{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"role-supplier":{"ru":"Поставщик","_type":"localeString","en":"Supplier"},"products-popover":{"de":"die produkte","ru":"Продукты","_type":"localeString","en":"Products"},"introduction-popover":{"ru":"внедрения","_type":"localeString","en":"introduction"},"partners-popover":{"ru":"партнеры","_type":"localeString","en":"partners"},"update-profile-button":{"ru":"Обновить профиль","_type":"localeString","en":"Update profile"},"read-more-button":{"ru":"Показать ещё","_type":"localeString","en":"Show more"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"user-implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"categories":{"ru":"Компетенции","_type":"localeString","en":"Categories"},"description":{"_type":"localeString","en":"Description","ru":"Описание"},"role-user":{"en":"User","ru":"Пользователь","_type":"localeString"},"partnership-vendors":{"ru":"Партнерство с производителями","_type":"localeString","en":"Partnership with vendors"},"partnership-suppliers":{"en":"Partnership with suppliers","ru":"Партнерство с поставщиками","_type":"localeString"},"reference-bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus 4 reference"},"partner-status":{"ru":"Статус партнёра","_type":"localeString","en":"Partner status"},"country":{"en":"Country","ru":"Страна","_type":"localeString"},"partner-types":{"ru":"Типы партнеров","_type":"localeString","en":"Partner types"},"branch-popover":{"ru":"область деятельности","_type":"localeString","en":"branch"},"employees-popover":{"ru":"количество сотрудников","_type":"localeString","en":"number of employees"},"partnership-programme":{"en":"Partnership program","ru":"Партнерская программа","_type":"localeString"},"partner-discounts":{"en":"Partner discounts","ru":"Партнерские скидки","_type":"localeString"},"registered-discounts":{"ru":"Дополнительные преимущества за регистрацию сделки","_type":"localeString","en":"Additional benefits for registering a deal"},"additional-advantages":{"en":"Additional Benefits","ru":"Дополнительные преимущества","_type":"localeString"},"additional-requirements":{"ru":"Требования к уровню партнера","_type":"localeString","en":"Partner level requirements"},"certifications":{"ru":"Сертификация технических специалистов","_type":"localeString","en":"Certification of technical specialists"},"sales-plan":{"ru":"Годовой план продаж","_type":"localeString","en":"Annual Sales Plan"},"partners-vendors":{"ru":"Партнеры-производители","_type":"localeString","en":"Partners-vendors"},"partners-suppliers":{"ru":"Партнеры-поставщики","_type":"localeString","en":"Partners-suppliers"},"all-countries":{"ru":"Все страны","_type":"localeString","en":"All countries"},"supplied-products":{"en":"Supplied products","ru":"Поставляемые продукты","_type":"localeString"},"vendored-products":{"en":"Produced products","ru":"Производимые продукты","_type":"localeString"},"vendor-implementations":{"ru":"Производимые внедрения","_type":"localeString","en":"Produced deployments"},"supplier-implementations":{"ru":"Поставляемые внедрения","_type":"localeString","en":"Supplied deployments"},"show-all":{"en":"Show all","ru":"Показать все","_type":"localeString"},"not-yet-converted":{"ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later."},"schedule-event":{"ru":"Pасписание событий","_type":"localeString","en":"Events schedule"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"register":{"ru":"Регистрация ","_type":"localeString","en":"Register"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"auth-message":{"ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString","en":"To view company events please log in or register on the sit."},"company-presentation":{"ru":"Презентация компании","_type":"localeString","en":"Company presentation"}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"ru":"Как это работает","_type":"localeString","en":"How does it works","de":"Wie funktioniert es"},"login":{"de":"Einloggen","ru":"Вход","_type":"localeString","en":"Log in"},"logout":{"_type":"localeString","en":"Sign out","ru":"Выйти"},"faq":{"_type":"localeString","en":"FAQ","de":"FAQ","ru":"FAQ"},"references":{"_type":"localeString","en":"Requests","de":"References","ru":"Мои запросы"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find-it-product":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"autoconfigurator":{"_type":"localeString","en":" Price calculator","ru":"Калькулятор цены"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"_type":"localeString","en":"Bonus for reference","ru":"Бонус за референс"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"_type":"localeString","en":"Catalogs","ru":"Каталоги"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"for-suppliers":{"en":"For suppliers","ru":"Поставщикам","_type":"localeString"},"blog":{"en":"Blog","ru":"Блог","_type":"localeString"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"comparison-deletion":{"en":"Deletion","ru":"Удаление","_type":"localeString"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"_type":"localeString","en":"My profile","ru":"Мои данные"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"ru":"О компании","_type":"localeString","en":"My Company","de":"Über