{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"products":{"reference-bonus":{"ru":"Предложить бонус за референс","_type":"localeString","en":"Offer a reference bonus"},"configurator":{"ru":"Конфигуратор","_type":"localeString","en":"Configurator"},"i-sell-it":{"ru":"I sell it","_type":"localeString","en":"I sell it"},"i-use-it":{"ru":"I use it","_type":"localeString","en":"I use it"},"roi-calculator":{"ru":"ROI-калькулятор","_type":"localeString","en":"ROI-calculator"},"selling":{"en":"Selling","ru":"Продают","_type":"localeString"},"using":{"ru":"Используют","_type":"localeString","en":"Using"},"sort-title-asc":{"ru":"От А до Я","_type":"localeString","en":"From A to Z"},"supplier-popover":{"_type":"localeString","en":"supplier","ru":"поставщик"},"implementation-popover":{"ru":"внедрение","_type":"localeString","en":"deployment"},"vendor-popover":{"_type":"localeString","en":"vendor","ru":"производитель"},"sort-title-desc":{"ru":"от Я до А","_type":"localeString","en":"From Z to A"},"sort-rating-asc":{"ru":"По возрастанию рейтинга","_type":"localeString","en":"Rating ascending"},"sort-rating-desc":{"ru":"По убыванию рейтинга","_type":"localeString","en":"Rating descending"},"sort-discount-asc":{"ru":"По возрастанию скидки","_type":"localeString","en":"Rebate ascending"},"sort-discount-desc":{"_type":"localeString","en":"Rebate descending","ru":"По убыванию скидки"},"i-use-it-popover":{"ru":"Внесите свое внедрение и получите бонус от ROI4CIO или поставщика.","_type":"localeString","en":"Make your introduction and get a bonus from ROI4CIO or the supplier."},"details":{"_type":"localeString","en":"Details","ru":"Детальнее"},"rebate-for-poc":{"ru":"Бонус 4 POC","_type":"localeString","en":"Bonus 4 POC"},"rebate":{"en":"Bonus","ru":"Бонус","_type":"localeString"},"vendor-verified":{"ru":"Поставщик потверждён","_type":"localeString","en":"Vendor verified"},"program-sends-data":{"_type":"localeString","en":"Program sends data"},"learn-more-btn":{"_type":"localeString","en":"Learn more","ru":"Узнать больше"},"categories-popover":{"ru":"категории","_type":"localeString","en":"categories"},"sort-popular-asc":{"ru":"По возростанию популярности","_type":"localeString","en":"Popular ascending"},"sort-popular-desc":{"ru":"По убыванию популярности","_type":"localeString","en":"Popular descending"},"no-results":{"ru":"По вашему запросу ничего не найдено, попробуйте изменить запрос.","_type":"localeString","en":"No results found. We didn't find any results with the filter you selected."},"login":{"_type":"localeString","en":"Login","de":"Einloggen","ru":"Войти"},"register":{"de":"Registrieren","ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"auth-message":{"ru":"Вам нужно зарегистрироваться или войти.","_type":"localeString","en":"You need to register or login.","de":"Sie müssen sich registrieren oder anmelden"},"add-to-comparison":{"en":"Add to comparison","ru":"Добавить в сравнение","_type":"localeString"},"added-to-comparison":{"ru":"Добавлено в сравнения","_type":"localeString","en":"Added to comparison"},"items-found":{"ru":"Продуктов найдено","_type":"localeString","en":"Products found"},"sort-sales-desc":{"_type":"localeString","en":"By sale","ru":"По продаже"},"sort-purchases-desc":{"_type":"localeString","en":"By purchase","ru":"По покупке"},"product-supplier":{"ru":"Поставщик продукта","_type":"localeString","en":"Product supplier"},"product-vendor":{"ru":"Производитель продукта","_type":"localeString","en":"Product producer"},"products-fetching-error":{"ru":"Произошла ошибка. Перезагрузите пожалуйста страницу.","_type":"localeString","en":"An error has occurred. Please reload the page."}},"header":{"help":{"ru":"Помощь","_type":"localeString","en":"Help","de":"Hilfe"},"how":{"en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString"},"login":{"ru":"Вход","_type":"localeString","en":"Log in","de":"Einloggen"},"logout":{"en":"Sign out","ru":"Выйти","_type":"localeString"},"faq":{"ru":"FAQ","_type":"localeString","en":"FAQ","de":"FAQ"},"references":{"de":"References","ru":"Мои запросы","_type":"localeString","en":"Requests"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find-it-product":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"_type":"localeString","en":"ROI calculators","ru":"ROI калькуляторы"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"_type":"localeString","en":"Blog","ru":"Блог"},"agreements":{"_type":"localeString","en":"Deals","ru":"Сделки"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"en":"Products","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"en":"Learn implementation reviews","_type":"localeString"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"en":"Explore IT products by category","_type":"localeString"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"_type":"localeString","en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены"},"company":{"en":"My