{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"products":{"reference-bonus":{"ru":"Предложить бонус за референс","_type":"localeString","en":"Offer a reference bonus"},"configurator":{"ru":"Конфигуратор","_type":"localeString","en":"Configurator"},"i-sell-it":{"ru":"I sell it","_type":"localeString","en":"I sell it"},"i-use-it":{"ru":"I use it","_type":"localeString","en":"I use it"},"roi-calculator":{"en":"ROI-calculator","ru":"ROI-калькулятор","_type":"localeString"},"selling":{"ru":"Продают","_type":"localeString","en":"Selling"},"using":{"ru":"Используют","_type":"localeString","en":"Using"},"sort-title-asc":{"en":"From A to Z","ru":"От А до Я","_type":"localeString"},"supplier-popover":{"ru":"поставщик","_type":"localeString","en":"supplier"},"implementation-popover":{"_type":"localeString","en":"deployment","ru":"внедрение"},"vendor-popover":{"ru":"производитель","_type":"localeString","en":"vendor"},"sort-title-desc":{"_type":"localeString","en":"From Z to A","ru":"от Я до А"},"sort-rating-asc":{"ru":"По возрастанию рейтинга","_type":"localeString","en":"Rating ascending"},"sort-rating-desc":{"ru":"По убыванию рейтинга","_type":"localeString","en":"Rating descending"},"sort-discount-asc":{"ru":"По возрастанию скидки","_type":"localeString","en":"Rebate ascending"},"sort-discount-desc":{"en":"Rebate descending","ru":"По убыванию скидки","_type":"localeString"},"i-use-it-popover":{"en":"Make your introduction and get a bonus from ROI4CIO or the supplier.","ru":"Внесите свое внедрение и получите бонус от ROI4CIO или поставщика.","_type":"localeString"},"details":{"_type":"localeString","en":"Details","ru":"Детальнее"},"rebate-for-poc":{"en":"Bonus 4 POC","ru":"Бонус 4 POC","_type":"localeString"},"rebate":{"ru":"Бонус","_type":"localeString","en":"Bonus"},"vendor-verified":{"_type":"localeString","en":"Vendor verified","ru":"Поставщик потверждён"},"program-sends-data":{"_type":"localeString","en":"Program sends data"},"learn-more-btn":{"ru":"Узнать больше","_type":"localeString","en":"Learn more"},"categories-popover":{"en":"categories","ru":"категории","_type":"localeString"},"sort-popular-asc":{"ru":"По возростанию популярности","_type":"localeString","en":"Popular ascending"},"sort-popular-desc":{"ru":"По убыванию популярности","_type":"localeString","en":"Popular descending"},"no-results":{"ru":"По вашему запросу ничего не найдено, попробуйте изменить запрос.","_type":"localeString","en":"No results found. We didn't find any results with the filter you selected."},"login":{"de":"Einloggen","ru":"Войти","_type":"localeString","en":"Login"},"register":{"de":"Registrieren","ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"auth-message":{"_type":"localeString","en":"You need to register or login.","de":"Sie müssen sich registrieren oder anmelden","ru":"Вам нужно зарегистрироваться или войти."},"add-to-comparison":{"ru":"Добавить в сравнение","_type":"localeString","en":"Add to comparison"},"added-to-comparison":{"en":"Added to comparison","ru":"Добавлено в сравнения","_type":"localeString"},"items-found":{"ru":"Продуктов найдено","_type":"localeString","en":"Products found"},"sort-sales-desc":{"ru":"По продаже","_type":"localeString","en":"By sale"},"sort-purchases-desc":{"_type":"localeString","en":"By purchase","ru":"По покупке"},"product-supplier":{"ru":"Поставщик продукта","_type":"localeString","en":"Product supplier"},"product-vendor":{"_type":"localeString","en":"Product producer","ru":"Производитель продукта"},"products-fetching-error":{"ru":"Произошла ошибка. Перезагрузите пожалуйста страницу.","_type":"localeString","en":"An error has occurred. Please reload the page."}},"header":{"help":{"ru":"Помощь","_type":"localeString","en":"Help","de":"Hilfe"},"how":{"ru":"Как это работает","_type":"localeString","en":"How does it works","de":"Wie funktioniert es"},"login":{"en":"Log in","de":"Einloggen","ru":"Вход","_type":"localeString"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"de":"FAQ","ru":"FAQ","_type":"localeString","en":"FAQ"},"references":{"_type":"localeString","en":"Requests","de":"References","ru":"Мои запросы"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"_type":"localeString","en":"Catalogs","ru":"Каталоги"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"_type":"localeString","en":"For suppliers","ru":"Поставщикам"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"_type":"localeString","en":"Enter your search term","ru":"Введите поисковый запрос"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"en":"Products","_type":"localeString"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString"},"company":{"de":"Über die Firma","ru":"О компании","_type":"localeString","en":"My Company"},"about":{"en":"About us","de":"Über uns","ru":"О нас","_type":"localeString"},"infocenter":{"ru":"Инфоцентр","_type":"localeString","en":"Infocenter","de":"Infocenter"},"tariffs":{"en":"Subscriptions","de":"Tarife","ru":"Тарифы","_type":"localeString"},"contact":{"en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString"},"marketplace":{"ru":"Marketplace","_type":"localeString","en":"Marketplace","de":"Marketplace"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString"},"get_bonus":{"de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"salestools":{"_type":"localeString","en":"Salestools","de":"Salestools","ru":"Salestools"},"automatization":{"en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString"},"subscribe":{"ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"en":"Privacy Policy","ru":"Политика конфиденциальности","_type":"localeString"},"user_agreement":{"en":"Agreement","ru":"Пользовательское соглашение ","_type":"localeString"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"en":"blog","ru":"блог","_type":"localeString"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"ru":"категории","_type":"localeString","en":"categories"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"en":"Email","ru":"Email","_type":"localeString"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"en":"This field is required","ru":"Это поле обязательное","_type":"localeString"},"subscribe__notify-label":{"_type":"localeString","en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"_type":"localeString","en":"Last, first name","ru":"Имя Фамилия"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter","de":"roi4presenter","ru":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"_type":"localeString","en":"Home","ru":"Главная"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"en":"Registration","ru":"Регистрация","_type":"localeString"},"b2b-platform":{"en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"_type":"localeString","en":"First name","ru":"Имя"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"en":"Your rate","ru":"Ваша оценка","_type":"localeString"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"_type":"localeString","en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"_type":"localeString","en":"{NAME} is required filed","ru":"{NAME} - это обязательное поле"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"ru":"Спасибо за ваше понимание","_type":"localeString","en":"Thank you for your understanding"}},"filters":{"from":{"ru":"от","_type":"localeString","en":"from"},"to":{"en":"to","ru":"до","_type":"localeString"},"filter-price-title":{"ru":"Фильтр по цене","_type":"localeString","en":"Filter by price"},"view-type-label":{"en":"View","ru":"Вид","_type":"localeString"},"sort-type-label":{"en":"Sorting","ru":"Сортировка","_type":"localeString"},"category":{"en":"Category","ru":"Категория","_type":"localeString"},"follow":{"_type":"localeString","en":"Follow","ru":"Следить"},"add-product":{"_type":"localeString","en":"Add Product","ru":"Добавить продукт"},"show-all":{"_type":"localeString","en":"Show all","ru":"Показать все"},"filter-toggle":{"en":"Filter","ru":"Фильтр","_type":"localeString"},"clear-button":{"en":"Сlear","ru":"Очистить","_type":"localeString"},"delivery-type-field":{"_type":"localeString","en":"Delivery type","ru":"Тип поставки"},"product-categories-field":{"_type":"localeString","en":"product categories","ru":"категориz продуктаhjle"},"providers-field":{"en":"Providers","ru":"Поставщик, производитель","_type":"localeString"},"business-tasks-field":{"ru":"Бизнес задачи","_type":"localeString","en":"Business tasks"},"problems-field":{"en":"Problems","ru":"Проблемы","_type":"localeString"},"with-discounts-checkbox":{"ru":"Со скидками","_type":"localeString","en":"With discounts"},"expert-price-checkbox":{"ru":"Конфигуратор","_type":"localeString","en":"Configurator"},"roi-calculator-checkbox":{"_type":"localeString","en":"ROI-calculator","ru":"ROI-калькулятор"},"apply-filter-button":{"_type":"localeString","en":"Apply filter","ru":"Применить фильтр"},"sorting-toggle":{"en":"Sorting","ru":"Сортировка","_type":"localeString"},"show-all-button":{"_type":"localeString","en":"Show all","ru":"Показать все"},"suggest-product-button":{"ru":"Предложить продукт","_type":"localeString","en":"Suggest product"},"with-projects-label":{"ru":"С внедрениями","_type":"localeString","en":"With deployments"},"bonus-4-reference":{"en":"Bonus 4 Reference","ru":"Бонус за референс","_type":"localeString"},"product-categories":{"ru":"Категории продуктов","_type":"localeString","en":"Product Categories"},"countries":{"_type":"localeString","en":"Countries","ru":"Страны"},"seller":{"ru":"Продавец","_type":"localeString","en":"Seller"},"vendors":{"_type":"localeString","en":"User products vendors","ru":"Производители продуктов пользователя"},"suppliers":{"en":"User suppliers","ru":"Поставщики пользователя","_type":"localeString"},"business-process":{"en":"Problems","ru":"Проблемы","_type":"localeString"},"business-objectives":{"ru":"Бизнес задачи","_type":"localeString","en":"Business tasks"},"branch":{"ru":"Отрасль","_type":"localeString","en":" Branch"},"users":{"ru":"Пользователи","_type":"localeString","en":"Users"},"status":{"ru":"Статус","_type":"localeString","en":"Status"},"info-source":{"ru":"Информационный ресурс","_type":"localeString","en":"Info source"},"with-reference-checkbox":{"en":"With reference","ru":"С референсами","_type":"localeString"},"show-deal-checkbox":{"ru":"Показывать сделки с noname","_type":"localeString","en":"Show deal with noname"},"roi-checkbox":{"en":"ROI","ru":"ROI","_type":"localeString"},"problems":{"_type":"localeString","en":"Problems","ru":"Проблемы"},"find":{"ru":"Выполнить поиск","_type":"localeString","en":"Find"},"deal-date":{"ru":"Дата","_type":"localeString","en":"Date"},"try-button":{"_type":"localeString","en":"Try AI (Beta)","ru":"Попробовать AI (Beta)"},"hide":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"company-size":{"ru":"Размер компании","_type":"localeString","en":"Company size"},"add-company":{"_type":"localeString","en":"Add company","ru":"Добавить компанию"},"add-implementation":{"ru":"Добавить внедрение","_type":"localeString","en":"Add deployment"},"sort-title-asc":{"_type":"localeString","en":"From A to Z","ru":"От А до Я"},"sort-title-desc":{"ru":"От Я до А","_type":"localeString","en":"From Z to A"},"sellers-field":{"ru":"Поставщики, Производители","_type":"localeString","en":"Sellers"},"supply-types":{"en":"Supply type","ru":"Тип поставки","_type":"localeString"},"with-comments-checkbox":{"ru":"С комментариями","_type":"localeString","en":"With comments"},"supplier":{"en":"Supplier","ru":"Поставщик","_type":"localeString"},"vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"user":{"ru":"Пользователь","_type":"localeString","en":"User"},"company-type":{"ru":"Тип компании","_type":"localeString","en":"Company type"},"partners-field":{"en":"Partners","ru":" Партнеры","_type":"localeString"},"customers":{"ru":"Покупатели","_type":"localeString","en":"Customers"},"product-supplier":{"ru":"Поставщик продукта","_type":"localeString","en":"Product supplier"},"product-vendor":{"_type":"localeString","en":"Product vendor","ru":"Производитель продукта"},"implementation-date":{"ru":"Дата внедрения","_type":"localeString","en":"Deployment date"},"canceled":{"_type":"localeString","en":"Canceled","ru":"Отменено"},"deal-canceled":{"ru":"Сделка отменена","_type":"localeString","en":"Deal canceled"},"deal-closed":{"_type":"localeString","en":"Deal closed","ru":"Сделка закрыта"},"deal-in-progress":{"_type":"localeString","en":"Deal in progress","ru":"Сделка в процессе"},"deal-is-planned":{"en":"Deal is planned","ru":"Сделка планируется","_type":"localeString"},"finished":{"ru":"Завершено","_type":"localeString","en":"Finished"},"in-process":{"ru":"Ведется","_type":"localeString","en":"In Process"},"planned":{"ru":"Планируется","_type":"localeString","en":"Planned"},"proof-of-concept":{"_type":"localeString","en":"Proof of concept","ru":"Пилотный проект"},"stopped":{"ru":"Остановлено","_type":"localeString","en":"Stopped"},"competencies":{"ru":"Компетенции","_type":"localeString","en":"Competencies"}}},"translationsStatus":{"products":"success","filters":"success"},"sections":{"products-text-block":{"body":{"ru":[{"markDefs":[],"children":[{"_key":"28241882db7a0","_type":"span","marks":[],"text":"Каталог продуктов ROI4CIO - это база данных программного обеспечения, оборудования и ИТ-услуг для бизнеса. С помощью фильтров, подбирайте ИТ-продукты по категории, поставщику или производителю, бизнес-задачам, проблемам, наличию ROI калькулятора или калькулятора цены. Находите подходящие решения для бизнеса, воспользовавшись нейросетевым поиском, основанным на результатах внедрения софта в других компаниях."