die Firma"},"about":{"_type":"localeString","en":"About us","de":"Über uns","ru":"О нас"},"infocenter":{"ru":"Инфоцентр","_type":"localeString","en":"Infocenter","de":"Infocenter"},"tariffs":{"_type":"localeString","en":"Subscriptions","de":"Tarife","ru":"Тарифы"},"contact":{"ru":"Связаться с нами","_type":"localeString","en":"Contact us","de":"Kontaktiere uns"},"marketplace":{"de":"Marketplace","ru":"Marketplace","_type":"localeString","en":"Marketplace"},"products":{"_type":"localeString","en":"Products","de":"Produkte","ru":"Продукты"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost"},"get_bonus":{"de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"_type":"localeString","en":"ROI calculators","de":"ROI-Rechner","ru":"ROI калькуляторы"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"ru":"Наши социальные сети","_type":"localeString","en":"Our social networks","de":"Unsere sozialen Netzwerke"},"subscribe":{"de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"en":"Agreement","ru":"Пользовательское соглашение ","_type":"localeString"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"_type":"localeString","en":"Price calculator","ru":"Калькулятор цены"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"en":"blog","ru":"блог","_type":"localeString"},"pay4content":{"_type":"localeString","en":"we pay for content","ru":"платим за контент"},"categories":{"en":"categories","ru":"категории","_type":"localeString"},"showForm":{"en":"Show form","ru":"Показать форму","_type":"localeString"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"en":"Email","ru":"Email","_type":"localeString"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString"},"subscribe__agree-label":{"en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString"},"subscribe__submit-label":{"_type":"localeString","en":"Subscribe","ru":"Подписаться"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"_type":"localeString","en":"Last, first name","ru":"Имя Фамилия"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString","en":"Subscription is unsuccessful. Please, try again later."},"roi4presenter":{"de":"roi4presenter","ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"_type":"localeString","en":"Registration","ru":"Регистрация"},"b2b-platform":{"_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"_type":"localeString","en":"Last name","ru":"Фамилия"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"en":"Position","ru":"Должность","_type":"localeString"},"actual-cost":{"_type":"localeString","en":"Actual cost","ru":"Фактическая стоимость"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"en":"Saving type","ru":"Тип экономии","_type":"localeString"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"_type":"localeString","en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"en":"Site under maintenance","ru":"На сайте проводятся технические работы","_type":"localeString"},"message":{"en":"Thank you for your understanding","ru":"Спасибо за ваше понимание","_type":"localeString"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"translatable_meta":[{"name":"title","translations":{"en":"Company","ru":"Компания","_type":"localeString"}},{"translations":{"_type":"localeString","en":"Company description","ru":"Описание компании"},"name":"description"},{"name":"keywords","translations":{"_type":"localeString","en":"Company keywords","ru":"Ключевые слова для компании"}}],"title":{"ru":"ROI4CIO: Компания","_type":"localeString","en":"ROI4CIO: Company"},"meta":[{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"},{"name":"og:type","content":"website"}]}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"logichub":{"id":5721,"title":"LogicHub","logoURL":"https://old.roi4cio.com/uploads/roi/company/LogicHub.png","alias":"logichub","address":"","roles":[{"id":2,"type":"supplier"},{"id":3,"type":"vendor"}],"description":" <span style=\"font-weight: bold; \">LogicHub </span>offers the industry’s most powerful automation platform for security operations, helping organizations dramatically accelerate every SecOps process from alert triage and incident response, to threat hunting and detection. Founded on a singular premise that every threat detection process can be automated, <span style=\"font-weight: bold;\">LogicHub </span>empowers security analysts to be an order of magnitude more effective and productive.<br />Source: https://www.linkedin.com/company/logichub/about/","companyTypes":["supplier","vendor"],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{"40":{"id":40,"title":"Endpoint security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png","alias":"endpoint-security"},"51":{"id":51,"title":"PaaS - Platform as a service","description":"<span style=\"font-weight: bold; \">Platform as a Service (PaaS)</span> or <span style=\"font-weight: bold; \">Application Platform as a Service (aPaaS)</span> or <span style=\"font-weight: bold; \">platform-based service</span> is a category of cloud computing services that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.