{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"_type":"localeString","en":"Vendor","ru":"Производитель"},"role-supplier":{"ru":"Поставщик","_type":"localeString","en":"Supplier"},"products-popover":{"ru":"Продукты","_type":"localeString","en":"Products","de":"die produkte"},"introduction-popover":{"ru":"внедрения","_type":"localeString","en":"introduction"},"partners-popover":{"ru":"партнеры","_type":"localeString","en":"partners"},"update-profile-button":{"ru":"Обновить профиль","_type":"localeString","en":"Update profile"},"read-more-button":{"ru":"Показать ещё","_type":"localeString","en":"Show more"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"user-implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"categories":{"ru":"Компетенции","_type":"localeString","en":"Categories"},"description":{"en":"Description","ru":"Описание","_type":"localeString"},"role-user":{"ru":"Пользователь","_type":"localeString","en":"User"},"partnership-vendors":{"_type":"localeString","en":"Partnership with vendors","ru":"Партнерство с производителями"},"partnership-suppliers":{"ru":"Партнерство с поставщиками","_type":"localeString","en":"Partnership with suppliers"},"reference-bonus":{"_type":"localeString","en":"Bonus 4 reference","ru":"Бонус за референс"},"partner-status":{"_type":"localeString","en":"Partner status","ru":"Статус партнёра"},"country":{"ru":"Страна","_type":"localeString","en":"Country"},"partner-types":{"en":"Partner types","ru":"Типы партнеров","_type":"localeString"},"branch-popover":{"en":"branch","ru":"область деятельности","_type":"localeString"},"employees-popover":{"ru":"количество сотрудников","_type":"localeString","en":"number of employees"},"partnership-programme":{"ru":"Партнерская программа","_type":"localeString","en":"Partnership program"},"partner-discounts":{"ru":"Партнерские скидки","_type":"localeString","en":"Partner discounts"},"registered-discounts":{"en":"Additional benefits for registering a deal","ru":"Дополнительные преимущества за регистрацию сделки","_type":"localeString"},"additional-advantages":{"_type":"localeString","en":"Additional Benefits","ru":"Дополнительные преимущества"},"additional-requirements":{"_type":"localeString","en":"Partner level requirements","ru":"Требования к уровню партнера"},"certifications":{"en":"Certification of technical specialists","ru":"Сертификация технических специалистов","_type":"localeString"},"sales-plan":{"ru":"Годовой план продаж","_type":"localeString","en":"Annual Sales Plan"},"partners-vendors":{"_type":"localeString","en":"Partners-vendors","ru":"Партнеры-производители"},"partners-suppliers":{"en":"Partners-suppliers","ru":"Партнеры-поставщики","_type":"localeString"},"all-countries":{"ru":"Все страны","_type":"localeString","en":"All countries"},"supplied-products":{"_type":"localeString","en":"Supplied products","ru":"Поставляемые продукты"},"vendored-products":{"ru":"Производимые продукты","_type":"localeString","en":"Produced products"},"vendor-implementations":{"ru":"Производимые внедрения","_type":"localeString","en":"Produced deployments"},"supplier-implementations":{"ru":"Поставляемые внедрения","_type":"localeString","en":"Supplied deployments"},"show-all":{"_type":"localeString","en":"Show all","ru":"Показать все"},"not-yet-converted":{"_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время."},"schedule-event":{"ru":"Pасписание событий","_type":"localeString","en":"Events schedule"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"register":{"ru":"Регистрация ","_type":"localeString","en":"Register"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"auth-message":{"ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString","en":"To view company events please log in or register on the sit."},"company-presentation":{"_type":"localeString","en":"Company presentation","ru":"Презентация компании"}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString","en":"How does it works"},"login":{"de":"Einloggen","ru":"Вход","_type":"localeString","en":"Log in"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"_type":"localeString","en":"FAQ","de":"FAQ","ru":"FAQ"},"references":{"de":"References","ru":"Мои запросы","_type":"localeString","en":"Requests"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"en":"Comparison Matrix","ru":"Матрица сравнения","_type":"localeString"},"roi-calculators":{"_type":"localeString","en":"ROI calculators","ru":"ROI калькуляторы"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"_type":"localeString","en":"Catalogs","ru":"Каталоги"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"en":"Blog","ru":"Блог","_type":"localeString"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"en":"My account","ru":"Мой кабинет","_type":"localeString"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"_type":"localeString","en":"Deletion","ru":"Удаление"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"en":"My profile","ru":"Мои данные","_type":"localeString"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"ru":"Все права защищены","_type":"localeString","en":"All rights reserved","de":"Alle rechte vorbehalten"},"company":{"de":"Über die Firma","ru":"О компании","_type":"localeString","en":"My Company"},"about":{"de":"Über uns","ru":"О нас","_type":"localeString","en":"About