}],"_type":"block","style":"normal","_key":"28241882db7a"}],"_type":"localeBlock","en":[{"children":[{"text":"The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks and problems. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.","_key":"8bebcfb349550","_type":"span","marks":[]}],"_type":"block","style":"normal","_key":"8bebcfb34955","markDefs":[]}]},"label":"catalog-products-text-block"}},"sectionsStatus":{"products-text-block":"success"},"pageMetaData":{"products":{"translatable_meta":[{"name":"og:title","translations":{"_type":"localeString","en":"Products","ru":"Продукты"}},{"name":"description","translations":{"_type":"localeString","en":"Description","ru":"Лучшие приложения и it услуги для бизнеса. Выбор по видам программного обеспечения, бизнес-задачам и проблемам. Расчет стоимости лицензионного ПО, ROI"}},{"name":"og:description","translations":{"_type":"localeString","en":"The best applications and it services for business. Choice by type of software, business tasks and problems. Calculation of the cost of licensed software, ROI","ru":"Лучшие приложения и it услуги для бизнеса. Выбор по видам программного обеспечения, бизнес-задачам и проблемам. Расчет стоимости лицензионного ПО, ROI"}},{"name":"keywords","translations":{"ru":"каталог, программное обеспечение, софт, ит услуги","_type":"localeString","en":"keyword"}},{"name":"title","translations":{"ru":"Продукты","_type":"localeString","en":"Products"}}],"title":{"ru":"ROI4CIO: Продукты","_type":"localeString","en":"ROI4CIO: Products"},"meta":[{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"},{"content":"website","name":"og:type"}]}},"pageMetaDataStatus":{"products":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{"cyops-platform":{"id":4466,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CyberSponse.png","logo":true,"scheme":false,"title":"CyOPs Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"cyops-platform","companyTitle":"CyberSponse, Inc.","companyTypes":["vendor"],"companyId":6896,"companyAlias":"cybersponse-inc","description":"The CyOPs Platform utilizes CyberSponse’s patented technological process to fill the gap between automation-only and human dependent security organizations, while also facilitating cross-functional collaboration. \r\nIntegrate your SOCs entire security stack behind a single pane of glass with unlimited daily actions, fortifying your data and maximizing ROI.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Incident Management</span></p>\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Distinguishing Real Threats From Endless Alerts</span></span></p>\r\nReal threats are often overlooked, largely as a result of the copious amount of alert notifications that accumulate daily. CyOPs Automated Intelligent Triaging enables Security Analysts to efficiently uncover these important alerts, prioritizing them based on severity, asset, intelligence, and frequency.\r\nTo investigate alerts more efficiently, it’s very important to be able to understand and review data in a consumable manner. CyOPs Case Management solution understands the need to manage data effectively and provides options to:\r\n<ul><li>Manage Alert and Incident Listings in a filter-able grid view</li><li>Ability to add mini-dashboards on each grid to gain visibility into the bigger picture and understand trends</li><li>Ability to define new modules, unlike any other SOAR offering- with customization of modules such as fields, views, and permissions</li><li>Visual layout editor to define custom views, data models, fields, and grids</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">CyOPs for MSSPs</span></p>\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Integrate All Your Security Tools</span></span></p>\r\nEnterprise-level SOCs leverage a multitude of products and tools to effectively resolve incidents and fulfill compliance requirements.&nbsp; \r\nCyOPs caters to our clients’ specific environment needs due to the customizability of product, which results in greater efficiency, eliminated alert fatigue, and maximizes their ROI. \r\nThe CyOPs Integrations Repository has over 280 available integrations, enabling users to automate their entire security stack behind a single pane of glass. <br />A unified console built on the only enterprise multi-tenancy architecture.\r\n<ul><li>Obtain a complete overview of all your customers (tenants) in a single unified CyOPs master console.</li><li>Filter views by customers, to understand the customer’s current state</li><li>Assign and adhere to the Roles and Permissions assigned to each tenant</li><li>Create customer specific alert and incident views</li><li>Robust and scalable architecture for load-balancing usage</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Role Based Custom Dashboards</span></p>\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Insight From Multiple Perspectives</span></span></p>\r\nCyOPs offers customers enterprise dashboards enabling better decision making.\r\n<ul><li>Choose from multiple canned dashboards from multiple perspectives</li><li>Export and import dashboard templates</li><li>Export dashboard views as PDFs</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">Full Role-Based Access Control</span></span></p>\r\n<ul><li>Assign multiple roles to each dashboard to control visibility across the team.</li><li>Ability to assign roles and permissions to dashboard templates</li><li>Ability to make selected dashboards as default for all system users</li><li>Ability to create user-specific dashboards and reports</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Reporting</span></p>\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Library of Out-of-the-box Reports</span></span></p>\r\n<ul><li>Leverage the CyOPs Report Library for a quick start with many commonly used reports</li><li>Use ready-made reports like Incident Closures, Alert Closures, IOC Summaries etc.</li><li>CyOPs Support Portal using Report Import functionality</li><li>Customize out-of-the-box reports for organization-specific metrics</li><li>Export Reports in CSV &amp; PDF Formats</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Queue Management</span></p>\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Create Dedicated Queues</span></span></p>\r\nLeverage the built-in CyOPs Queue Management to handle automatic work assignments across multiple queues and teams\r\n<ul><li>Create multiple queues across multiple teams</li><li>Add multiple team members to each Queue</li><li>Define logical rules for auto assignments to a specific member or team</li><li>Option to add work tasks manually to any queue</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Manage SOC Shift Change With Ease</span></p>\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Streamline SOC Team Onboarding &amp; Management</span></span></p>\r\nCyOPs™ enables new SOC team members to start making an impact right away due to its ease of use and ability to retain information from previous employees. \r\nStandardized trackable and repeatable processes result in a more efficient onboarding plan for new SOC team members. \r\nCreate standard automated response processes using the most versatile enterprise drag-and-drop CyOPs Playbook builder that not only retains team knowledge but also shortens incident response times. \r\nMaximize your team and security stack with CyOPs™ automation.\r\n<ul><li>SOCs that work in multiple shifts perfects shift changeovers with ease</li><li>Create multiple queues for different shifts</li><li>Define rules for assigning alerts and incidents based on the timezone</li><li>Obtain snapshots of a shift’s queue to better understand task status</li><li>Option to add manual tasks to any queue or team member</li></ul>\r\n\r\n","shortDescription":"The CyberSponse CyOPs platform is a holistic and enterprise built security orchestration and security automation workbench that empowers security operation.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":1,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyOPs Platform","keywords":"","description":"The CyOPs Platform utilizes CyberSponse’s patented technological process to fill the gap between automation-only and human dependent security organizations, while also facilitating cross-functional collaboration. \r\nIntegrate your SOCs entire security stack beh","og:title":"CyOPs Platform","og:description":"The CyOPs Platform utilizes CyberSponse’s patented technological process to fill the gap between automation-only and human dependent security organizations, while also facilitating cross-functional collaboration. \r\nIntegrate your SOCs entire security stack beh","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CyberSponse.png"},"eventUrl":"","translationId":4467,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as&nbsp;programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that&nbsp;operators&nbsp;use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"},{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the &quot;cyclical practice of identifying, classifying, prioritizing, remediating and mitigating&quot; software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force &quot;catch it as you can&quot; and a more intelligent &quot;stop look listen&quot; method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as &quot;the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents&quot;.\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>&quot;Catch-it-as-you-can&quot; – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>&quot;Stop, look and listen&quot; – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"cyrebro":{"id":5685,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CyberHat.png","logo":true,"scheme":false,"title":"Cyrebro","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"cyrebro","companyTitle":"CyberHat","companyTypes":["supplier","vendor"],"companyId":8600,"companyAlias":"cyberhat","description":"<p class=\"align-center\"><span style=\"font-weight: bold;\">What Makes CYREBRO a Smart SOC?</span></p>\r\nCyberHat’s unique cyber security readiness assessment is based on years of practical offensive expertise. Company designed and built a unique, on-site, professional assessment that provides clear and tangible insights of an organizations cyber defense capabilities.\r\nThey evaluate a client’s security readiness and provide a roadmap of remedial actions which address three core elements:\r\n<ol><li><span style=\"font-weight: bold;\">Resilience</span></li><li><span style=\"font-weight: bold;\">Response</span></li><li><span style=\"font-weight: bold;\">Recovery abilities</span></li></ol>\r\nMethodology is focused on the gap between theory and fact. The assessment creates a clear and coherent picture of the true cyber security posture of the organization and it’s ability to handle real life cyber incidents. Attack scenario analysis – CyberHat’s methodology includes a comprehensive analysis that is carried out by tracing known attack phases and examining how a potential attacker could exploit the organization’s existing gaps throughout the different attack vectors. \r\n<ul><li><span style=\"font-weight: bold;\">Technology Agnostic</span></li></ul>\r\nThe only managed SOC solution that is 100% technology agnostic. Manages more than 13 SIEM and log aggregation technologies.\r\n<ul><li> <span style=\"font-weight: bold;\">Hacker Point of View </span></li></ul>\r\nThe design and operation of CYREBRO has the hacker point of view at its core, enabling us to provide the highest grade of professional cyber services. \r\n<ul><li><span style=\"font-weight: bold;\">SIEM Optimization</span></li></ul>\r\n Optimizes customers’ existing SIEM technologies to reduce false positives, ensure true viability and verify the highest level of utilization. \r\n<ul><li><span style=\"font-weight: bold;\">Seamless Integration</span></li></ul>\r\nCYREBRO’s unique lab team is dedicated solely to the research and execution of new and complex log sources and platforms. \r\n<ul><li><span style=\"font-weight: bold;\">Incident Response </span></li></ul>\r\nCYREBRO I.R. team prepares the organization during the onboarding process and executes a professional response to any cyber threat. \r\n<ul><li><span style=\"font-weight: bold;\">Forensic Investigation </span></li></ul>\r\nCYREBRO in-house forensic investigation team is responsible for all levels of advanced forensic investigation, from the host to the network level. \r\n<ul><li><span style=\"font-weight: bold;\">Threat Intelligence </span></li></ul>\r\nCYREBRO in-house intelligence team provides daily threat intelligence analysis, synchronizing directly to the CYREBRO platform to enrich monitoring capabilities.