\r\n<span style=\"font-weight: bold; \">PaaS can be delivered in three ways:</span>\r\n<span style=\"font-weight: bold;\">As a public cloud service</span> from a provider, where the consumer controls software deployment with minimal configuration options, and the provider provides the networks, servers, storage, operating system (OS), middleware (e.g. Java runtime, .NET runtime, integration, etc.), database and other services to host the consumer's application.\r\n<span style=\"font-weight: bold;\">As a private service</span> (software or appliance) behind a firewall.\r\n<span style=\"font-weight: bold;\">As software</span> deployed on a public infrastructure as a service.\r\n<span style=\"color: rgb(97, 97, 97); \">The original intent of PaaS technology was to simplify the code-writing process for developers, with the infrastructure and operations handled by the PaaS provider. Originally, all PaaSes were in the public cloud. Because many companies did not want to have everything in the public cloud, private and hybrid PaaS options (managed by internal IT departments) were created.</span>\r\n<span style=\"color: rgb(97, 97, 97); \">PaaS provides an environment for developers and companies to create, host and deploy applications, saving developers from the complexities of the infrastructure side (setting up, configuring and managing elements such as servers and databases).</span>\r\n<span style=\"color: rgb(97, 97, 97); \">PaaS products can improve the speed of developing an app, and allow the consumer to focus on the application itself. With PaaS, the consumer manages applications and data, while the provider (in public PaaS) or IT department (in private PaaS) manages runtime, middleware, operating system, virtualization, servers, storage and networking.</span>\r\n<span style=\"color: rgb(97, 97, 97); \">PaaS offerings may also include facilities for application design, application development, testing and deployment, as well as services such as team collaboration, web service integration, and marshalling, database integration, security, scalability, storage, persistence, state management, application versioning, application instrumentation, and developer community facilitation. Besides the service engineering aspects, PaaS solutions include mechanisms for service management, such as monitoring, workflow management, discovery and reservation.</span>\r\nThere are various types of PaaS providers. All offer application hosting and a deployment environment, along with various integrated services. Services offer varying levels of scalability and maintenance. Developers can write an application and upload it to a PaaS platform that supports their software language of choice, and the application runs on that PaaS.","materialsDescription":"<h1 class=\"align-center\">How PaaS works</h1>\r\n<p class=\"align-left\">PaaS does not replace a company's entire IT infrastructure for software development. It is provided through a cloud service provider's hosted infrastructure with users most frequently accessing the offerings through a web browser. PaaS can be delivered through public, private and hybrid clouds to deliver services such as application hosting and Java development.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Other PaaS services include:</span></p>\r\n<ul><li>Development team collaboration</li><li>Application design and development</li><li>Application testing and deployment</li><li>Web service integration</li><li>Information security</li><li>Database integration</li></ul>\r\n<p class=\"align-left\">Users pay for PaaS on a per-use basis. However, different platform as a service providers charge a flat monthly fee for access to the platform and its applications.</p>\r\n<h1 class=\"align-center\">What are the types of PaaS?</h1>\r\n<ul><li><span style=\"font-weight: bold; \">Public PaaS</span></li></ul>\r\nA public PaaS allows the user to control software deployment while the cloud provider manages the delivery of all other major IT components necessary to the hosting of applications, including operating systems, databases, servers and storage system networks. \r\nPublic PaaS vendors offer middleware that enables developers to set up, configure and control servers and databases without the necessity of setting up the infrastructure side of things. As a result, public PaaS and IaaS (infrastructure as a service) run together, with PaaS operating on top of a vendor's IaaS infrastructure while leveraging the public cloud. \r\n<ul><li><span style=\"font-weight: bold; \">Private PaaS</span></li></ul>\r\nA private PaaS is usually delivered as an appliance or software within the user's firewall which is frequently maintained in the company's on-premises data center. A private PaaS software can be developed on any type of infrastructure and can work within the company's specific private cloud. Private PaaS allows an organization to better serve developers, improve the use of internal resources and reduce the costly cloud sprawl that many companies face.\r\n<ul><li><span style=\"font-weight: bold; \">Hybrid PaaS </span></li></ul>\r\nCombines public PaaS and private PaaS to provide companies with the flexibility of infinite capacity provided by a public PaaS model and the cost efficiencies of owning an internal infrastructure in private PaaS. Hybrid PaaS utilizes a hybrid cloud.