Company","de":"Über die Firma","ru":"О компании","_type":"localeString"},"about":{"en":"About us","de":"Über uns","ru":"О нас","_type":"localeString"},"infocenter":{"_type":"localeString","en":"Infocenter","de":"Infocenter","ru":"Инфоцентр"},"tariffs":{"_type":"localeString","en":"Subscriptions","de":"Tarife","ru":"Тарифы"},"contact":{"_type":"localeString","en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами"},"marketplace":{"en":"Marketplace","de":"Marketplace","ru":"Marketplace","_type":"localeString"},"products":{"en":"Products","de":"Produkte","ru":"Продукты","_type":"localeString"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost","de":"Kosten berechnen"},"get_bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt"},"salestools":{"de":"Salestools","ru":"Salestools","_type":"localeString","en":"Salestools"},"automatization":{"en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString"},"roi_calcs":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators","de":"ROI-Rechner"},"matrix":{"en":"Comparison matrix","de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString"},"b4r":{"en":"Rebate 4 Reference","de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString"},"our_social":{"ru":"Наши социальные сети","_type":"localeString","en":"Our social networks","de":"Unsere sozialen Netzwerke"},"subscribe":{"_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"_type":"localeString","en":"Privacy Policy","ru":"Политика конфиденциальности"},"user_agreement":{"en":"Agreement","ru":"Пользовательское соглашение ","_type":"localeString"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"_type":"localeString","en":"blog","ru":"блог"},"pay4content":{"_type":"localeString","en":"we pay for content","ru":"платим за контент"},"categories":{"ru":"категории","_type":"localeString","en":"categories"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"_type":"localeString","en":"This field is required","ru":"Это поле обязательное"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"en":"username@gmail.com","ru":"username@gmail.com","_type":"localeString"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"en":"You are successfully subscribed! Check you mailbox.","ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString"},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."},"roi4presenter":{"de":"roi4presenter","ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"en":"Leave comment","ru":"Оставить комментарий","_type":"localeString"},"firstname":{"_type":"localeString","en":"First name","ru":"Имя"},"lastname":{"_type":"localeString","en":"Last name","ru":"Фамилия"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"en":"I agree","ru":"Я согласен","_type":"localeString"},"terms-of-use":{"en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString"},"send":{"en":"Send","ru":"Отправить","_type":"localeString"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"en":"Site under maintenance","ru":"На сайте проводятся технические работы","_type":"localeString"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}},"filters":{"from":{"_type":"localeString","en":"from","ru":"от"},"to":{"ru":"до","_type":"localeString","en":"to"},"filter-price-title":{"_type":"localeString","en":"Filter by price","ru":"Фильтр по цене"},"view-type-label":{"en":"View","ru":"Вид","_type":"localeString"},"sort-type-label":{"ru":"Сортировка","_type":"localeString","en":"Sorting"},"category":{"ru":"Категория","_type":"localeString","en":"Category"},"follow":{"ru":"Следить","_type":"localeString","en":"Follow"},"add-product":{"en":"Add Product","ru":"Добавить продукт","_type":"localeString"},"show-all":{"en":"Show all","ru":"Показать все","_type":"localeString"},"filter-toggle":{"ru":"Фильтр","_type":"localeString","en":"Filter"},"clear-button":{"ru":"Очистить","_type":"localeString","en":"Сlear"},"delivery-type-field":{"ru":"Тип поставки","_type":"localeString","en":"Delivery type"},"product-categories-field":{"_type":"localeString","en":"product categories","ru":"категориz продуктаhjle"},"providers-field":{"ru":"Поставщик, производитель","_type":"localeString","en":"Providers"},"business-tasks-field":{"en":"Business tasks","ru":"Бизнес задачи","_type":"localeString"},"problems-field":{"ru":"Проблемы","_type":"localeString","en":"Problems"},"with-discounts-checkbox":{"en":"With discounts","ru":"Со скидками","_type":"localeString"},"expert-price-checkbox":{"ru":"Конфигуратор","_type":"localeString","en":"Configurator"},"roi-calculator-checkbox":{"ru":"ROI-калькулятор","_type":"localeString","en":"ROI-calculator"},"apply-filter-button":{"_type":"localeString","en":"Apply filter","ru":"Применить фильтр"},"sorting-toggle":{"ru":"Сортировка","_type":"localeString","en":"Sorting"},"show-all-button":{"ru":"Показать все","_type":"localeString","en":"Show