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">CYREBRO Business Models </span></p>\r\n<ul><li><span style=\"font-weight: bold;\">CYREBRO Core.</span> Helping clients utilize their existing technologies</li><li><span style=\"font-weight: bold;\">CYREBRO One.</span> A full turnkey solution that gets you up and running quickly and professionally</li><li><span style=\"font-weight: bold;\">CYREBRO X.</span> Enabling SMBs' the most professional managed SOC with fortune 100 grade </li></ul>","shortDescription":"The World’s most Professional Managed SOC","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cyrebro","keywords":"","description":"<p class=\"align-center\"><span style=\"font-weight: bold;\">What Makes CYREBRO a Smart SOC?</span></p>\r\nCyberHat’s unique cyber security readiness assessment is based on years of practical offensive expertise. Company designed and built a unique, on-site, profess","og:title":"Cyrebro","og:description":"<p class=\"align-center\"><span style=\"font-weight: bold;\">What Makes CYREBRO a Smart SOC?</span></p>\r\nCyberHat’s unique cyber security readiness assessment is based on years of practical offensive expertise. Company designed and built a unique, on-site, profess","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CyberHat.png"},"eventUrl":"","translationId":5686,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li>&nbsp;&nbsp;&nbsp; Lower costs for IT operations</li><li>&nbsp;&nbsp;&nbsp; Higher returns on IT investments</li><li>&nbsp;&nbsp;&nbsp; Minimal service outages</li><li>&nbsp;&nbsp;&nbsp; Ability to establish well-defined, repeatable, and manageable IT processes</li><li>&nbsp;&nbsp;&nbsp; Efficient analysis of IT problems to reduce repeat incidents</li><li>&nbsp;&nbsp;&nbsp; Improved efficiency of IT help desk teams</li><li>&nbsp;&nbsp;&nbsp; Well-defined roles and responsibilities</li><li>&nbsp;&nbsp;&nbsp; Clear expectations on service levels and service availability</li><li>&nbsp;&nbsp;&nbsp; Risk-free implementation of IT changes</li><li>&nbsp;&nbsp;&nbsp; Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the &quot;needs&quot; primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"defensestorm-grid":{"id":4328,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/DefenseStorm.png","logo":true,"scheme":false,"title":"DefenseStorm GRID","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"defensestorm-grid","companyTitle":"DefenseStorm","companyTypes":["supplier","vendor"],"companyId":6712,"companyAlias":"defensestorm","description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">Let DefenseGRID experts keep watch on your behalf</span></p>\r\n<ul><li>Threat Ready Active Compliance (TRAC) Team is staffed by security experts that will help monitor your network and alert you when they see a potential threat</li><li> A structured and supported approach to on-boarding</li><li>24/7 network monitoring</li><li>TRAC can make the difference between a security fire drill and a full system breach</li><li>Frequent, hassle-free updates without additional cost, software downloads or hardware changes</li><li>Pricing based on your asset size, not the amount of data ingested, so you can cover everything</li><li>Speed and power without the high cost of data centers, hardware and hiring additional IT resource</li></ul>\r\n<p class=\"align-center\"><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Key Features</span></span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Scalability that evolves with financial institution needs.</span> Transforms complex and unstructured security event data from disparate systems into meaningful, actionable information</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Community intelligence.</span> A community of financial institutions and cybersecurity experts. Leverage community knowledge for progressively smarter cybersecurity &amp; cybercompliance practices. Learn what like-minded thinkers have to say about keeping financial institutions safe and sound. Access our Knowledge Center for best practices and DefenseStorm GRID updates.<span style=\"font-weight: bold;\"></span></li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The DefenseStorm GRID: Co-Managed Threat-Ready Cybersecurity + Active Compliance.</span> Your team and DefenseStorm’s TRAC (Threat Ready Active Compliance). Team use the DefenseStorm GRID together.Be as involved as you’d like in day-to-day activities. The TRAC Team carefully curates the threat feeds and triggers most relevant to banks and credit unions to meet compliance &amp; security needs</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Configured for you.</span> TRAC leverages the DefenseStorm GRID library to create cybersecurity triggers specific to your bank or credit union network and policies.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">See everything, prioritize what matters most.</span> TRAC curates triggers to prioritize the most important indicators of compromise. Machine Learning and Rich Context help reduce the number of alerts and false positives while also increasing relevancy.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The visibility and understanding you need.</span> You see the same console and dashboards our TRAC Team uses, which facilitates co-managed coverage and efficiency.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Cybersecurity &amp; cybercompliance in one real time system of record.</span> DefenseStorm GRID serves as your system of record for your cybersecurity and cybercompliance postures in real time, all the time. Task Schedules, workflows, audit trails and evidentiary proof reflect industry regulations as well as your own policies.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Slash reporting time, even for audits and examinations.</span> The DefenseStorm GRID continuously collects all compliance-related evidence and automatically generates corresponding reports to prove compliance to internal and external stakeholders as well as regulators.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Guidance to align risk with cybersecurity maturity.</span> The DefenseStorm GRID continuously guides you to align your cybersecurity risk with your Cybersecurity Maturity Level. Your Inherent Risk Profile and Maturity Levels will change as threats, vulnerabilities and operating environments change.</li></ul>\r\n<p class=\"align-left\"><br /><br /></p>","shortDescription":"DefenseStorm unifies detection, investigation, reporting and compliance. Help from security experts.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DefenseStorm GRID","keywords":"","description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">Let DefenseGRID experts keep watch on your behalf</span></p>\r\n<ul><li>Threat Ready Active Compliance (TRAC) Team is staffed by security experts that will help monitor your network and alert you when the","og:title":"DefenseStorm GRID","og:description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">Let DefenseGRID experts keep watch on your behalf</span></p>\r\n<ul><li>Threat Ready Active Compliance (TRAC) Team is staffed by security experts that will help monitor your network and alert you when the","og:image":"https://old.roi4cio.com/fileadmin/user_upload/DefenseStorm.png"},"eventUrl":"","translationId":4329,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"},{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li>&nbsp;&nbsp;&nbsp; Lower costs for IT operations</li><li>&nbsp;&nbsp;&nbsp; Higher returns on IT investments</li><li>&nbsp;&nbsp;&nbsp; Minimal service outages</li><li>&nbsp;&nbsp;&nbsp; Ability to establish well-defined, repeatable, and manageable IT processes</li><li>&nbsp;&nbsp;&nbsp; Efficient analysis of IT problems to reduce repeat incidents</li><li>&nbsp;&nbsp;&nbsp; Improved efficiency of IT help desk teams</li><li>&nbsp;&nbsp;&nbsp; Well-defined roles and responsibilities</li><li>&nbsp;&nbsp;&nbsp; Clear expectations on service levels and service availability</li><li>&nbsp;&nbsp;&nbsp; Risk-free implementation of IT changes</li><li>&nbsp;&nbsp;&nbsp; Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the &quot;needs&quot; primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force &quot;catch it as you can&quot; and a more intelligent &quot;stop look listen&quot; method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as &quot;the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents&quot;.\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>&quot;Catch-it-as-you-can&quot; – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>&quot;Stop, look and listen&quot; – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":836,"title":"DRP - Digital Risk Protection","alias":"drp-digital-risk-protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"dxc-security-platform":{"id":4330,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/DXC.png","logo":true,"scheme":false,"title":"DXC Security Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"dxc-security-platform","companyTitle":"DXC Technology","companyTypes":["supplier","vendor"],"companyId":6713,"companyAlias":"dxc-technology","description":"DXC Technology’s Security Platform helps organizations deliver an efficient security response, streamline remediation and clearly visualize security posture. It does so by extending the cloud-based IT service management capabilities of ServiceNow to security teams.\r\nThis platform combines DXC’s cybersecurity operational processes and advanced workflows together with ServiceNow to automate manual processes and prioritize threats, incidents and vulnerabilities based on their potential impact on the business.\r\nAvailable as a fully managed service through DXC Intelligent Security Operations, the DXC Security Platform ensures continuous monitoring and management of incidents and vulnerabilities by DXC’s 24/7 global Security Operations Centers (SOCs). \r\nDXC’s global ServiceNow practice provides consulting services and project accelerators to ensure that organizations improve efficiency and lower costs as they elevate service management to the cloud. <span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">Key benefits:</span>\r\n<ul><li>Correlation of information on incidents and vulnerabilities to the configuration management database (CMDB) to understand the business criticality, allowing incident responders to work on the most important issues first</li></ul>\r\n<ul><li>Workflows that follow National Institute of Standards and Technology best practices for computer/IT security incident handling (NIST SP 800-61r2)</li></ul>\r\n<ul><li>Automated post-incident review report that eliminates the need for manual post-mortem reports</li></ul>\r\n<ul><li>Automatic triggering of a patching process, configuration changes or other standard workflows, by specific types of security incidents and vulnerabilities</li></ul>\r\n<ul><li>At-a-glance dashboards that show executives and analysts the exact status of their overall security posture as well as enable drill-down to a specific incident</li></ul>\r\n<ul><li> Indicators of compromise automatically linked with security incidents and vulnerabilities, streamlining and automating the&nbsp; manual process of threat investigation and incident triage</li></ul>\r\n\r\n<span style=\"font-weight: bold;\">Extensive collaboration capabilities</span> \r\nBuilt on proven ServiceNow applications for IT Service Management (ITSM), IT Operations Management (ITOM) and IT Business Management (ITBM), DXC’s Security Platform supports forms-based workflow application development and extensive collaboration integrated with workflows, including:<br /><br />\r\n<ul><li>&nbsp;&nbsp;&nbsp; Chat capabilities</li><li>&nbsp;&nbsp;&nbsp; Content and knowledge management</li><li>&nbsp;&nbsp;&nbsp; Task management</li></ul>\r\n<br />Through increased automation and improved collaboration, security and IT teams can work more closely to hold the entire organization accountable for solving issues quickly. \r\nThese streamlined processes can help expand the capacity of security analysts and response teams to respond more efficiently to attacks and incidents. \r\nAs a result, the DXC Security Platform will help reduce overall risks enterprise-wide.