us"},"infocenter":{"ru":"Инфоцентр","_type":"localeString","en":"Infocenter","de":"Infocenter"},"tariffs":{"ru":"Тарифы","_type":"localeString","en":"Subscriptions","de":"Tarife"},"contact":{"en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString"},"marketplace":{"_type":"localeString","en":"Marketplace","de":"Marketplace","ru":"Marketplace"},"products":{"en":"Products","de":"Produkte","ru":"Продукты","_type":"localeString"},"compare":{"ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche"},"calculate":{"de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost"},"get_bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt"},"salestools":{"de":"Salestools","ru":"Salestools","_type":"localeString","en":"Salestools"},"automatization":{"_type":"localeString","en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов"},"roi_calcs":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators","de":"ROI-Rechner"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString"},"subscribe":{"_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку"},"subscribe_info":{"en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"ru":"блог","_type":"localeString","en":"blog"},"pay4content":{"en":"we pay for content","ru":"платим за контент","_type":"localeString"},"categories":{"ru":"категории","_type":"localeString","en":"categories"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString"},"subscribe__email-label":{"en":"Email","ru":"Email","_type":"localeString"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"en":"This field is required","ru":"Это поле обязательное","_type":"localeString"},"subscribe__notify-label":{"_type":"localeString","en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях"},"subscribe__agree-label":{"_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"_type":"localeString","en":"Please, enter the valid email","ru":"Пожалуйста, введите корректный адрес электронной почты"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString"},"roi4presenter":{"de":"roi4presenter","ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"en":"Position","ru":"Должность","_type":"localeString"},"actual-cost":{"en":"Actual cost","ru":"Фактическая стоимость","_type":"localeString"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"ru":"Комментарий","_type":"localeString","en":"Comment"},"your-rate":{"en":"Your rate","ru":"Ваша оценка","_type":"localeString"},"i-agree":{"_type":"localeString","en":"I agree","ru":"Я согласен"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"meta":[{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"},{"name":"og:type","content":"website"}],"translatable_meta":[{"name":"title","translations":{"ru":"Компания","_type":"localeString","en":"Company"}},{"name":"description","translations":{"_type":"localeString","en":"Company description","ru":"Описание компании"}},{"translations":{"en":"Company keywords","ru":"Ключевые слова для компании","_type":"localeString"},"name":"keywords"}],"title":{"ru":"ROI4CIO: Компания","_type":"localeString","en":"ROI4CIO: Company"}}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"ignyte-assurance-platform":{"id":9084,"title":"Ignyte Assurance Platform","logoURL":"https://old.roi4cio.com/uploads/roi/company/Ignyte-Logo.png","alias":"ignyte-assurance-platform","address":"3432 Myna Lane, Miamisburg, OH 45342 USA","roles":[{"id":2,"type":"supplier"},{"id":3,"type":"vendor"}],"description":"Ignyte Assurance Platform is a leader in collaborative security and GRC solutions for global corporations. For corporate risk and compliance officers who depend heavily on the protection of their resources, Ignyte is the ultimate translation engine for simplifying compliance across regulations, standards and guidelines. The Ignyte platform is used by leading corporations in diverse industries such as Healthcare, Defense and Technology. Ignyte is headquartered in Miamisburg, Ohio and can be reached at www.ignyteplatform.com.<br />Source: https://www.linkedin.com/company/ignyte-platform/about/ ","companyTypes":["supplier","vendor"],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{"52":{"id":52,"title":"SaaS - software as a service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png","alias":"saas-software-as-a-service"},"79":{"id":79,"title":"VM - Vulnerability management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png","alias":"vm-vulnerability-management"},"445":{"id":445,"title":"Penetration Testing","description":" A <span style=\"font-weight: bold; \">penetration test</span>, colloquially known as a pen test, <span style=\"font-weight: bold; \">pentest </span>or <span style=\"font-weight: bold; \">ethical hacking</span>, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.\r\nStandard penetration test is performed to identify both weaknesses (also referred to as <span style=\"font-weight: bold; \">vulnerabilities</span>), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed. \r\nThe main objective of system penetration testing is to identify security weaknesses. Vulnerability testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.\r\nTypically,<span style=\"font-size:11pt; font-family:Arial; font-style:normal; \">professional penetration testing</span>provides information about security weaknesses that are identified or exploited through pen testing is aggregated and provided to the organization's IT and network system managers, enabling them to make strategic decisions and prioritize remediation efforts. \r\nA wide variety of <span style=\"font-weight: bold; \">software security testing tools </span>are available to assist with penetration testing, including free-of-charge, free software, and commercial software. Penetration tools scan code in order to identity malicious code in applications that could result in a security breach. Pen testing tools examine data encryption techniques and can identify hard-coded values, such as usernames and passwords, to verify security vulnerabilities in the system.