\r\n<ul><li><span style=\"font-weight: bold; \">Communication PaaS </span></li></ul>\r\nCPaaS is a cloud-based platform that allows developers to add real-time communications to their apps without the need for back-end infrastructure and interfaces. Normally, real-time communications occur in apps that are built specifically for these functions. Examples include Skype, FaceTime, WhatsApp and the traditional phone. CPaaS provides a complete development framework for the creation of real-time communications features without the necessity of a developer building their own framework.\r\n<ul><li><span style=\"font-weight: bold; \">Mobile PaaS</span> </li></ul>\r\nMPaaS is the use of a paid integrated development environment for the configuration of mobile apps. In an mPaaS, coding skills are not required. MPaaS is delivered through a web browser and typically supports public cloud, private cloud and on-premises storage. The service is usually leased with pricing per month, varying according to the number of included devices and supported features.\r\n<ul><li><span style=\"font-weight: bold; \">Open PaaS</span></li></ul>\r\nIt is a free, open source, business-oriented collaboration platform that is attractive on all devices and provides useful web apps, including calendar, contacts and mail applications. OpenPaaS was designed to allow users to quickly deploy new applications with the goal of developing a PaaS technology that is committed to enterprise collaborative applications, specifically those deployed on hybrid clouds.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PaaS_-_Platform_as_a_service.png","alias":"paas-platform-as-a-service"},"52":{"id":52,"title":"SaaS - software as a service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png","alias":"saas-software-as-a-service"},"79":{"id":79,"title":"VM - Vulnerability management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png","alias":"vm-vulnerability-management"},"204":{"id":204,"title":"Managed Detection and Response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png","alias":"managed-detection-and-response"},"465":{"id":465,"title":"UEBA - User and Entity Behavior Analytics","description":"Developments in UBA technology led Gartner to evolve the category to user and entity behavior analytics (UEBA). In September 2015, Gartner published the Market Guide for User and Entity Analytics by Vice President and Distinguished Analyst, Avivah Litan, that provided a thorough definition and explanation. UEBA was referred to in earlier Gartner reports but not in much depth. Expanding the definition from UBA includes devices, applications, servers, data, or anything with an IP address. It moves beyond the fraud-oriented UBA focus to a broader one encompassing "malicious and abusive behavior that otherwise went unnoticed by existing security monitoring systems, such as SIEM and DLP." The addition of "entity" reflects that devices may play a role in a network attack and may also be valuable in uncovering attack activity. "When end users have been compromised, malware can lay dormant and go undetected for months. Rather than trying to find where the outsider entered, UEBAs allow for quicker detection by using algorithms to detect insider threats."\r\nParticularly in the computer security market, there are many vendors for UEBA applications. They can be "differentiated by whether they are designed to monitor on-premises or cloud-based software as a service (SaaS) applications; the methods in which they obtain the source data; the type of analytics they use (i.e., packaged analytics, user-driven or vendor-written), and the service delivery method (i.e., on-premises or a cloud-based)." According to the 2015 market guide released by Gartner, "the UEBA market grew substantially in 2015; UEBA vendors grew their customer base, market consolidation began, and Gartner client interest in UEBA and security analytics increased." The report further projected, "Over the next three years, leading UEBA platforms will become preferred systems for security operations and investigations at some of the organizations they serve. It will be—and in some cases already is—much easier to discover some security events and analyze individual offenders in UEBA than it is in many legacy security monitoring systems."","materialsDescription":"<span style=\"font-weight: bold;\">What is UEBA?</span>\r\nHackers can break into firewalls, send you e-mails with malicious and infected attachments, or even bribe an employee to gain access into your firewalls. Old tools and systems are quickly becoming obsolete, and there are several ways to get past them.\r\nUser and entity behavior analytics (UEBA) give you more comprehensive way of making sure that your organization has top-notch IT security, while also helping you detect users and entities that might compromise your entire system.\r\nUEBA is a type of cybersecurity process that takes note of the normal conduct of users. In turn, they detect any anomalous behavior or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert them immediately.\r\nUEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in, potentially, a real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyze the file, flow, and packet information.\r\nIn UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.