\r\n<p class=\"align-center\">&nbsp;</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Comprehensive support services</span></p>\r\nDXC offers a complete array of managed security services for cloud, traditional data center, endpoint, identity and network&nbsp; management. DXC’s Security Platform can be integrated with DXC’s services:\r\n<ul><li>&nbsp;&nbsp;&nbsp; 24x7 SOCs for continuous monitoring and management of incidents and vulnerabilities</li><li>&nbsp;&nbsp;&nbsp; Cyber assurance for account and security service management</li><li>&nbsp;&nbsp;&nbsp; Incident management team for response to user- and machine generated incidents</li><li>&nbsp;&nbsp;&nbsp; Managed SIEM</li><li>&nbsp;&nbsp;&nbsp; Managed vulnerability assessment</li><li>&nbsp;&nbsp;&nbsp; Global threat intelligence</li><li>&nbsp;&nbsp;&nbsp; Client ITSM environments, if needed (at additional cost for integration)</li><li>&nbsp;&nbsp;&nbsp; Service Desk, if needed (at additional cost)</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Why DXC?</span></p>\r\nWith 40 years of experience in information security, DXC is one of the world’s few companies that provide end-to-end services to monitor and safeguard systems — from strategic consulting and technical assessments to managed security services. \r\n\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Key features:</span></p>\r\n<p class=\"align-left\"><br /><span style=\"font-weight: bold;\">Security Services Catalog and User Ticketing.</span> Allows security teams to manage and respond to user-generated security incidents. Handles incidents raised by users over the telephone, email or the security catalog. Integrates with threat intelligence portal. Requests automation among IT, end users and security teams<br /><br /><span style=\"font-weight: bold;\">Security Information and Event Management (SIEM) Integration.</span> Allows security teams to test, execute and audit security response plans. Handles network- and non-network-related incidents. Integrates with threat intelligence portal. Requests automation among IT, end users and security team. Predefines workflows for common security incidents<br /><br /><span style=\"font-weight: bold;\">Vulnerability Management.</span> Manages vulnerability investigations and aligns remediation activities. Integrates with the National Vulnerability Database. Includes third-party integration with market-leading vulnerability identification solutions. Seamlessly integrates with incident response tasks, change requests and problem management. Predefines workflows for common security vulnerability types</p>","shortDescription":"DXC Technology's platform helps enterprises implement effective cyber defense responses and visualize network health","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DXC Security Platform","keywords":"","description":"DXC Technology’s Security Platform helps organizations deliver an efficient security response, streamline remediation and clearly visualize security posture. It does so by extending the cloud-based IT service management capabilities of ServiceNow to security t","og:title":"DXC Security Platform","og:description":"DXC Technology’s Security Platform helps organizations deliver an efficient security response, streamline remediation and clearly visualize security posture. It does so by extending the cloud-based IT service management capabilities of ServiceNow to security t","og:image":"https://old.roi4cio.com/fileadmin/user_upload/DXC.png"},"eventUrl":"","translationId":4331,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li>&nbsp;&nbsp;&nbsp; Lower costs for IT operations</li><li>&nbsp;&nbsp;&nbsp; Higher returns on IT investments</li><li>&nbsp;&nbsp;&nbsp; Minimal service outages</li><li>&nbsp;&nbsp;&nbsp; Ability to establish well-defined, repeatable, and manageable IT processes</li><li>&nbsp;&nbsp;&nbsp; Efficient analysis of IT problems to reduce repeat incidents</li><li>&nbsp;&nbsp;&nbsp; Improved efficiency of IT help desk teams</li><li>&nbsp;&nbsp;&nbsp; Well-defined roles and responsibilities</li><li>&nbsp;&nbsp;&nbsp; Clear expectations on service levels and service availability</li><li>&nbsp;&nbsp;&nbsp; Risk-free implementation of IT changes</li><li>&nbsp;&nbsp;&nbsp; Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the &quot;needs&quot; primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":836,"title":"DRP - Digital Risk Protection","alias":"drp-digital-risk-protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"eplus-managed-security-services":{"id":4336,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/ePlus_inc..png","logo":true,"scheme":false,"title":"ePlus Managed Security Services","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"eplus-managed-security-services","companyTitle":"ePlus Inc.","companyTypes":["supplier","vendor"],"companyId":6714,"companyAlias":"eplus-inc","description":"Organizations are facing increasing challenges in today’s rapidly changing IT environment. \r\nWith evolving technology and an environment abundant with cyber threats, new regulations and an ever-increasing talent shortage, building a strong security culture is imperative to the success of your organization.\r\nMaking security pervasive across your entire IT landscape positions you for growth and success.\r\nWith deep technology and engineering experience across the entire IT infrastructure, <span style=\"font-weight: bold;\">ePlus&nbsp; </span>strives to better protect our customers’ data and brand and enable positive business outcomes.\r\n<span style=\"font-weight: bold;\">ePlus</span> designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk, empowering digital transformation, and enabling innovation. \r\nExtend the reach of your security team with expertise and around-the-clock monitoring provided by <span style=\"font-weight: bold;\">ePlus</span>. Protect traditional and virtual IT infrastructures, cloud environments and mobile data.\r\nWith multiple 24x7x365 state-of-the-art Security Operations Centers (SOCs), <span style=\"font-weight: bold;\">ePlus </span>is able to monitor your entire security infrastructure—traditional and virtual environments as well as cloud and mobile data. They also work with a certified partner network of industry-leading managed security solution providers to deliver a suite of flexible service options, including:<br /><br />\r\n<ul><li>&nbsp;&nbsp;&nbsp; SOC as a Service</li><li>&nbsp;&nbsp;&nbsp; Security Log Monitoring and Management</li><li>&nbsp;&nbsp;&nbsp; Security Device and Vulnerability Management</li><li>&nbsp;&nbsp;&nbsp; Managed SIEM</li><li>&nbsp;&nbsp;&nbsp; Managed Detection and Response</li></ul>\r\n<br />With <span style=\"font-weight: bold;\">ePlus </span>on your side, you’ll be able to assess and protect your IT footprint, better meet regulatory compliance, benefit from a consistent and reliable service provided by highly-skilled and specialized staff, and leverage powerful automated response solutions. <br /><br />","shortDescription":"Mitigating Risk. Empowering digital transformation. Enabling innovation.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":7,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"ePlus Managed Security Services","keywords":"","description":"Organizations are facing increasing challenges in today’s rapidly changing IT environment. \r\nWith evolving technology and an environment abundant with cyber threats, new regulations and an ever-increasing talent shortage, building a strong security culture is ","og:title":"ePlus Managed Security Services","og:description":"Organizations are facing increasing challenges in today’s rapidly changing IT environment. \r\nWith evolving technology and an environment abundant with cyber threats, new regulations and an ever-increasing talent shortage, building a strong security culture is ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/ePlus_inc..png"},"eventUrl":"","translationId":4337,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li>&nbsp;&nbsp;&nbsp; Lower costs for IT operations</li><li>&nbsp;&nbsp;&nbsp; Higher returns on IT investments</li><li>&nbsp;&nbsp;&nbsp; Minimal service outages</li><li>&nbsp;&nbsp;&nbsp; Ability to establish well-defined, repeatable, and manageable IT processes</li><li>&nbsp;&nbsp;&nbsp; Efficient analysis of IT problems to reduce repeat incidents</li><li>&nbsp;&nbsp;&nbsp; Improved efficiency of IT help desk teams</li><li>&nbsp;&nbsp;&nbsp; Well-defined roles and responsibilities</li><li>&nbsp;&nbsp;&nbsp; Clear expectations on service levels and service availability</li><li>&nbsp;&nbsp;&nbsp; Risk-free implementation of IT changes</li><li>&nbsp;&nbsp;&nbsp; Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the &quot;needs&quot; primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"nri-securetechnologies-neosoc":{"id":3826,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/nri_secure_technologies.png","logo":true,"scheme":false,"title":"NRI SecureTechnologies NEOSOC","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"nri-securetechnologies-neosoc","companyTitle":"NRI SecureTechnologies","companyTypes":["supplier","vendor"],"companyId":5982,"companyAlias":"nri-securetechnologies","description":"<b>NeoSOC</b> is a cloud-based managed security solution that uses our SOC-as-a-Service delivery model to provide a flexible service ranging from security device monitoring and alerting to fully managed detection and response services based on the individual needs of each organization.\r\n\r\n<b>NeoSOC MANAGED SECURITY SERVICES PROVIDES COMPLETE VISIBILITY</b>\r\nToday, the challenge for many organizations is to find critical security incidents that are often lost in a sea of events. NeoSOC supports 400+ devices and applications as log sources to provide clear visibility into any security threats facing your organization. The NeoSOC VM log collector deploys in minutes and gets clients up and running quickly. \r\n<b><i><br /></i></b>\r\n<b>NeoSOC USES CUTTING-EDGE TECHNOLOGY TO ACCELERATE MANAGED DETECTION AND RESPONSE (MDR) </b>\r\nNeoSOC identifies important security events by utilizing an advanced cross-device and cross-customer correlation analysis enriched by multiple streams of threat intelligence. Our analysts use Security Incident and Event Management (SIEM) technology combined with our own proprietary machine learning in a constant refinement and improvement loop to sharpen the focus even more on any new potential threats. This process dramatically reduces the number of false positives that will require investigation and enables you to focus on what really matters. \r\n\r\n \r\n \r\n<b>NeoSOC GIVES YOU AROUND THE CLOCK MONITORING BY CYBERSECURITY EXPERTS </b>\r\nNeoSOC provides you with 24/7 security monitoring and alerting with actionable information on any identified potential threats. Our SOC teams have exceptional knowledge, highly specialized skills, in-depth experience, and high-level security certifications. Anytime, day or night, we are always here to help you. NeoSOC managed security services help break you out of the constant cycle of trying to hire, train, and retain cybersecurity talent and will allow your current staff to focus on higher-value contextual security work. \r\n<b><i><br /></i></b>\r\n<b>NeoSOC USES UNIQUE THREAT INTELLIGENCE AND CAN PROVIDE PROACTIVE THREAT REMEDIATION </b>\r\nStaying ahead of attackers requires superior intelligence. The NeoSOC platform continuously analyzes millions of events from worldwide observation points and threat intelligence feeds and integrates the results into our security monitoring and rules. Clients can choose to have our analyst alert them of critical events or NeoSOC rules can provide automated remediation utilizing our security orchestration and your existing security infrastructure.\r\n\r\n \r\n \r\n<b>NeoSOC PERFORMS ADVANCED PERSISTENT THREAT (APT) DETECTION THROUGH CUSTOM USE CASE MODELING </b>\r\nThe detection and response to Advanced Persistent Threats (APTs) is a challenge due to the unique and complex nature of each attack. NeoSOC identifies APTs by modeling assets, users, and business use cases in your organization. This modeling process allows us to develop advanced security monitoring rules for detecting any anomalous activities on your network.","shortDescription":"NeoSOC is a cloud-based managed security solution that uses SOC-as-a-Service model","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"NRI SecureTechnologies NEOSOC","keywords":"","description":"<b>NeoSOC</b> is a cloud-based managed security solution that uses our SOC-as-a-Service delivery model to provide a flexible service ranging from security device monitoring and alerting to fully managed detection and response services based on the individual n","og:title":"NRI SecureTechnologies NEOSOC","og:description":"<b>NeoSOC</b> is a cloud-based managed security solution that uses our SOC-as-a-Service delivery model to provide a flexible service ranging from security device monitoring and alerting to fully managed detection and response services based on the individual n","og:image":"https://old.roi4cio.com/fileadmin/user_upload/nri_secure_technologies.png"},"eventUrl":"","translationId":3825,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).