\r\n Important aspect of any penetration testing program is defining the scope within which the pen testers must operate. Usually, the scope defines what systems, locations, techniques and tools can be used in a penetration test. Limiting the scope of the penetration test helps focus team members - and defenders - on the systems over which the organization has control.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Here are several of the main vulnerability penetration testing approaches:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Targeted testing</span> is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights turned on" approach because everyone can see the test being carried out.</li><li><span style=\"font-weight: bold;\">External testing</span> targets a company's externally visible servers or devices including domain name servers, email servers, web servers or firewalls. The<span style=\"font-size:11pt; font-family:Arial; font-style:normal; \">objective of penetration testing</span>is to find out if an outside attacker can get in and how far they can get in once they've gained access.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Internal testing</span> mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Blind testing simulates</span> the actions and procedures of a real attacker by severely limiting the information given to the person or team performing the test beforehand. Typically, the pen testers may only be given the name of the company.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Double-blind testing</span> takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Black box</span> testing is basically the same as blind testing, but the tester receives no information before the test takes place. Rather, the pen testers must find their own way into the system.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">White box</span> testing provides the penetration testers information about the target network before they start their work. This information can include such details as IP addresses, network infrastructure schematics and the protocols used plus the source code.</li></ul>","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal;\">What Is Penetration Testing?</span></h1>\r\nThere is a considerable amount of confusion in the industry regarding the differences between vulnerability assessment and penetration testing tool,as the two phrases are commonly interchanged. However, their meaning and implications are very different. A <span style=\"font-weight: bold; \">vulnerability assessment </span>simply identifies and reports noted vulnerabilities, whereas a pentest attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.<span style=\"font-weight: bold; \"> Penetration testing</span> typically includes network penetration testing and web application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is a pentesting tool ?</span></h1>\r\n<p class=\"align-left\">Penetration tools are used as part testing to automate certain tasks, improve testing efficiency and discover issues that might be difficult to find using manual analysis techniques alone. Two common penetration testing tools are <span style=\"font-weight: bold; \">static analysis </span>tools and <span style=\"font-weight: bold; \">dynamic analysis</span> tools. Tools for attack include software designed to produce <span style=\"font-weight: bold; \">brute-force attacks</span> or <span style=\"font-weight: bold; \">SQL injections</span>. There is also hardware specifically designed for pen testing, such as small inconspicuous boxes that can be plugged into a computer on the network to provide the hacker with remote access to that network. In addition, an ethical hacker may use social engineering techniques to find vulnerabilities. For example, sending phishing emails to company employees, or even disguising themselves as delivery people to gain physical access to the building.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the benefits of penetration testing?</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Manage the Risk Properly. </span>For many organizations, one of the most popular benefits of pen testing services is that they will give you a baseline to work upon to cure the risk in a structured and optimal way. It will show you the list of vulnerabilities in the target environment and the risks associated with it.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Increase Business Continuity.</span> Business continuity is the prime concern for any successful organization. A break in the business continuity can happen for many reasons. Lack of security loopholes is one of them. Insecure systems suffer more breaches in their availability than the secured ones. Today attackers are hired by other organizations to stop the continuity of business by exploiting the vulnerabilities to gain the access and to produce a denial of service condition which usually crashes the vulnerable service and breaks the server availability.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Protect Clients, Partners, and Third Parties.</span> A security breach can affect not only the target organization but also their associated clients, partners and third parties working with it. However, if company schedules a penetration test regularly and takes necessary actions towards security, it will help professionals build trust and confidence in the organization.