all"},"suggest-product-button":{"ru":"Предложить продукт","_type":"localeString","en":"Suggest product"},"with-projects-label":{"ru":"С внедрениями","_type":"localeString","en":"With deployments"},"bonus-4-reference":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus 4 Reference"},"product-categories":{"_type":"localeString","en":"Product Categories","ru":"Категории продуктов"},"countries":{"en":"Countries","ru":"Страны","_type":"localeString"},"seller":{"_type":"localeString","en":"Seller","ru":"Продавец"},"vendors":{"ru":"Производители продуктов пользователя","_type":"localeString","en":"User products vendors"},"suppliers":{"en":"User suppliers","ru":"Поставщики пользователя","_type":"localeString"},"business-process":{"_type":"localeString","en":"Problems","ru":"Проблемы"},"business-objectives":{"en":"Business tasks","ru":"Бизнес задачи","_type":"localeString"},"branch":{"ru":"Отрасль","_type":"localeString","en":" Branch"},"users":{"en":"Users","ru":"Пользователи","_type":"localeString"},"status":{"ru":"Статус","_type":"localeString","en":"Status"},"info-source":{"en":"Info source","ru":"Информационный ресурс","_type":"localeString"},"with-reference-checkbox":{"_type":"localeString","en":"With reference","ru":"С референсами"},"show-deal-checkbox":{"ru":"Показывать сделки с noname","_type":"localeString","en":"Show deal with noname"},"roi-checkbox":{"ru":"ROI","_type":"localeString","en":"ROI"},"problems":{"_type":"localeString","en":"Problems","ru":"Проблемы"},"find":{"_type":"localeString","en":"Find","ru":"Выполнить поиск"},"deal-date":{"ru":"Дата","_type":"localeString","en":"Date"},"try-button":{"ru":"Попробовать AI (Beta)","_type":"localeString","en":"Try AI (Beta)"},"hide":{"en":"Hide","ru":"Скрыть","_type":"localeString"},"company-size":{"ru":"Размер компании","_type":"localeString","en":"Company size"},"add-company":{"ru":"Добавить компанию","_type":"localeString","en":"Add company"},"add-implementation":{"ru":"Добавить внедрение","_type":"localeString","en":"Add deployment"},"sort-title-asc":{"ru":"От А до Я","_type":"localeString","en":"From A to Z"},"sort-title-desc":{"en":"From Z to A","ru":"От Я до А","_type":"localeString"},"sellers-field":{"ru":"Поставщики, Производители","_type":"localeString","en":"Sellers"},"supply-types":{"ru":"Тип поставки","_type":"localeString","en":"Supply type"},"with-comments-checkbox":{"en":"With comments","ru":"С комментариями","_type":"localeString"},"supplier":{"ru":"Поставщик","_type":"localeString","en":"Supplier"},"vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"user":{"ru":"Пользователь","_type":"localeString","en":"User"},"company-type":{"ru":"Тип компании","_type":"localeString","en":"Company type"},"partners-field":{"ru":" Партнеры","_type":"localeString","en":"Partners"},"customers":{"_type":"localeString","en":"Customers","ru":"Покупатели"},"product-supplier":{"_type":"localeString","en":"Product supplier","ru":"Поставщик продукта"},"product-vendor":{"en":"Product vendor","ru":"Производитель продукта","_type":"localeString"},"implementation-date":{"ru":"Дата внедрения","_type":"localeString","en":"Deployment date"},"canceled":{"ru":"Отменено","_type":"localeString","en":"Canceled"},"deal-canceled":{"en":"Deal canceled","ru":"Сделка отменена","_type":"localeString"},"deal-closed":{"ru":"Сделка закрыта","_type":"localeString","en":"Deal closed"},"deal-in-progress":{"ru":"Сделка в процессе","_type":"localeString","en":"Deal in progress"},"deal-is-planned":{"ru":"Сделка планируется","_type":"localeString","en":"Deal is planned"},"finished":{"ru":"Завершено","_type":"localeString","en":"Finished"},"in-process":{"en":"In Process","ru":"Ведется","_type":"localeString"},"planned":{"ru":"Планируется","_type":"localeString","en":"Planned"},"proof-of-concept":{"en":"Proof of concept","ru":"Пилотный проект","_type":"localeString"},"stopped":{"ru":"Остановлено","_type":"localeString","en":"Stopped"},"competencies":{"en":"Competencies","ru":"Компетенции","_type":"localeString"}}},"translationsStatus":{"products":"success","filters":"success"},"sections":{"products-text-block":{"body":{"_type":"localeBlock","en":[{"style":"normal","_key":"8bebcfb34955","markDefs":[],"children":[{"_type":"span","marks":[],"text":"The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks and problems. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.","_key":"8bebcfb349550"}],"_type":"block"}],"ru":[{"children":[{"_type":"span","marks":[],"text":"Каталог продуктов ROI4CIO - это база данных программного обеспечения, оборудования и ИТ-услуг для бизнеса. С помощью фильтров, подбирайте ИТ-продукты по категории, поставщику или производителю, бизнес-задачам, проблемам, наличию ROI калькулятора или калькулятора цены. Находите подходящие решения для бизнеса, воспользовавшись нейросетевым поиском, основанным на результатах внедрения софта в других компаниях.","_key":"28241882db7a0"}],"_type":"block","style":"normal","_key":"28241882db7a","markDefs":[]}]},"label":"catalog-products-text-block"}},"sectionsStatus":{"products-text-block":"success"},"pageMetaData":{"products":{"translatable_meta":[{"translations":{"en":"Products","ru":"Продукты","_type":"localeString"},"name":"og:title"},{"name":"description","translations":{"en":"Description","ru":"Лучшие приложения и it услуги для бизнеса. Выбор по видам программного обеспечения, бизнес-задачам и проблемам. Расчет стоимости лицензионного ПО, ROI","_type":"localeString"}},{"name":"og:description","translations":{"_type":"localeString","en":"The best applications and it services for business. Choice by type of software, business tasks and problems. Calculation of the cost of licensed software, ROI","ru":"Лучшие приложения и it услуги для бизнеса. Выбор по видам программного обеспечения, бизнес-задачам и проблемам. Расчет стоимости лицензионного ПО, ROI"}},{"name":"keywords","translations":{"en":"keyword","ru":"каталог, программное обеспечение, софт, ит услуги","_type":"localeString"}},{"name":"title","translations":{"ru":"Продукты","_type":"localeString","en":"Products"}}],"title":{"ru":"ROI4CIO: Продукты","_type":"localeString","en":"ROI4CIO: Products"},"meta":[{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"},{"name":"og:type","content":"website"}]}},"pageMetaDataStatus":{"products":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{"defensepro":{"id":197,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/DefenseProx420.jpg","logo":true,"scheme":false,"title":"DefensePro","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"defensepro","companyTitle":"Radware","companyTypes":["vendor"],"companyId":2746,"companyAlias":"radware","description":"DefensePro provides world-class DDoS protection including distributed denial of service (DDoS) attack mitigation and SSL-based DDoS attacks to fully protect applications and networks against known and emerging network security threats such denial of service attacks, DDoS attacks, Internet pipe saturation, attacks on login pages, attacks behind CDNs, and SSL-based flood attacks with:\r\n\r\nDDoS Protection With Dedicated Hardware That Protects Without Impacting Legitimate Traffic\r\n\r\nDefensePro uses a dedicated hardware platform based on Radware's OnDemand Switch supporting network throughputs up to 160Gbps. It embeds two unique and dedicated hardware components: a DoS Mitigation Engine (DME) to prevent high volume denial of service attacks and DDoS attacks, flood attacks, without impacting legitimate traffic, and a StringMatch Engine (SME) to accelerate signature detection.\r\n\r\nCentralized Attack DDoS Prevention Management, Monitoring and Reporting\r\n\r\nAPSolute Vision is a DDoS prevention solution that offers a centralized attack management, monitoring and reporting solution across multiple DefensePro devices and locations. It provides the user real-time DDoS protection with identification, prioritization and response to policy breaches, cyber-attacks and insider threats.\r\n\r\nComplete Set of Security DDoS Attack Defense Mechanisms\r\n\r\nDDoS attack defense mechanisms include Intrusion Prevention System (IPS), Network Behavioral Analysis (NBA), anti-DDoS/Denial-of-Service (DoS) Protection, Reputation Engine and SSL Attack Protection. These DDoS attack defense mechanisms employ multiple detection &amp; mitigation modules including adaptive behavioral analysis and challenge response technologies in addition to signature detection.\r\n\r\nThe Accuracy of Inline, and the Scalability of Out of Path\r\n\r\nDefensePro DDoS protection and DDoS prevention devices can be deployed inline or out-of-path (OOP) in a scrubbing center to provide the highest mitigation accuracy within the shortest time.\r\n\r\nRead more about DefensePro's deployment models.\r\nBased on standard signature detection technology to prevent the known application vulnerabilities, DefensePro DDoS protection consists of patent protected behavioral based real-time signatures technology that detects and mitigates emerging network attacks in real time such as zero-minute attacks, DoS/DDoS attacks and application misuse attacks ― all without the need for human intervention and without blocking legitimate user traffic making it one of the top DDoS prevention solution.s\r\n\r\nDefensePro DDoS protection is a core part of Radware's next generation Attack Mitigation System (AMS) a set of patented technologies designed for the most advanced internet-borne cyber-attacks. AMS extends the &quot;network&quot; of attack detection and mitigation capabilities beyond the data center for:\r\n\r\nCloud- hosted business services and applications\r\n\r\nTools, servers and applications need protection within a virtualized environment\r\n\r\nMobile work force