&nbsp; The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"},{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the &quot;cyclical practice of identifying, classifying, prioritizing, remediating and mitigating&quot; software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":824,"title":"ATP - Advanced Threat Protection","alias":"atp-advanced-threat-protection","description":" Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.\r\nThe primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.\r\nAdvanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.\r\nEnterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.","materialsDescription":" <span style=\"font-weight: bold;\">How Advanced Threat Protection Works?</span>\r\nThere are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:\r\n<ul><li><span style=\"font-weight: bold;\">Real-time visibility</span> – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.</li><li><span style=\"font-weight: bold;\">Context</span> – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.</li><li><span style=\"font-weight: bold;\">Data awareness</span> – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.</li></ul>\r\nWhen a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:\r\n<ul><li>Halting attacks in progress or mitigating threats before they breach systems</li><li>Disrupting activity in progress or countering actions that have already occurred as a result of a breach</li><li>Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon-ATP.png"},{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"shieldvision":{"id":4318,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/DATASHIELD.png","logo":true,"scheme":false,"title":"SHIELDVision","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"shieldvision","companyTitle":"DATASHIELD","companyTypes":["supplier","vendor"],"companyId":6709,"companyAlias":"datashield","description":"At the very heart of this technology platform is company's proprietary software security tool called <span style=\"font-weight: bold; \">SHIELDVision</span>. \r\n<span style=\"font-weight: bold; \">SHIELDVision&nbsp; </span>leverages the most advanced human and technical resources allowing DATSHIELD's experts to provide deep forensic analysis garnered from numerous sources across the globe.\r\n<span style=\"font-weight: bold; \">SHIELDVision</span> is a security orchestration tool that provides a single unified platform for organizing, managing and collecting cyber-threat intelligence.&nbsp; \r\n<span style=\"font-weight: bold; \">SHIELDVision</span> combines intelligence gathering, rapid automated querying with real time alerts. It is a comprehensive monitoring tool that allows for historical queries to work in tandem with new threat intel.\r\nThis featured allows our analysts to “go back in time” and check for compromises that may have been missed by other technologies\r\nBy leveraging the most advanced human and technical resources, <span style=\"font-weight: bold; \">SHIELDVision</span> provides a centralized platform for organizing, managing and analyzing cyberthreats.&nbsp; \r\nThreat intelligence collection, deep forensic analysis by experts and proactive content development help keep your organization safe in real time.\r\n\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Main features:</span></p>\r\nRapid Automated Querying. Incident response automation tools that allow DATASHIELD analysts to quickly discover important characteristics of a dataset and find data-driven insights in the corresponding domain.\r\n<span style=\"font-weight: bold; \">Real Time Alerts.</span> Real-time threat analytics and alerting allowing you to defend your organization on the front lines against threats including phishing, malware, ransomware and botnets.\r\n<span style=\"font-weight: bold; \">Historical Querying.</span> Forensic investigation back in time working in concert with new-threat intelligence.\r\n<span style=\"font-weight: bold; \">Manual &amp; Automated Threat Identification.</span> Scanning capabilities via both automated technologies along with manual hunting by SOC analysts.\r\n<span style=\"font-weight: bold; \">Network Monitoring.</span> Comprehensive networking monitoring including visibility into routers, firewalls, severs, client systems and software.\r\n<span style=\"font-weight: bold; \"><span style=\"font-weight: bold; \">SHIELDVision</span> Orchestration.</span> ShieldVision Orchestration takes threat Intel from various solutions (Mimecast, Cofense, Open Source Threat Intel, &amp; SHIELDVision proprietary Intel) into our platform and uses that data to automatically generate scans of customers environments across different platforms for known malicious data.<br /><span style=\"font-weight: bold; \"><span style=\"font-weight: bold; \">SHIELDVision</span> Client Portal (Web &amp; Mobile).</span> The DATASHIELD Client Portal provides you with a transparent view into your Managed Detection &amp; Response Service.&nbsp; Posture, Performance &amp; Historical data is available for customer view. Integration with our ticketing platform allows customers to see open analyst cases, engineering tasks and content requests by priority. <br /><br />","shortDescription":"SHIELDVision is a single unified platform for organizing, managing, and collecting cyber-threat intelligence.\r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"SHIELDVision","keywords":"","description":"At the very heart of this technology platform is company's proprietary software security tool called <span style=\"font-weight: bold; \">SHIELDVision</span>. \r\n<span style=\"font-weight: bold; \">SHIELDVision&nbsp; </span>leverages the most advanced human and tech","og:title":"SHIELDVision","og:description":"At the very heart of this technology platform is company's proprietary software security tool called <span style=\"font-weight: bold; \">SHIELDVision</span>. \r\n<span style=\"font-weight: bold; \">SHIELDVision&nbsp; </span>leverages the most advanced human and tech","og:image":"https://old.roi4cio.com/fileadmin/user_upload/DATASHIELD.png"},"eventUrl":"","translationId":4319,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li>&nbsp;&nbsp;&nbsp; Lower costs for IT operations</li><li>&nbsp;&nbsp;&nbsp; Higher returns on IT investments</li><li>&nbsp;&nbsp;&nbsp; Minimal service outages</li><li>&nbsp;&nbsp;&nbsp; Ability to establish well-defined, repeatable, and manageable IT processes</li><li>&nbsp;&nbsp;&nbsp; Efficient analysis of IT problems to reduce repeat incidents</li><li>&nbsp;&nbsp;&nbsp; Improved efficiency of IT help desk teams</li><li>&nbsp;&nbsp;&nbsp; Well-defined roles and responsibilities</li><li>&nbsp;&nbsp;&nbsp; Clear expectations on service levels and service availability</li><li>&nbsp;&nbsp;&nbsp; Risk-free implementation of IT changes</li><li>&nbsp;&nbsp;&nbsp; Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the &quot;needs&quot; primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"stellar-cyber-starlight":{"id":4276,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/stellar_cyber.png","logo":true,"scheme":false,"title":"Stellar Cyber Starlight","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"stellar-cyber-starlight","companyTitle":"Stellar Cyber","companyTypes":["supplier","vendor"],"companyId":6648,"companyAlias":"stellar-cyber","description":"<p class=\"align-left\"><span style=\"font-weight: bold;\"></span><span style=\"font-weight: bold;\">Starlight</span> delivers the broadest security data collection engine – physical, virtual, container, cloud – to ensure you see the whole picture. Starlight’s data processing pipeline curates all security data to weed out unimportant events. </p>\r\nThe sensors and agents transform raw data into Interflow records and send it to a centralized data processor and data lake that deduplicates, correlates, enriches, indexes and stores the data that it receives. \r\nOnce this data is received, it then runs complex analytics on the dataset to identify high fidelity breach events. Starlight has 18 tightly-integrated security applications — the first security App Store — that share data on one platform and features built-in analytics that leverage machine learning to eliminate alert noise and improve the accuracy of detecting critical security events. \r\nWith this methodology, organizations can gain human work force efficiencies by augmenting security operations teams with big data analytics and artificial intelligence.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Starlight’s Capabilities</span></p>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Capture the right data.</span> Starlight eliminates blind spots through its unique set of data collectors that include agent sensors, network sensors, security sensors and deception sensors. These sensors can be deployed as software, hardware appliances or virtual appliances and can be collected from any environment. The sensors collect packets, files &amp; logs and transforms the data collected into a proprietary Interflow data set that is reduced and fused data.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Detect the real threats.</span> Once data has been collected, reduced and given context, Starlight runs advanced machine learning algorithms on the new and improved data set in order to detect higher fidelity security events. With this methodology of getting the data set right before applying detection techniques, Starlight solves the age-old problem of garbage in, garbage out. Security Analysts benefit with this approach by chasing down less false alarms.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pinpoint problems.</span> Starlight’s Interflow data is the foundation for security investigation and threat hunting. Because Interflow fuses contextual data into packet and log records, security analysts have a single record that can be looked at when trying to prove that a detection is accurate and actionable. When looking for evidence for security detections, analysts no longer have to mentally try and stitch together data from packets and logs make sense of things.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Respond automatically.</span> Starlight delivers a variety of response actions once security events have been detected. The system can generate email or slack alerts, send PDF reports, submit data to SOAR tools such as Demisto and Phantom Cyber and even manually or automatically instructing firewalls to take appropriate response actions such as blocking an IP address or redirecting a user to a captive portal for further authentication.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Business Benefits</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Automatically uncover cyberattacks </span>— expose and prioritize endpoint, network, user threats and compliance violations with actionable data.</li><li><span style=\"font-weight: bold;\">Satisfy business requirements</span> — extensible reporting with unlimited data and visualization possibilities.</li><li><span style=\"font-weight: bold;\">Stop alert fatigue and attrition</span> — validate security alerts in minutes, improving analyst productivity and morale by reducing the backlog.</li><li><span style=\"font-weight: bold;\">Reduce business impact and risk</span> through reduced mean time to identify (MTTI) and mean time to contain (MTTC) — combine precise attack detection with rapid alert triage to drastically cut dwell time without requiring years of experience.</li><li><span style=\"font-weight: bold;\">Increase ROI</span> from current investments — solve all your security needs through tightly-integrated applications while using existing infrastructure as sources and enforcement points.</li></ul>","shortDescription":"Stellar Cyber Starlight it's a SOC Command Center based on Open-XDR Platform\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Stellar Cyber Starlight","keywords":"","description":"<p class=\"align-left\"><span style=\"font-weight: bold;\"></span><span style=\"font-weight: bold;\">Starlight</span> delivers the broadest security data collection engine – physical, virtual, container, cloud – to ensure you see the whole picture. Starlight’s data ","og:title":"Stellar Cyber Starlight","og:description":"<p class=\"align-left\"><span style=\"font-weight: bold;\"></span><span style=\"font-weight: bold;\">Starlight</span> delivers the broadest security data collection engine – physical, virtual, container, cloud – to ensure you see the whole picture. Starlight’s data ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/stellar_cyber.png"},"eventUrl":"","translationId":4277,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"},{"id":457,"title":"DDoS Protection","alias":"ddos-protection","description":" A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks. ","materialsDescription":" <span style=\"font-weight: bold;\">What are the Different Types of DDoS Attacks?