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Helps to Evaluate Security Investment. </span> The pen test results will give us an independent view of the effectiveness of existing security processes, ensuring that configuration management practices have been followed correctly. This is an ideal opportunity to review the efficiency of the current security investment. What needs to be improved and what is working and what is not working and how much investment needed to build the more secure environment in the organization.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Help Protect Public Relationships and Guard the reputation of your company.</span>A good public relationship and company reputation are built up after taking many years struggle and hard work and with a huge amount of investment. This can be suddenly changed due to a single security breach.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Protection from Financial Damage.</span> A simple breach of the security system may cause millions of dollars of damage. Penetration testing can protect your organization from such damages.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Helps to tests cyber-defense capability.</span> During a penetration test, the target company’s security team should be able to detect multiple attacks and respond accordingly on time. Furthermore, if an intrusion is detected, the security and forensic teams should start investigations, and the penetration testers should be blocked and their tools removed. The effectiveness of your protection devices like IDS, IPS or WAF can also be tested during a penetration test.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Client-side Attacks. </span>Pen tests are an effective way of ensuring that successful highly targeted client-side attacks against key members of your staff. Security should be treated with a holistic approach. Companies only assessing the security of their servers run the risk of being targeted with client-side attacks exploiting vulnerabilities in software like web browsers, pdf readers, etc. It is important to ensure that the patch management processes are working properly updating the operating system and third-party applications.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Penetration_Testing.png","alias":"penetration-testing"},"791":{"id":791,"title":"Vulnerability Scanner","description":" A <span style=\"font-weight: bold;\">vulnerability scanner</span> is a computer program designed to assess computers, network vulnerability or applications for known weaknesses. In plain words, these scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. They are typically available as SaaS (Software as a service); provided over the internet and delivered as a web application. \r\nMost vulnerability scanners will also attempt to log in to systems using default or other credentials in order to build a more detailed picture of the system. After building up an inventory, the vulnerability scanner checks each item in the inventory against one or more databases of known vulnerabilities to see if any items are subject to any of these vulnerabilities. The result of such scan is a systems vulnerability analysis, highlighting any that have known vulnerabilities that may need threat and vulnerability management.\r\n<span style=\"font-weight: bold;\">How vulnerability scanning works</span>. Vulnerability scanning finds systems and software that have known security vulnerabilities, but this information is only useful to IT security teams when it is used as the first part of a four-part vulnerability management process. <span style=\"font-weight: bold;\">Vulnerability management process involves:</span>\r\n<ul><li>Identification of vulnerabilities</li><li>Evaluation of the risk posed by any vulnerabilities identified</li><li>Treatment of any identified vulnerabilities</li><li>Reporting on vulnerabilities and how they have been handled</li></ul>\r\n<br /><span style=\"font-weight: bold;\">Types of vulnerability scans. </span>Not all vulnerability scans are alike, and to ensure compliance with certain regulations (such as those set by the PCI Security Standards Council) it is necessary to carry out two distinct types of vulnerability scans: an internal and an external vulnerability scan. \r\n<span style=\"font-weight: bold;\">External vulnerability scan.</span> As the name suggests, an external vulnerability scan is carried out from outside an organization's network, and its principal purpose is to detect vulnerabilities in the perimeter defenses such as open ports in the network firewall or specialized web application firewall. An external vulnerability scan can help organizations fix security issues that could enable hackers to gain access to the organization's network.\r\n<span style=\"font-weight: bold;\">Internal vulnerability scan. </span>By contrast, an internal vulnerability scan is carried out from inside an organization's perimeter defenses. Its purpose is to detect vulnerabilities that could be exploited by hackers who successfully penetrate the perimeter defenses, or equally by "insider threats" such as contractors or disgruntled employees who have legitimate access to parts of the network.\r\n<span style=\"font-weight: bold;\">Unauthenticated and authenticated vulnerability scans.</span> A similar but not always identical variation of internal and external vulnerability scans is the concept of unauthenticated and authenticated vulnerability scans. Unauthenticated scans, like external scans, search for weaknesses in the network perimeter, while authenticated scans provide vulnerability scanners with various privileged credentials, allowing them to probe the inside of the network for weak passwords, configuration issues, and misconfigured databases or applications.