\r\n<span style=\"font-weight: bold;\">What are the benefits of UEBA?</span>\r\nIt is the unfortunate truth that today's cybersecurity tools are fast becoming obsolete, and more skilled hackers and cyber attackers are now able to bypass the perimeter defenses that are used by most companies. In the old days, you were secure if you had web gateways, firewalls, and intrusion prevention tools in place. This is no longer the case in today’s complex threat landscape, and it’s especially true for bigger corporations that are proven to have very porous IT perimeters that are also very difficult to manage and oversee.\r\nThe bottom line? Preventive measures are no longer enough. Your firewalls are not going to be 100% foolproof, and hackers and attackers will get into your system at one point or another. This is why detection is equally important: when hackers do successfully get into your system, you should be able to detect their presence quickly in order to minimize the damage.\r\n<span style=\"font-weight: bold;\">How Does UEBA Work?</span>\r\nThe premise of UEBA is actually very simple. You can easily steal an employee’s user name and password, but it is much harder to mimic the person’s normal behavior once inside the network.\r\nFor example, let’s say you steal Jane Doe’s password and user name. You would still not be able to act precisely like Jane Doe once in the system unless given extensive research and preparation. Therefore, when Jane Doe’s user name is logged in to the system, and her behavior is different than that of typical Jane Doe, that is when UEBA alerts start to sound.\r\nAnother relatable analogy would be if your credit card was stolen. A thief can pickpocket your wallet and go to a high-end shop and start spending thousands of dollars using your credit card. If your spending pattern on that card is different from the thief’s, the company’s fraud detection department will often recognize the abnormal spending and block suspicious purchases, issuing an alert to you or asking you to verify the authenticity of a transaction.\r\nAs such, UEBA is a very important component of IT security, allowing you to:\r\n1. Detect insider threats. It is not too far-fetched to imagine that an employee, or perhaps a group of employees, could go rogue, stealing data and information by using their own access. UEBA can help you detect data breaches, sabotage, privilege abuse and policy violations made by your own staff.\r\n2. Detect compromised accounts. Sometimes, user accounts are compromised. It could be that the user unwittingly installed malware on his or her machine, or sometimes a legitimate account is spoofed. UEBA can help you weed out spoofed and compromised users before they can do real harm.\r\n3. Detect brute-force attacks. Hackers sometimes target your cloud-based entities as well as third-party authentication systems. With UEBA, you are able to detect brute-force attempts, allowing you to block access to these entities.\r\n4. Detect changes in permissions and the creation of super users. Some attacks involve the use of super users. UEBA allows you to detect when super users are created, or if there are accounts that were granted unnecessary permissions.\r\n5. Detect breach of protected data. If you have protected data, it is not enough to just keep it secure. You should know when a user accesses this data when he or she does not have any legitimate business reason to access it.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_User_and_Entity_Behavior_Analytics.png","alias":"ueba-user-and-entity-behavior-analytics"},"854":{"id":854,"title":"Security Orchestration and Automation","description":" SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance. The goal of using a SOAR stack is to improve the efficiency of physical and digital security operations. The term, which was coined by the research firm Gartner, can be applied to compatible products and services that help define, prioritize, standardize and automate incident response functions.\r\nSOAR solutions are gaining visibility and real-world use driven by early adoption to improve security operations centers. Security and risk management leaders should start to evaluate how these solutions can support and optimize their broader security operations capabilities.\r\nSecurity orchestration, automation and response (SOAR) defines as technologies that enable organizations to take inputs from a variety of sources (mostly from security information and event management [SIEM] systems) and apply workflows aligned to processes and procedures. These can be orchestrated via integrations with other technologies and automated to achieve a desired outcome and greater visibility. Additional capabilities include case and incident management features; the ability to manage threat intelligence, dashboards and reporting; and analytics that can be applied across various functions. SOAR tools significantly enhance security operations activities like threat detection and response by providing machine-powered assistance to human analysts to improve the efficiency and consistency of people and processes.