increasingly depend on remote access to internal business applications and SaaS\r\n\r\nAdvanced detection and mitigation techniques need to be ported to tomorrows open network fabrics\r\n","shortDescription":"DefensePro provides world-class DDoS protection including distributed denial of service (DDoS) attack mitigation and SSL-based DDoS attacks to fully protect applications and networks against known and emerging network security threats such denial of service attacks, DDoS attacks, Internet pipe saturation, attacks on login pages, attacks behind CDNs, and SSL-based flood attacks","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DefensePro","keywords":"DDoS, attacks, DefensePro, protection, detection, network, mitigation, attack","description":"DefensePro provides world-class DDoS protection including distributed denial of service (DDoS) attack mitigation and SSL-based DDoS attacks to fully protect applications and networks against known and emerging network security threats such denial of service at","og:title":"DefensePro","og:description":"DefensePro provides world-class DDoS protection including distributed denial of service (DDoS) attack mitigation and SSL-based DDoS attacks to fully protect applications and networks against known and emerging network security threats such denial of service at","og:image":"https://old.roi4cio.com/fileadmin/user_upload/DefenseProx420.jpg"},"eventUrl":"","translationId":198,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":562,"title":"DDoS Protection - Appliance","alias":"ddos-protection-appliance","description":"A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.\r\nIn a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.\r\nA DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.\r\nCriminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks.\r\nBuying a DDoS mitigation appliance can be highly confusing, especially if you have never done this before. While selecting a DDoS protection solution you must understand the right features and have proper background knowledge. In case of distributed denial of service attacks, the bandwidth or resources of any targeted network is flooded with a large amount of malicious traffic. As a result, the system becomes overloaded and crashes. The legitimate users of the network are denied the service. The mail servers, DNS servers and the servers which host high-profile websites are the main target of DDOS attacks. Customers who use services of any shared network are also affected by these attacks. Therefore, anti-DDOS appliances are now vital.","materialsDescription":"<span style=\"font-weight: bold;\">DDoS mitigation solution</span>\r\nThere are two types of DDoS mitigation appliances. These include software and hardware solutions. Identical functions may be claimed by both forms of DDoS protection.\r\n<ul><li>Firewalls are the most common protection appliance, which can deny protocols, IP addresses or ports. However, they are not enough strong to provide protection from the more complicated DDoS attacks.</li><li>Switches are also effective solutions for preventing DDoS attacks. Most of these switches possess rate limiting capability and ACL. Some switches provide packet inspection, traffic shaping, delayed binding and rate limiting. They can detect the fake traffic through balancing and rate filtering.</li><li>Like switches, routers also have rate limiting and ACL capability. Most routers are capable of moving under DoS attacks.</li><li>Intrusion prevention systems are another option for you when it comes to protection from DDoS attacks. This solution can be effective in several cases of DDoS attacks. It can identify DDoS attacks and stop them because they possess the granularity as well as processing power required for identifying the attacks. Then they work in an automated manner to resolve the situation.</li><li>There are also rate-based intrusion prevention mechanisms, which are capable of analyzing traffic granularity. This system can also monitor the pattern of traffic.</li></ul>\r\nYou must check the connectivity while selecting a DDoS mitigation appliance. Capacity is also an important aspect of a DDoS protection solutions. You must figure out the number of ports, IPs, protocols, hosts, URLs and user agents that can be monitored by the appliance. An effective DDoS mitigation solution must also be properly customizable. Your DDoS mitigation appliance should be such that it can be upgraded according to your requirements. These are some important factors that you need to consider while choosing a DDoS mitigation appliance for your system.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_DDoS_Protection_Appliance.