPN and Wi-Fi Sophos RED (Remote Ethernet Device) provides secure remote access to your off-site locations. It’s the first security gateway that requires no technical skills at the remote site. Once installed, it forwards traffic to the UTM for complete security. Sophos UTM also works as a wireless controller; access points are automatically set up and receive complete UTM protection.

As enterprises face a shortage of skilled security professionals, security teams often spend too much time monitoring and validating alerts, which limits their ability to address other security needs. Even more concerning, when attacks occur, many security analysts are limited by the tools and data available for analysis in their own environment.This is compounded by lack of visibility into the history of the event. Carbon Black Cloud Managed Detection provides a much needed view into attacks with recommendations for the policy changes needed to remediate the threat. Managed Detection Analysts notify service subscribers via email of threats and provide specific policy changes to address the threat in Carbon Black Cloud Next Gen AV and Behavioral EDR. Built directly on the Carbon Black Cloud platform, CB Managed Detection is staffed by a world-class team of security experts who monitor and analyze the data in the Carbon Black Cloud using advanced machine learning and algorithmic tool sets.
Offered as a managed service, Managed Detection provides a world-class team of Carbon Black security experts who with your organization to validate and prioritize alerts, uncover new threats and accelerate investigations.

Key Capabilities Threat Validation and Insight With 24x7x365 coverage, your team can have true peace of mind knowing that nothing will slip through the cracks. Carbon Black’s security experts proactively validate alerts and send email notifications, helping to assure that your team doesn’t miss the alerts that matter. Roadmap to Root Cause Carbon Black Managed Detection provides additional, human-generated context to Carbon Black NGAV and Behavioral EDR alerts, such as connecting alerts caused by the same root cause, to help you streamline investigations and resolve security issues. Outbreak Advisories Carbon Black’s Threat Analysis Unit constantly monitors threat trends across the globe. When widespread and newsworthy outbreaks occur our team sends out advisories that include indicators of compromise, giving your team a jump start on assessing risk and closing gaps. Monthly Reporting Our Carbon Black Managed Detection experts provide monthly reports that summarize activity across your environment, including the most common suspicious events and most targeted machines. These reports provide a starting point for refining policies, help your team see big-picture trends and make reporting effortless.

BENEFITS

• More efficient and proactive security operations

• More actionable alerts, reducing alert fatigue

• Notifications provide analysts with the information needed to keep their leadership aware of threats and mitigations.

• Reduced time spent investigating root cause

• Alleviation of staffing pressures with 24x7 support

• Clearer view of security trends to help guide policy

FEATURES

• Threat validation

• Email alerts

• Root cause analysis

• Threat advisories

• Monthly reports

PLATFORMS Carbon Black Managed Detection is an add-on service to Carbon Black NGAV and Behavioral EDR, which supports:

• Windows: Windows 7/8/10

• Mac OS X: 10.6.8+

• Server:
  Windows 2008
  Windows 2012
  Windows 2016