\r\nMost SOAR tools are still strongest in their original "home offerings", which are security incident and response platforms (SIRPs), security orchestration and automation (SOA), and threat intelligence platforms (TIPs). Currently, the most common use case for SOAR by an organization is to define incident analysis and response procedures in a digital workflow format — such as plays in a security operations playbook. Additionally, these tools facilitate the use and operationalization of threat intelligence in security operations, which enhances the ability to predict, prevent, detect and respond to the prevailing threat landscape that a company faces.\r\nTo understand the evolving SOAR market, it is necessary to define the specific terms used — namely, orchestration and automation — in the context of security operations:\r\n<ul><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Aggregation:</span></span> The ability to aggregate/ingest data across sources. This may take the form of alerts, signals or other inputs from other technologies such as an alert from a SIEM tool or an email sent to a group mailbox. Other data that is ingested may include user information from an identity and access management (IAM) tool or threat intelligence from multiple sources.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Enrichment:</span></span> Whether after incident identification or during data collection and processing, SOAR solutions can help integrate external threat intelligence, perform internal contextual lookups or run processes to gather further data according to defined actions.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Orchestration:</span></span> The complexity of combining resources involves coordination of workflows with manual and automated steps, involving many components and affecting information systems and often humans as well.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Automation:</span></span> This concept involves the capability of software and systems to execute functions on their own, typically to affect other information systems and applications.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Response:</span></span> Manual or automated response provides canned resolution to programmatically defined activities. This includes activities from a basic level — ticket creation in an IT service desk application — to more advanced activities like applying some form of response via another security control, like blocking an IP address by changing a firewall rule. This functionality is the most impactful but also applies to the most complex use cases.</li></ul>\r\nBuyers are expressing demand for SOAR for several reasons:\r\n<ul><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Staff shortages:</span></span> Due to staff shortages in security operations, clients describe a growing need to automate repeatable tasks, streamline workflows and orchestrate security tasks resulting in operational scale. For instance, if you have a team, SOAR can give them more reach — but this is not a tool to get instead of a team. Also, organizations need the ability to demonstrate to management the organization’s ability to reduce the impact of inevitable incidents.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Continued evolution of threats and increases in volume:</span></span> As organizations consider threats that destroy data and can result in disclosure of intellectual property and monetary extortion, they require rapid, consistent, continuous and more frequent responses with fewer manual steps.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Improving alert triage quality and speed:</span></span> Security monitoring systems (such as SIEMs) are known to cost a significant amount to run and generate a high number of alerts, including many found to be “false positives” or simply not relevant after additional investigation. Security and risk management leaders then treat alert triage in a very manual way, which is subject to mistakes by the analysts. This leaves real incidents ignored. SOAR helps improve the signal-to-noise ratio by automating the repeatable, mundane aspects of incident investigation. This creates a positive situation where analysts can spend more time investigating and responding to an event instead of spending most of their time collecting all the data required to perform the investigation.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Need for a centralized view of threat intelligence:</span></span> A large number of security controls on the market today benefit from threat intelligence. SOAR tools allow for the centralized collection, aggregation, deduplication, enrichment of existing data with threat intelligence and, importantly, conversion of intelligence into action.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Reducing time to respond, contain and remediate:</span></span> Organizations are dealing with increasingly aggressive threats, such as ransomware, where rapid response of only minutes at best is required in order to stand a chance of containing the threat that is spread laterally in your environment. This scenario forces organizations to reduce the time they take to respond to those incidents, typically by delegating more tasks to machines. Reducing the response time, including incident containment and remediation, is one of the most effective ways to control the impact of security incidents. Like a brush fire, the sooner you can get to it, the smaller it is, and therefore the easier it is to put out.