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"radware-appwall-web-application-firewall-waf":{"id":1610,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Radware.jpg","logo":true,"scheme":false,"title":"Radware AppWall - Web Application Firewall (WAF)","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"radware-appwall-web-application-firewall-waf","companyTitle":"Radware","companyTypes":["vendor"],"companyId":2746,"companyAlias":"radware","description":"AppWall is an ICSA Labs certified and PCI compliant WAF that combines positive and negative security models to provide complete protection against web application attacks, web application attacks behind CDNs, API manipulations, advanced HTTP attacks (slowloris, dynamic floods), brute force attacks on login pages and more.\r\nA core and integrated part of Radware's Attack Mitigation Solution &ndash; a complete application and network security suite. AppWall is a web application firewall (WAF) that provides patent-protected technology to create and maintain security policies in real-time for widest security coverage with the lowest false positives and minimal operational effort. Radware&rsquo;s Web application security technology features a variety of deployment modes &ndash; as a stand-alone or integrated on an ADC, on-premise and in the cloud, inline or out-of-band.\r\nWhat Makes AppWall a Better Web Application Firewall (WAF)?\r\n<span style=\"font-weight: bold;\">Protection from Zero-Day Web Attacks</span>\r\nUsing both negative (signature based) and positive security models - AppWall is a web application firewall (WAF) that features not only the lowest false positives and minimal operational effort, but also robust protection against known and unknown (Zero-day) threats.\r\n<span style=\"font-weight: bold;\">Reduced TCO with Lowest False Positives</span>\r\nUnique Auto Policy Generation technology designed to secure a web application as automatically as possible with little or limited user interaction. AppWall is a web application firewall (WAF) that analyzes the protected Web application and derives the potential threats in it. It then generates individual, granular protection rules and sets a policy in blocking mode - thus eliminating the need for human intervention and saving on maintenance and labor resources.\r\n<span style=\"font-weight: bold;\">Continuous Security Delivery</span>\r\nFirst web application firewall (WAF) to provide a real-time security patching solution for Web applications in continuous application deployment environments via a tight integration with Dynamic Application Security Testing (DAST) solutions.\r\n<span style=\"font-weight: bold;\">Device Fingerprinting for Bot Protection</span>\r\nAppWall is an IP agnostic web-application security solution. It disregards IP source address context to protect from dynamic IP attacks. The power of the fingerprint is in the consolidated information extracted from dozens of browser attributes collected on the client side, facilitating accurate bot classification.\r\n<span style=\"font-weight: bold;\">Unique Out-of-Path Deployment with Full Mitigation</span>\r\nAppWall is the only web application firewall (WAF) that can be deployed out-of-path while still providing full mitigation. As part of Radware's integrated Attack Mitigation Solution, AppWall can communicate attack footprint and blocking policies to Radware&rsquo;s perimeter attack-mitigation device, DefensePro, so the attack is blocked at the perimeter and the rest of the network is protected.\r\n<span style=\"font-weight: bold;\">Full Coverage of OWASP Top-10 Out-of-the-box</span>\r\nIncluding injections, cross-site scripting (XSS), cross-site request forgery (CSRF), broken authentication and session management and security misconfiguration.\r\n<span style=\"font-weight: bold;\">Data Leak Prevention</span>\r\nIdentifying and blocking sensitive information transmission such as credit card numbers (CCN) and social security numbers (SSN).\r\n<span style=\"font-weight: bold;\">Integrated Application Security &amp; Application Delivery</span>\r\nAppWall is an integral part of Radware's Application Delivery Controller (ADC) solution suite, which allows customers to augment their web application security protection with local and global traffic redirection, application acceleration, bandwidth management, and other application-aware services, while benefitting from a single hardware platform.\r\n<span style=\"font-weight: bold;\">Easy Migration From Test Environments to Production</span>\r\nAn AppWall VA can be deployed with the application in the production environment or &ndash; if deployed in a lab &ndash; policy is easily migrated to the AppWall appliance in production. This approach simplifies the integration and shortens the deployment time of new applications and services in the virtualized and cloud data centers.\r\n<span style=\"font-weight: bold;\">ICSA Labs Certified WAF</span>\r\nRecognized for both the appliance and VM versions, ICSA Labs certifies AppWall for its depth and breadth of vulnerability protection, effectiveness, ease of implementation and low operation overhead.