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What is Vulnerability Assessment?</h1>\r\nVulnerability Assessment is also known as Vulnerability Testing, is a vulnerability scanning software performed to evaluate the security risks in the software system in order to reduce the probability of a threat. Vulnerability Analysis depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing (VAPT).\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of a vulnerability scanner:</span></p>\r\n<span style=\"font-weight: bold;\">Host Based. </span>Identifies the issues in the host or the system. The process is carried out by using host-based scanners and diagnose the vulnerabilities. The host-based tools will load a mediator software onto the target system; it will trace the event and report it to the security analyst.\r\n<span style=\"font-weight: bold;\">Network-Based.</span> It will detect the open port, and identify the unknown services running on these ports. Then it will disclose possible vulnerabilities associated with these services. This process is done by using Network-based Scanners.\r\n<span style=\"font-weight: bold;\">Database-Based.</span> It will identify the security exposure in the database systems using tools and techniques to prevent from SQL Injections. (SQL Injections: - Injecting SQL statements into the database by the malicious users, which can read the sensitive data's from a database and can update the data in the Database.)\r\n<h1 class=\"align-center\">How vulnerability scanners works?</h1>\r\nVulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.\r\nA security scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provide, possibly as a condition imposed by some authority. Vulnerability scans are also used by attackers looking for points of entry.\r\nA vulnerability scanner runs from the end point of the person inspecting the attack surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered.\r\nRunning a vulnerability scan can pose its own risks as it is inherently intrusive on the target machine’s running code. As a result, the scan can cause issues such as errors and reboots, reducing productivity.\r\n<h1 class=\"align-center\">How to choose the best vulnerability scanning tool?</h1>\r\nWhen researching vulnerability scanners, it's important to find out how they're rated for accuracy (the most important metric) as well as reliability, scalability and reporting. If accuracy is lacking, you'll end up running two different scanners, hoping that one picks up vulnerabilities that the other misses. This adds cost and effort to the scanning process. \r\n<span style=\"font-weight: bold;\">Software-Based Vulnerability Scanners.</span> These types of scanning products generally include configuration auditing, target profiling, penetration testing and detailed vulnerability analysis. They integrate with Windows products, such as Microsoft System Center, to provide intelligent patch management; some work with mobile device managers. They can scan not only physical network devices, servers and workstations, but extend to virtual machines, BYOD mobile devices and databases.\r\n<span style=\"font-weight: bold;\">Cloud-Based Vulnerability Scanners: </span>Continuous, On-Demand Monitoring. A newer type of vulnerability finder is delivered on-demand as Software as a Service (SaaS). Like software-based scanners, on-demand scanners incorporate links for downloading vendor patches and updates for identified vulnerabilities, reducing remediation effort. These services also include scanning thresholds to prevent overloading devices during the scanning process, which can cause devices to crash.\r\n<h1 class=\"align-center\">What is mobile application security scanner?</h1>\r\nMobile application security testing can help ensure there aren’t any loopholes in the software that may cause data loss. The sets of tests are meant to attack the app to identify possible threats and vulnerabilities that would allow external persons or systems to access private information stored on the mobile device. \r\nMobile application vulnerability scanner can help to ensure that applications are free from the flaws and weaknesses that hackers use to gain access to sensitive information. From backdoors, malicious code and other threats, these flaws may be present both in commercial and open source applications as well as software developed in-house.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Vulnerability_Scanner.png","alias":"vulnerability-scanner"},"793":{"id":793,"title":"Web Application Vulnerability Scanner","description":" A <span style=\"font-weight: bold; \">web application vulnerability scanner,</span> also known as a <span style=\"font-weight: bold; \">web application security scanner,</span> is an automated security tool. It scans web applications for malware, vulnerabilities, and logical flaws. Web application scanner use black box tests, as these tests do not require access to the source code but instead launch external attacks to test for security vulnerabilities. These simulated attacks can detect path traversal, cross-site scripting(XSS), and command injection.\r\nWeb app scanners are categorized as <span style=\"font-weight: bold; \">Dynamic Application Security Testing (DAST) tools.