</li><li><span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Reducing unnecessary, routine work for the analysts:</span></span> SOC analysts are often working with multiple tools. They are looking at a stream of row and column SIEM console alerts, threat intelligence (TI) service portals for information about the entities involved, and endpoint detection and response (EDR) for context on what is happening on the affected endpoint. They may even be using workflow tools to control the triage and investigation processes.</li></ul>\r\nThe SOAR market is still an emerging market and it is forecast to grow up to $550 million in the five-year (2018-2023) time frame. Many organizations implement SOAR tools with use cases primarily focused on making their SOC analysts more efficient such that they can process more incidents while having more time to apply human analysis and drive response actions much quicker. Historically, they were not aware of the existence of these types of solutions. There are now more clients aware of SOAR solutions, which is fueling further adoption. This awareness is broadening; even SOAR vendors claim to have less work evangelizing about the technology and more conversations about their capabilities and differentiators. However, improving detection and response activities is just one of several opportunities for the use of SOAR tools to support security operations activities.\r\nSince SOAR is often used as an umbrella term that covers security operations, security incident response and threat intelligence, many vendors are driving their existing solutions in the fight for market leadership.","materialsDescription":" <span style=\"font-weight: bold; \">What is SOAR?</span>\r\nCoined by research company Gartner, Security Orchestration, Automation and Response (SOAR) is a term used to describe the convergence of three distinct technology markets: security orchestration and automation, security incident response platforms (SIRP), and threat intelligence platforms (TIP).\r\nSOAR technologies enable organizations to collect and aggregate vast amounts of security data and alerts from a wide range of sources. This assists human and machine-led analysis, as well as the standardization and automation of threat detection and remediation.\r\n<span style=\"font-weight: bold;\">What are the activities of SOAR?</span>\r\nSOAR supports multiple activities for security operations decision making such as, but not limited to, the following:\r\n<ul><li><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Prioritizing security operations activities:</span></span> Use of a SOAR solution requires organizations to consider questions about their processes. Which are most critical? Which ones consume the most staff time and resources? Which ones would benefit from automation? Where do we have gaps in our documented procedures? The preparation and planning for SOAR, and its ongoing use, help organizations prioritize and manage where orchestration and automation should be applied and where it can help improve response. This response can then lead to improvements in security operations and showing a demonstrable impact on business operations (e.g., faster time to detect and respond to threats that could impact business operations and optimization of security operations staff and budget).</li><li><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Formalizing triage and incident response:</span></span> Security operations teams must be consistent in their responses to incident and threats. They must also follow best practices, provide an audit trail and be measurable against business objectives.</li><li><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Automating response:</span></span> Speed is of the essence in today’s threat landscape. Attacks are increasing in speed (e.g., ransomware is now being automated to spread with worm functionality), but security operations are not automated. Having the ability to automate response action offers SOC teams the ability to quickly isolate/contain security incidents. Some responses can be fully automated, but at this time many SOAR users still inject a human to make the final decision. However, even this reduces the mean time to respond for the organization compared to being fully dependent on “human power.”</li></ul>\r\n<span style=\"font-weight: bold;\">SOAR Recommendations</span>\r\nSecurity and risk management leaders overseeing security operations should:\r\n<ul><li>Prepare for their SOAR implementations by having a starting set of defined processes and workflows that can be implemented. Out-of-the-box plays and integrations are a starting point but can rarely be implemented without some customizations.</li><li>Plan for the implementation and the ongoing operation and administration of SOAR tools by using a mix of professional services and internal resources.</li><li>Put a contingency plan in place in the event the SOAR tool is acquired by another vendor. Acquisitions are occurring with some frequency as the market evolves. Buyers should be prepared.