\r\n<span style=\"font-weight: bold;\">Comprehensive PCI Compliance Solution</span>\r\nAppWall enables organizations to fully comply with PCI DSS section 6.6 requirements and includes the most advanced security graphical reports to convey visibility into the application security and detected attacks.","shortDescription":"AppWall - Radware’s Web Application Firewall (WAF), ensures fast, reliable and secure delivery of mission-critical Web applications for corporate networks and in the cloud.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Radware AppWall - Web Application Firewall (WAF)","keywords":"","description":"AppWall is an ICSA Labs certified and PCI compliant WAF that combines positive and negative security models to provide complete protection against web application attacks, web application attacks behind CDNs, API manipulations, advanced HTTP attacks (slowloris","og:title":"Radware AppWall - Web Application Firewall (WAF)","og:description":"AppWall is an ICSA Labs certified and PCI compliant WAF that combines positive and negative security models to provide complete protection against web application attacks, web application attacks behind CDNs, API manipulations, advanced HTTP attacks (slowloris","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Radware.jpg"},"eventUrl":"","translationId":1611,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":19,"title":"WAF - Web Application Firewall"}],"testingArea":"","categories":[{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\">&nbsp;</p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"radware-cloud-waf-service":{"id":2180,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Radware.jpg","logo":true,"scheme":false,"title":"Radware Cloud WAF Service","vendorVerified":0,"rating":"1.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"radware-cloud-waf-service","companyTitle":"Radware","companyTypes":["vendor"],"companyId":2746,"companyAlias":"radware","description":"<p>Radware&rsquo;s Cloud WAF Service provides enterprise-grade, continuously adaptive web application security protection. Based on Radware&rsquo;s ICSA Labs certified, market-leading web application firewall, it provides full coverage of OWASP Top-10 threats and automatically adapts protections to evolving threats and protected assets. The service implements both negative and positive security models by utilizing its unique ability to automatically adapt to the continuously changing threat landscape and defendable on-line assets.</p>\r\n<p>Built with state-of-the-art machine learning technologies, Radware&rsquo;s Cloud WAF Service automatically detects application domains, analyzes potential vulnerabilities, and assigns optimal protection policies. The service continuously monitors and analyzes application usage patterns, and generates granular baselines for legitimate traffic. This allows rapid detection and mitigation of zero-day attacks, and the continuous fine-tuning of security policies due to changing application usage patterns. Radware&rsquo;s Device Fingerprinting technology allows the automatic IP-agnostic tracking of malicious sources trying to obscure themselves behind dynamic IP changes. Web assets are always kept protected, even while applications constantly change and threats rapidly evolve, assuring web security is future-proof.</p>\r\n<p>Activated through a simple DNS change, with no additional hardware or software installed, Radware&rsquo;s Cloud WAF Service is easily deployed to rapidly provide web security coverage in a short time-to-deploy. The service&rsquo;s portal provides unmatched ease-of-use and detailed visibility into real-time attack alerts and statistics to support future planning. Real-time attack alerts provide you the information about the attacks, assests at risk, and how Cloud WAF Service is responding. Radware&rsquo;s Emergency Response Team, a team of web security experts, provides additional support of attack mitigation, forensic analysis and future planning.</p>","shortDescription":"Radware Cloud WAF Service is a web application firewall that provides continuous adaptive web application security protection and full coverage of OWASP Top 10 threats.