</span> DAST tools provide insight into how your web applications behave while they are in production, enabling your business to address potential vulnerabilities before a hacker uses them to stage an attack. As your web applications evolve, DAST solutions continue to scan them so that your business can promptly identify and remediate emerging issues before they develop into serious risks.\r\nWeb app vulnerability scanner first crawls the entire website, analyzing in-depth each file it finds, and displaying the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities by launching a series of Web attacks. Web application scanners check for vulnerabilities on the Web server, proxy server, Web application server and even on other Web services. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.\r\nA web application vulnerability assessment is very different than a general vulnerability assessment where security focus on networks and hosts. App vulnerability scanner scans ports, connect to services, and use other techniques to gather information revealing the patch levels, configurations, and potential exposures of our infrastructure.\r\nAutomated web application scanning tools help the user making sure the whole website is properly crawled, and that no input or parameter is left unchecked. Automated web vulnerability scanners also help in finding a high percentage of the technical vulnerabilities, and give you a very good overview of the website’s structure, and security status. \r\nThe best way to identify web application security threats is to perform web application vulnerability assessment. The importance of these threats could leave your organization exposed if they are not properly identified and mitigated. Therefore, implementing a web app security scanner solution should be of paramount importance for your organizations security plans in the future. \r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Why Web Application Vulnerability Scanning is important?</h1>\r\nWeb applications are the technological base of modern companies. That’s why more and more businesses are betting on the development of this type of digital platforms. They stand out because they allow to automate processes, simplify tasks, be more efficient and offer a better service to the customer.<br /><br />The objective of web applications is that the user completes a task, be it buying, making a bank transaction, accessing e-mail, editing photos, texts, among many other things. In fact, they are very useful for an endless number of services, hence their popularity. Their disadvantages are few, but there is one that requires special attention: vulnerabilities.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Main web application security risks</span></p>\r\nA web vulnerability scanner tools will help you keep your services protected. However, it is important to be aware of the major security risks that exist so that both developers and security professionals are always alert and can find the most appropriate solutions in a timely manner.\r\n<ul><li><span style=\"font-weight: bold; \">Injection</span></li></ul>\r\nThis is a vulnerability that affects the application databases. They occur when unreliable data is sent to an interpreter by means of a command or query. The attacker may inject malicious code to disrupt the normal operation of the application by making it access the data without authorization or execute involuntary commands.\r\n<ul><li><span style=\"font-weight: bold; \">Authentication failures</span></li></ul>\r\nIf a vulnerability scan in web applications finds a failure, it may be due to loss of authentication. This is a critical vulnerability, as it allows the attacker to impersonate another user. This can compromise important data such as usernames, passwords, session tokens, and more.\r\n<ul><li><span style=\"font-weight: bold; \">Sensitive data exposure</span></li></ul>\r\nA serious risk is the exposure of sensitive data especially financial information such as credit cards or account numbers, personal data such as place of residence, or health-related information. If an attacker scans for this type of vulnerability, he or she may modify or steal this data and use it fraudulently. Therefore, it is essential to use a web app scanning tools to find vulnerabilities in web applications.<br /><br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_Application_Vulnerability_Scanner.png","alias":"web-application-vulnerability-scanner"},"874":{"id":874,"title":"Threat Intelligence Platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png","alias":"threat-intelligence-platforms"}},"branches":"Information Technology","companySizes":"51 to 100 Employees","companyUrl":"https://ignyteplatform.com/","countryCodes":[],"certifications":[],"isSeller":true,"isSupplier":true,"isVendor":true,"presenterCodeLng":"","seo":{"title":"Ignyte Assurance Platform","keywords":"","description":"Ignyte Assurance Platform is a leader in collaborative security and GRC solutions for global corporations. For corporate risk and compliance officers who depend heavily on the protection of their resources, Ignyte is the ultimate translation engine for simp","og:title":"Ignyte Assurance Platform","og:description":"Ignyte Assurance Platform is a leader in collaborative security and GRC solutions for global corporations. For corporate risk and compliance officers who depend heavily on the protection of their resources, Ignyte is the ultimate translation engine for simp","og:image":"https://old.roi4cio.com/uploads/roi/company/Ignyte-Logo.png"},"eventUrl":"","vendorPartners":[],"supplierPartners":[],"vendoredProducts":[],"suppliedProducts":[],"partnershipProgramme":null}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}