</span>\r\nDistributed Denial of Service attacks vary significantly, and there are thousands of different ways an attack can be carried out (attack vectors), but an attack vector will generally fall into one of three broad categories:\r\n<span style=\"font-weight: bold;\">Volumetric Attacks:</span>\r\nVolumetric attacks attempt to consume the bandwidth either within the target network/service or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.\r\n<span style=\"font-weight: bold;\">TCP State-Exhaustion Attacks:</span>\r\nTCP State-Exhaustion attacks attempt to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves. Even high capacity devices capable of maintaining state on millions of connections can be taken down by these attacks.\r\n<span style=\"font-weight: bold;\">Application Layer Attacks:</span>\r\nApplication Layer attacks target some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). Application layer attacks have come to prevalence over the past three or four years and simple application layer flood attacks (HTTP GET flood etc.) have been some of the most common denials of service attacks seen in the wild.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force &quot;catch it as you can&quot; and a more intelligent &quot;stop look listen&quot; method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as &quot;the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents&quot;.\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>&quot;Catch-it-as-you-can&quot; – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>&quot;Stop, look and listen&quot; – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"swascan":{"id":4665,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Swascan.png","logo":true,"scheme":false,"title":"Swascan Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"swascan","companyTitle":"Swascan Srl.","companyTypes":["supplier","vendor"],"companyId":7056,"companyAlias":"swascan-srl","description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The First Cyber Security Testing Platform</span></span></p>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">What is Swascan?</span></p>\r\n<p class=\"align-left\">The platform allows to Identify,analyze and solve Cyber Security vulnerabilities and critical issues discovered on business assets. The first cloud based suite that allows you to:</p>\r\n<ul><li>identify</li><li>analyze</li><li>solve</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Vulnerability Assessment </span></p>\r\n<p class=\"align-left\">The Web App Scan is the automated service that scans for Web Vulnerabilities, this service identifies security vulnerabilities and criticalities of websites and web applications. A Vulnerability analysis is necessary to quantify risk levels and to provide the corrective actions needed for the remediation activity.</p>\r\n<ul><li>Web Application Scan</li><li>OWASP</li><li>Security Testing</li><li>Reporting</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Network Scan</span></p>\r\n<p class=\"align-left\">Network Scan is the automated Network Vulnerability Scan service.This tool scans the infrastructure and the devices on it to identify security vulnerabilities and criticalities.The Vulnerability analysis is necessary to quantify risk levels and to provide the corrective actions needed for the remediation activity.</p>\r\n<ul><li>Network Scan</li><li>Security Testing</li><li>Compliance</li><li>Reporting</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Code Review </span></p>\r\n<p class=\"align-left\">Code Review is the automated tool for the static analysis of the source code. The Source Code analysis is aprocess that through the source code analysis of applications verifies the presence and effectiveness of minimum security standards.Code verification is useful to be sure that the target application has been developed in order to“auto-defend”itself in its own environment.</p>\r\n<ul><li>Security Code Review</li><li>Static Code Analysis</li><li>Compliance </li><li>Reporting</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">GDPR Assessment</span></p>\r\n<p class=\"align-left\">GDPR Assessment is the Online Tool that allows companies to verify and measure their GDPR(General Data Protection Regulation–EU 2016/679)Compliance level.Swascan’s GDPR assessment tool provides guidelines and suggest corrective actions to implement terms Organization,Policy,Staff,Technology and Control Systems.</p>\r\n<ul><li>GDPR Self Assessment</li><li>GDPR Gap Analysis</li><li>Compliance </li><li>Reporting</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">On Premise </span></p>\r\n<p class=\"align-left\">Swascan On premise is the Cyber Security Testing Platform which allows to identify,&nbsp; analyze and solve all the vulnerabilities related to Corporate IT Assets in terms of websites,&nbsp; web applications,&nbsp; network and source code. It is an All-in-One platform that includes Web Application Vulnerability Assessment,Network Vulnerability Scan and Source Code Analysis services.</p>\r\n<ul><li>On Premise </li><li>Cyber Security Testing</li><li>Ensures the Technologic Risk Assessment</li><li>Compliance </li></ul>\r\n<p class=\"align-left\"><br /><br /></p>","shortDescription":"The platform allows to Identify,analyze and solve Cyber Security vulnerabilities and critical issues discovered on business assets.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":7,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Swascan Platform","keywords":"","description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The First Cyber Security Testing Platform</span></span></p>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">What is Swascan?</span></p>\r\n<p class=\"align-left\">","og:title":"Swascan Platform","og:description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The First Cyber Security Testing Platform</span></span></p>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">What is Swascan?</span></p>\r\n<p class=\"align-left\">","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Swascan.png"},"eventUrl":"","translationId":4666,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as &quot;on-demand software&quot;, and was formerly referred to as &quot;software plus services&quot; by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term &quot;Software as a Service&quot; (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure.&nbsp; While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies.&nbsp; Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"},{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the &quot;cyclical practice of identifying, classifying, prioritizing, remediating and mitigating&quot; software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":206,"title":"Application Security Testing","alias":"application-security-testing","description":" Applications form the lifeline of any business today – and they are under attack more than ever before. Where previously we focused our attention on securing organizations’ network parameters, today the application level is where the focus is for attackers.\r\nAccording to Verizon’s 2014 Data Breach Investigations Report, web applications “remain the proverbial punching bag of the internet,” with about 80% of attacks in the application layer, as Gartner has stated.&nbsp; Taking proactive measures to protect your company and customer data is no longer an option: It is a business imperative for enterprises across all industries.\r\nIn 2013, the Ponemon Institute’s ‘Cost of a Data Breach Report’ found that security incidents in the U.S. averaged a total cost of $5.4 million. Preventing just one similar security incident would more than cover the cost of application security and prove your security programs value.\r\nApplication Security is built around the concept of ensuring that the code written for an application does what it was built to do, and keeps the contained data secure.\r\nAccording to Gartner, application security puts a primary focus on three elements:\r\n<ul><li>Reducing security vulnerabilities and risks</li><li>Improving security features and functions such as authentication, encryption or auditing</li><li>Integrating with the enterprise security infrastructure</li></ul>","materialsDescription":" Security testing techniques scour for vulnerabilities or security holes in applications. These vulnerabilities leave applications open to exploitation. Ideally, security testing is implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in a timely and thorough manner. Unfortunately, testing is often conducted as an afterthought at the end of the development cycle. With the growth of Continuous delivery and DevOps as popular software development and deployment models, continuous security models are becoming more popular.\r\nVulnerability scanners, and more specifically web application scanners, otherwise known as penetration testing tools (i.e. ethical hacking tools) have been historically used by security organizations within corporations and security consultants to automate the security testing of http request/responses; however, this is not a substitute for the need for actual source code review. Physical code reviews of an application's source code can be accomplished manually or in an automated fashion. Given the common size of individual programs (often 500,000 lines of code or more), the human brain cannot execute a comprehensive data flow analysis needed in order to completely check all circuitous paths of an application program to find vulnerability points. The human brain is suited more for filtering, interrupting and reporting the outputs of automated source code analysis tools available commercially versus trying to trace every possible path through a compiled code base to find the root cause level vulnerabilities.\r\nThere are many kinds of automated tools for identifying vulnerabilities in applications. Some require a great deal of security expertise to use and others are designed for fully automated use. The results are dependent on the types of information (source, binary, HTTP traffic, configuration, libraries, connections) provided to the tool, the quality of the analysis, and the scope of vulnerabilities covered. Common technologies used for identifying application vulnerabilities include:\r\n<span style=\"font-weight: bold;\">Static Application Security Testing (SAST)</span> is a technology that is frequently used as a Source Code Analysis tool. The method analyzes source code for security vulnerabilities prior to the launch of an application and is used to strengthen code. This method produces fewer false positives but for most implementations requires access to an application's source code and requires expert configuration and lots of processing power.\r\n<span style=\"font-weight: bold;\">Dynamic Application Security Testing (DAST)</span> is a technology, which is able to find visible vulnerabilities by feeding a URL into an automated scanner. This method is highly scalable, easily integrated and quick. DAST's drawbacks lie in the need for expert configuration and the high possibility of false positives and negatives.\r\n<span style=\"font-weight: bold;\">Interactive Application Security Testing (IAST)</span> is a solution that assesses applications from within using software instrumentation. This technique allows IAST to combine the strengths of both SAST and DAST methods as well as providing access to code, HTTP traffic, library information, backend connections and configuration information. Some IAST products require the application to be attacked, while others can be used during normal quality assurance testing.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Application_Security_Testing1.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force &quot;catch it as you can&quot; and a more intelligent &quot;stop look listen&quot; method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as &quot;the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents&quot;.\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>&quot;Catch-it-as-you-can&quot; – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>&quot;Stop, look and listen&quot; – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":791,"title":"Vulnerability Scanner","alias":"vulnerability-scanner","description":" A <span style=\"font-weight: bold;\">vulnerability scanner</span> is a computer program designed to assess computers, network vulnerability or applications for known weaknesses. In plain words, these scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. They&nbsp; are typically available as SaaS (Software as a service); provided over the internet and delivered as a web application. \r\nMost vulnerability scanners will also attempt to log in to systems using default or other credentials in order to build a more detailed picture of the system. After building up an inventory, the vulnerability scanner checks each item in the inventory against one or more databases of known vulnerabilities to see if any items are subject to any of these vulnerabilities. The result of such scan is a systems vulnerability analysis, highlighting any that have known vulnerabilities that may need threat and vulnerability management.