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Radware Cloud WAF Service","keywords":"","description":"<p>Radware&rsquo;s Cloud WAF Service provides enterprise-grade, continuously adaptive web application security protection. Based on Radware&rsquo;s ICSA Labs certified, market-leading web application firewall, it provides full coverage of OWASP Top-10 threats ","og:title":"Radware Cloud WAF Service","og:description":"<p>Radware&rsquo;s Cloud WAF Service provides enterprise-grade, continuously adaptive web application security protection. Based on Radware&rsquo;s ICSA Labs certified, market-leading web application firewall, it provides full coverage of OWASP Top-10 threats ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Radware.jpg"},"eventUrl":"","translationId":2181,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":19,"title":"WAF - Web Application Firewall"}],"testingArea":"","categories":[{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\">&nbsp;</p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},"radware-threat-intelligence-subscriptions":{"id":5600,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Radware.png","logo":true,"scheme":false,"title":"Radware Threat Intelligence Subscriptions","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"radware-threat-intelligence-subscriptions","companyTitle":"Radware","companyTypes":["vendor"],"companyId":2746,"companyAlias":"radware","description":"Radware’s Threat Intelligence Subscriptions complement application and network security with constant updates of possible risks and vulnerabilities. By crowdsourcing, correlating and validating real-life attack data from multiple sources, Radware’s Threat Intelligence Subscriptions immunize your Attack Mitigation System. It provides real-time intelligence for preemptive protection and enables multi-layered protection against known and unknown vectors and actors as well as ongoing and emergency filters. \r\n<p class=\"align-center\"><b>ERT Active Attackers Feed </b></p>\r\nRadware ERT Active Attackers Feed provides preemptive protection against DDoS attacks, scanners, anonymous proxies, IoT botnets and web application attacks by identifying and blocking known IP addresses that were recently involved in attacks in real time. It aggregates and correlates information from multiple sources making its data highly accurate. \r\n<ul> <li>Radware’s global threat detection and deception infrastructure </li> <li>Cloud security customer network </li> <li>ERT threat research group </li> <li>Leading security vendors as part of the Cyber Threat Alliance </li> </ul>\r\n<p class=\"align-center\"><b>What Makes Radware's Threat Intelligence Better? </b></p>\r\n<b>Real-Time Protection </b>\r\nRadware’s feed proactively blocks IP’s that were actively involved in DDoS attacks within the last 24 hours and constantly updates with possible risks and vulnerabilities \r\n<b>Minimum False-Positives </b>\r\nBy cross-validating data among multiple intelligence sources, Radware’s Active Attackers feed delivers maximum security and minimum false-positives \r\n<b>Emergency and Custom Updates </b>\r\nProtection against known DDoS attack tools and application exploits; immediate response to critical vulnerabilities and environment-specific customer features \r\n<b>Cyber Threat Alliance Member </b>\r\nRadware’s ERT Active Attackers Feed is enriched with threat intelligence collected by a variety of industry leading information security vendors \r\n<b>Extensive DDoS Protection Feed </b>\r\nDetect, monitor and block emerging attacks. Real time protection from scanners, floods, DDoS, DNS attacks, botnets, IoT botnets and web attacks ","shortDescription":"Threat Intelligence Subscriptions enhance Radware’s Attack Mitigation Solution and extend its automated, real-time behavioral threat analysis, enabling a preemptive protection\r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Radware Threat Intelligence Subscriptions","keywords":"","description":"Radware’s Threat Intelligence Subscriptions complement application and network security with constant updates of possible risks and vulnerabilities. By crowdsourcing, correlating and validating real-life attack data from multiple sources, Radware’s Threat Inte","og:title":"Radware Threat Intelligence Subscriptions","og:description":"Radware’s Threat Intelligence Subscriptions complement application and network security with constant updates of possible risks and vulnerabilities. By crowdsourcing, correlating and validating real-life attack data from multiple sources, Radware’s Threat Inte","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Radware.png"},"eventUrl":"","translationId":5599,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}},"aliases":{"1":["defensepro","radware-appwall-web-application-firewall-waf","radware-cloud-waf-service","radware-threat-intelligence-subscriptions"]},"links":{"first":"http://b4r_be/api/products?page=1","last":"http://b4r_be/api/products?page=1","prev":null,"next":null},"meta":{"current_page":1,"from":1,"last_page":1,"path":"http://b4r_be/api/products","per_page":20,"to":4,"total":4},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[2746],"values":{"2746":{"id":2746,"title":"Radware"}}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{"19":{"id":19,"title":"WAF - Web Application Firewall"}},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}