\r\n<span style=\"font-weight: bold;\">How vulnerability scanning works</span>. Vulnerability scanning finds systems and software that have known security vulnerabilities, but this information is only useful to IT security teams when it is used as the first part of a four-part vulnerability management process. <span style=\"font-weight: bold;\">Vulnerability management process involves:</span>\r\n<ul><li>Identification of vulnerabilities</li><li>Evaluation of the risk posed by any vulnerabilities identified</li><li>Treatment of any identified vulnerabilities</li><li>Reporting on vulnerabilities and how they have been handled</li></ul>\r\n<br /><span style=\"font-weight: bold;\">Types of vulnerability scans. </span>Not all vulnerability scans are alike, and to ensure compliance with certain regulations (such as those set by the PCI Security Standards Council) it is necessary to carry out two distinct types of vulnerability scans: an internal and an external vulnerability scan. \r\n<span style=\"font-weight: bold;\">External vulnerability scan.</span> As the name suggests, an external vulnerability scan is carried out from outside an organization's network, and its principal purpose is to detect vulnerabilities in the perimeter defenses such as open ports in the network firewall or specialized web application firewall. An external vulnerability scan can help organizations fix security issues that could enable hackers to gain access to the organization's network.\r\n<span style=\"font-weight: bold;\">Internal vulnerability scan. </span>By contrast, an internal vulnerability scan is carried out from inside an organization's perimeter defenses. Its purpose is to detect vulnerabilities that could be exploited by hackers who successfully penetrate the perimeter defenses, or equally by &quot;insider threats&quot; such as contractors or disgruntled employees who have legitimate access to parts of the network.\r\n<span style=\"font-weight: bold;\">Unauthenticated and authenticated vulnerability scans.</span> A similar but not always identical variation of internal and external vulnerability scans is the concept of unauthenticated and authenticated vulnerability scans. Unauthenticated scans, like external scans, search for weaknesses in the network perimeter, while authenticated scans&nbsp; provide vulnerability scanners with various privileged credentials, allowing them to probe the inside of the network for weak passwords, configuration issues, and misconfigured databases or applications.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What is Vulnerability Assessment?</h1>\r\nVulnerability Assessment is also known as Vulnerability Testing, is a vulnerability scanning software performed to evaluate the security risks in the software system in order to reduce the probability of a threat. Vulnerability Analysis depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing (VAPT).\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of a vulnerability scanner:</span></p>\r\n<span style=\"font-weight: bold;\">Host Based. </span>Identifies the issues in the host or the system. The process is carried out by using host-based scanners and diagnose the vulnerabilities. The host-based tools will load a mediator software onto the target system; it will trace the event and report it to the security analyst.\r\n<span style=\"font-weight: bold;\">Network-Based.</span> It will detect the open port, and identify the unknown services running on these ports. Then it will disclose possible vulnerabilities associated with these services. This process is done by using Network-based Scanners.\r\n<span style=\"font-weight: bold;\">Database-Based.</span> It will identify the security exposure in the database systems using tools and techniques to prevent from SQL Injections. (SQL Injections: - Injecting SQL statements into the database by the malicious users, which can read the sensitive data's from a database and can update the data in the Database.)\r\n<h1 class=\"align-center\">How vulnerability scanners works?</h1>\r\nVulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.\r\nA security scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provide, possibly as a condition imposed by some authority.&nbsp; Vulnerability scans are also used by attackers looking for points of entry.\r\nA vulnerability scanner runs from the end point of the person inspecting the attack surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered.\r\nRunning a vulnerability scan can pose its own risks as it is inherently intrusive on the target machine’s running code. As a result, the scan can cause issues such as errors and reboots, reducing productivity.\r\n<h1 class=\"align-center\">How to choose the best vulnerability scanning tool?</h1>\r\nWhen researching vulnerability scanners, it's important to find out how they're rated for accuracy (the most important metric) as well as reliability, scalability and reporting. If accuracy is lacking, you'll end up running two different scanners, hoping that one picks up vulnerabilities that the other misses. This adds cost and effort to the scanning process. \r\n<span style=\"font-weight: bold;\">Software-Based Vulnerability Scanners.</span> These types of scanning products generally include configuration auditing, target profiling, penetration testing and detailed vulnerability analysis. They integrate with Windows products, such as Microsoft System Center, to provide intelligent patch management; some work with mobile device managers. They can scan not only physical network devices, servers and workstations, but extend to virtual machines, BYOD mobile devices and databases.\r\n<span style=\"font-weight: bold;\">Cloud-Based Vulnerability Scanners: </span>Continuous, On-Demand Monitoring. A newer type of vulnerability finder&nbsp; is delivered on-demand as Software as a Service (SaaS). Like software-based scanners, on-demand scanners incorporate links for downloading vendor patches and updates for identified vulnerabilities, reducing remediation effort. These services also include scanning thresholds to prevent overloading devices during the scanning process, which can cause devices to crash.\r\n<h1 class=\"align-center\">What is mobile application security scanner?</h1>\r\nMobile application security testing can help ensure there aren’t any loopholes in the software that may cause data loss. The sets of tests are meant to attack the app to identify possible threats and vulnerabilities that would allow external persons or systems to access private information stored on the mobile device. \r\nMobile application vulnerability scanner can help to ensure that applications are free from the flaws and weaknesses that hackers use to gain access to sensitive information. From backdoors, malicious code and other threats, these flaws may be present both in commercial and open source applications as well as software developed in-house.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Vulnerability_Scanner.png"},{"id":793,"title":"Web Application Vulnerability Scanner","alias":"web-application-vulnerability-scanner","description":" A <span style=\"font-weight: bold; \">web application vulnerability scanner,</span> also known as a <span style=\"font-weight: bold; \">web application security scanner,</span> is an automated security tool. It scans web applications for malware, vulnerabilities, and logical flaws. Web application scanner use black box tests, as these tests do not require access to the source code but instead launch external attacks to test for security vulnerabilities. These simulated attacks can detect path traversal, cross-site scripting(XSS), and command injection.\r\nWeb app scanners are categorized as <span style=\"font-weight: bold; \">Dynamic Application Security Testing (DAST) tools.</span> DAST tools provide insight into how your web applications behave while they are in production, enabling your business to address potential vulnerabilities before a hacker uses them to stage an attack. As your web applications evolve, DAST solutions continue to scan them so that your business can promptly identify and remediate emerging issues before they develop into serious risks.\r\nWeb app vulnerability scanner first crawls the entire website, analyzing in-depth each file it finds, and displaying the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities by launching a series of Web attacks. Web application scanners check for vulnerabilities on the Web server, proxy server, Web application server and even on other Web services. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.\r\nA web application vulnerability assessment is very different than a general vulnerability assessment where security focus on networks and hosts. App vulnerability scanner scans ports, connect to services, and use other techniques to gather information revealing the patch levels, configurations, and potential exposures of our infrastructure.\r\nAutomated web application scanning tools help the user making sure the whole website is properly crawled, and that no input or parameter is left unchecked.&nbsp; Automated web vulnerability scanners also help in finding a high percentage of the technical vulnerabilities, and give you a very good overview of the website’s structure, and security status.&nbsp; \r\nThe best way to identify web application security threats is to perform web application vulnerability assessment. The importance of these threats could leave your organization exposed if they are not properly identified and mitigated. Therefore, implementing a web app security scanner solution should be of paramount importance for your organizations security plans in the future. \r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Why Web Application Vulnerability Scanning is important?</h1>\r\nWeb applications are the technological base of modern companies. That’s why more and more businesses are betting on the development of this type of digital platforms. They stand out because they allow to automate processes, simplify tasks, be more efficient and offer a better service to the customer.<br /><br />The objective of web applications is that the user completes a task, be it buying, making a bank transaction, accessing e-mail, editing photos, texts, among many other things. In fact, they are very useful for an endless number of services, hence their popularity. Their disadvantages are few, but there is one that requires special attention: vulnerabilities.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Main web application security risks</span></p>\r\nA web vulnerability scanner tools will help you keep your services protected. However, it is important to be aware of the major security risks that exist so that both developers and security professionals are always alert and can find the most appropriate solutions in a timely manner.\r\n<ul><li><span style=\"font-weight: bold; \">Injection</span></li></ul>\r\nThis is a vulnerability that affects the application databases. They occur when unreliable data is sent to an interpreter by means of a command or query. The attacker may inject malicious code to disrupt the normal operation of the application by making it access the data without authorization or execute involuntary commands.\r\n<ul><li><span style=\"font-weight: bold; \">Authentication failures</span></li></ul>\r\nIf a vulnerability scan in web applications finds a failure, it may be due to loss of authentication. This is a critical vulnerability, as it allows the attacker to impersonate another user. This can compromise important data such as usernames, passwords, session tokens, and more.\r\n<ul><li><span style=\"font-weight: bold; \">Sensitive data exposure</span></li></ul>\r\nA serious risk is the exposure of sensitive data especially financial information such as credit cards or account numbers, personal data such as place of residence, or health-related information. If an attacker scans for this type of vulnerability, he or she may modify or steal this data and use it fraudulently. Therefore, it is essential to use a web app scanning tools to find vulnerabilities in web applications.<br /><br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_Application_Vulnerability_Scanner.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"verve-security-center":{"id":4407,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Verve_Industrial_Protection.png","logo":true,"scheme":false,"title":"Verve Security Center","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"verve-security-center","companyTitle":"Verve Industrial Protection","companyTypes":["supplier","vendor"],"companyId":6827,"companyAlias":"verve-industrial-protection","description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Proven, Comprehensive, Efficient Solutions</span></span></p>\r\n<span style=\"font-weight: bold;\">PROVEN</span>\r\n<ul><li>Proven Team: 25 years of ICS expertise</li><li>Proven OT Cyber Security Platform: Deployed across all major control system OEMs</li><li>Proven Delivery: Hundreds of succesful customer deployments across DCS and SCADA environments</li></ul>\r\n<span style=\"font-weight: bold;\">COMPREHENSIVE</span>\r\n<ul><li>Comprehensive Solution: Integrated Software &amp; Services with no need for handoffs</li><li>Comprehensive Coverage: Vendor-agnostic solutions for all controls equipment (HMIs, Networking, PLCs, IEDs, etc.)</li><li>Comprehensive Cyber Security: Complete coverage for NIST CSF, NERC CIP, CIS CSC20, IEC 62443</li></ul>\r\n<span style=\"font-weight: bold;\">EFFICIENT</span>\r\n<ul><li>Efficient design: Low cost solutions from experienced ICS architects</li><li>Efficient cyber security software platform: No need for hardware or expensive taps or span-port infrastructure</li><li>Efficient maintenance: Integrated platform for monitoring and reporting</li></ul>\r\n<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">One Integrated Solution</span></span></p>\r\n<p class=\"align-left\">The Verve Security Center is the only vendor-agnostic end point protection, detection &amp; response solution designed for OT/ICS</p>\r\n<ul><li>Asset Inventory: 100% visibility and aggregation of OT end point data on all OT devices</li><li>OT-safe automated vulnerability assessment</li><li>Secure Configuration analysis and management</li><li>Log event management</li><li> Anomaly detection</li><li>Not only detect, but remediate with integrated actionability</li><li>Cross-vendor patch management</li><li>Integrated compliance reporting for all major standards: NIST CSF, CIS CSC20, NERC CIP, IEC 62443, etc.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">VIP SERVICES</span></p>\r\n<p class=\"align-left\">Verve Industrial Protection (VIP) Services is built on 25 years’ experience in industrial controls engineering.</p>\r\n<ul><li>Vendor-agnostic control system automation engineering</li><li>Secure data historian design &amp; maintenance</li><li>Network design and segmentation</li><li>Software-enabled Vulnerability Assessments</li><li>“Re-commissioning” to harden end points with deep controls-system experts</li><li>OT cyber security process &amp; procedure development</li><li>Remote managed security &amp; reliability services</li><li>End-to-end patch services (discovery, evaluation, deployment)</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Automation Controls.</span> 25 year’s of experience in vendor-agnostic design and programming of DCS, SCADA, PLC and other industrial control systems</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">ICS Network Design &amp; Segmentation.</span> Expert assessment and design of ICS networks for security and reliability.<br />Data Historian Design &amp; Management. Expert design of control system data historian systems (OSI PI, AspenTech, Schneider, etc.) to ensure data availability even in highly segmented, segregated networks.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">ICS Vulnerability &amp; Security Assessments.</span> Comprehensive end point, network, and policy/procedure assessment, leveraging 25 years’ experience and the unique Verve Security Center functionality.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Ongoing Patch &amp; Vulnerability Management.</span> Managed patch and vulnerability service providing detection &amp; evaluation, as well as deployment support of ICS patches.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Remote Monitoring for Security, Compliance and Reliability.</span> Integrated security &amp; reliability managed services to provide scale and expertise across distributed controls networks.<br /><br /><br /><br /></p>","shortDescription":"The ability to see the full range of vulnerabilities from missing patches to insecure configurations on end points, to inappropriate network design and firewall rules in a single platform.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":16,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Verve Security Center","keywords":"","description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Proven, Comprehensive, Efficient Solutions</span></span></p>\r\n<span style=\"font-weight: bold;\">PROVEN</span>\r\n<ul><li>Proven Team: 25 years of ICS expertise</li><li>Prov","og:title":"Verve Security Center","og:description":"<p class=\"align-center\"><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Proven, Comprehensive, Efficient Solutions</span></span></p>\r\n<span style=\"font-weight: bold;\">PROVEN</span>\r\n<ul><li>Proven Team: 25 years of ICS expertise</li><li>Prov","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Verve_Industrial_Protection.png"},"eventUrl":"","translationId":4408,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li>&nbsp;&nbsp;&nbsp; Lower costs for IT operations</li><li>&nbsp;&nbsp;&nbsp; Higher returns on IT investments</li><li>&nbsp;&nbsp;&nbsp; Minimal service outages</li><li>&nbsp;&nbsp;&nbsp; Ability to establish well-defined, repeatable, and manageable IT processes</li><li>&nbsp;&nbsp;&nbsp; Efficient analysis of IT problems to reduce repeat incidents</li><li>&nbsp;&nbsp;&nbsp; Improved efficiency of IT help desk teams</li><li>&nbsp;&nbsp;&nbsp; Well-defined roles and responsibilities</li><li>&nbsp;&nbsp;&nbsp; Clear expectations on service levels and service availability</li><li>&nbsp;&nbsp;&nbsp; Risk-free implementation of IT changes</li><li>&nbsp;&nbsp;&nbsp; Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the &quot;needs&quot; primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).&nbsp; The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":77,"title":"SOC - Situation Centre","alias":"soc-situation-centre","description":"One of the most pressing tasks facing government bodies and commercial structures is to increase the efficiency of management activities. A modern tool for solving this problem is situational centers, which are complex hardware and software systems for collecting, analyzing and displaying information in a form convenient for making critical decisions.\r\nSituational centers are created for the heads of federal, regional and municipal government bodies, ministries and departments, and large companies. Their main task is to provide information and analytical support for procedures and processes that allow managers to make effective decisions on the current management of headed structures, formulating their development strategies, as well as preventing or eliminating crisis and emergency situations. The structure and composition of the situational site are determined by the specifics of the tasks being solved. As a rule, this is a complex technical complex that includes many subsystems.\r\nThere are many types of command centers. They include: data center management, business application management, civil management, emergency (crisis) management.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Security Operations Center (SOC)?</span>\r\nA SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.\r\n<span style=\"font-weight: bold;\">How does a security operations center work?</span>\r\nUntil the recent rise of cloud computing, standard security practice was for a company to choose a traditional software as a product (SaaP) malware scanning solution either via download or, in ancient days, a CD-Rom that arrived via mail. They’d add to that a firewall installed at the edge of the network, and trust that those measures would keep their data and systems safe. Today’s reality is a far different environment, with threats being cast all across the net as hackers invent new ways to launch profitable and sophisticated attacks like ransomware.\r\nA SOC is an example of the software as a service (SaaS) software model in that it operates in the cloud as a subscription service. In this context, it provides a layer of rented expertise to a company’s cybersecurity strategy that operates 24/7 so that networks and endpoints are constantly being monitored. If a vulnerability is found or an incident is discovered, the SOC will engage with the on-site IT team to respond to the issue and investigate the root cause.\r\nIndividual SOC cybersecurity providers offer different suites of products and services. However, there is a core set of operational functions that a SOC must perform in order to add value to an organization.\r\n<ol><li><span style=\"font-weight: bold;\">Asset Survey:</span> In order for a SOC to help a company stay secure, they must have a complete understanding of what resources they need to protect. Otherwise, they may not be able to protect the full scope of the network. An asset survey should identify every server, router, firewall under enterprise control, as well as any other cybersecurity tools actively in use.</li><li><span style=\"font-weight: bold;\">Log Collection:</span> Data is the most important thing for a SOC to function properly and logs serve as the key source of information regarding network activity. The SOC should set up direct feeds from enterprise systems so that data is collected in real-time. Obviously, humans cannot digest such large amounts of information, which is why log scanning tools powered by artificial intelligence algorithms are so valuable for SOCs, though they do pose some interesting side effects that humanity is still trying to iron out.</li><li><span style=\"font-weight: bold;\">Preventative Maintenance:</span> In the best-case scenario, the SOC is able to prevent cyberattacks from occurring by being proactive with their processes. This includes installing security patches and adjusting firewall policies on a regular basis. Since some cyberattacks actually begin as insider threats, a SOC must also look within the organization for risks also.</li><li><span style=\"font-weight: bold;\">Continuous Monitoring:</span> In order to be ready to respond to a cybersecurity incident, the SOC must be vigilant in its monitoring practices. A few minutes can be the difference between blocking an attack and letting it take down an entire system or website. SOC tools run scans across the company’s network to identify potential threats and other suspicious activity.</li><li><span style=\"font-weight: bold;\">Alert Management:</span> Automated systems are great at finding patterns and following scripts. But the human element of a SOC proves it's worth it when it comes to analyzing automated alerts and ranking them based on their severity and priority. SOC staff must know what responses to take and how to verify that an alert is legitimate.</li><li><span style=\"font-weight: bold;\">Root Cause Analysis:</span> After an incident occurs and is resolved, the job of the SOC is just beginning. Cybersecurity experts will analyze the root cause of the problem and diagnose why it occurred in the first place. This feeds into a process of continuous improvement, with security tools and rules being modified to prevent future occurrences of the same incident.</li><li><span style=\"font-weight: bold;\">Compliance Audits:</span> Companies want to know that their data and systems are safe but also that they are being managed in a lawful manner. SOC providers must perform regular audits to confirm their compliance in the regions where they operate. What is a SOC report and what is a SOC audit? Anything that pulls data or records from cybersecurity functions of an organization. What is SOC 2? It’s a special auditing procedure related to information security and privacy.</li></ol>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SOC_-_Situation_Centre.png"},{"id":204,"title":"Managed Detection and Response","alias":"managed-detection-and-response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force &quot;catch it as you can&quot; and a more intelligent &quot;stop look listen&quot; method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as &quot;the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents&quot;.\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>&quot;Catch-it-as-you-can&quot; – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>&quot;Stop, look and listen&quot; – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":834,"title":"IoT - Internet of Things Security","alias":"iot-internet-of-things-security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each &quot;thing&quot; is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}},"aliases":{"1":["cyops-platform","cyrebro","defensestorm-grid","dxc-security-platform","eplus-managed-security-services","nri-securetechnologies-neosoc","shieldvision","stellar-cyber-starlight","swascan","verve-security-center"]},"links":{"first":"http://apis.roi4cio.com/api/products?page=1","last":"http://apis.roi4cio.com/api/products?page=1","prev":null,"next":null},"meta":{"current_page":1,"from":1,"last_page":1,"path":"http://apis.roi4cio.com/api/products","per_page":20,"to":10,"total":10},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}