</li></ul>\r\n<span style=\"font-weight: bold;\">Key Findings</span>\r\n<ul><li>The SOAR technology market aims to converge security orchestration and automation (SOA), security incident response (SIR) and threat intelligence platform (TIP) capabilities into single solutions.</li><li>Early adopters of SOAR technologies have been organizations and managed security service providers with mature security operations centers (SOCs) that understood the benefits of incorporating SOAR capabilities into their operations. However, use cases implemented by early adopters have not evolved over the last 12 months and are stuck in a rut, limiting the long-term potential for SOAR in security operations.</li><li>SOAR solutions are not “plug-and-play.” Even though solutions have a library of out-of-the-box use cases and integrations, buyers are reporting multiweek professional services engagements to implement their initial use cases, as every organization’s processes and technologies deployed are different.</li><li>Orchestration and automation are starting to be localized in point security technologies, usually in the form of predefined, automated workflows. This is not the same as a full-featured SOAR solution.<br /></li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/automation-engineering-management-computer-icons.png","alias":"security-orchestration-and-automation"}},"branches":"Information Technology","companySizes":"1 to 50 Employees","companyUrl":"https://www.logichub.com/","countryCodes":[],"certifications":[],"isSeller":true,"isSupplier":true,"isVendor":true,"presenterCodeLng":"","seo":{"title":"LogicHub","keywords":"","description":" <span style=\"font-weight: bold; \">LogicHub </span>offers the industry’s most powerful automation platform for security operations, helping organizations dramatically accelerate every SecOps process from alert triage and incident response, to threat hunting an","og:title":"LogicHub","og:description":" <span style=\"font-weight: bold; \">LogicHub </span>offers the industry’s most powerful automation platform for security operations, helping organizations dramatically accelerate every SecOps process from alert triage and incident response, to threat hunting an","og:image":"https://old.roi4cio.com/uploads/roi/company/LogicHub.png"},"eventUrl":"","vendorPartners":[],"supplierPartners":[],"vendoredProducts":[{"id":4166,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/logichub.png","logo":true,"scheme":false,"title":"LogicHub SOAR+","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"logichub-soar","companyTitle":"LogicHub","companyTypes":["supplier","vendor"],"companyId":5721,"companyAlias":"logichub","description":"<b>Data</b>\r\nIngest all available security events from SIEM and other security tools using large ecosystem of integrations, and enrich the data with threat intelligence information. Use ML to maintain context by comparing data. SOC knowledge of the in-house Expert SOC Team is captured in many out of the box security playbooks included in product. These automation workflows can be easily adopted by security teams.\r\n<b>Decisions </b>\r\nComplex data analysis and advanced correlations to identify known and unknown threats. The ML stitches multiple events into one, and it scores and ranks all threats and events. The ML also offers recommendations for enhancing existing automations and creating new automations. The platform identifies new threats and false positives by combining data ingested from integrations with its own built-in detection using security content included in the platform.\r\n<b>Actions</b>\r\nThe optimal response is decided by mimicking the actions that the analyst would take -- a cognitive approach. The engine executes playbooks to respond to threats automatically, at scale and at machine speeds. It creates cases to assist analysts in identifying incidents. No Python coding required. \r\n<b>The Foundation </b>\r\nFlexible architecture based on Apache Spark runs both on-prem or in the cloud. Our ML models are continuously monitored and improved by the feedback from the analysts and our Expert SOC Team. \r\n<b>Key Features</b>\r\n<ul> <li><b>Automation Engine.</b> Automate manual investigation steps for any SOC playbook </li> <li><b>Machine Learning.</b> Apply cognitive automation to mimic the expertise and intuition of skilled analysts </li> <li><b>Deep Correlation.</b> Threat Rank the highest priority alerts using sophisticated analysis across all event and intelligence data </li> <li><b>Feedback Loop.</b> Improve efficacy by easily providing context and expertise via an intuitive human feedback loop </li> <li><b>Full Traceability.</b> Automatically document alert scoring and reasoning for full visibility into the how and why </li> <li><b>Integrations.</b> Connect to hundreds of applications and services with a robust integration framework </li> <li><b>Ingestion Framework.</b> Easily intake security events data from SIEMs, log aggregators, cloud logs, and dozens of security products </li> <li><b>Visual Playbook Editor.</b> Enable easy creation of automation flows, without any coding </li> <li><b>Agentless Deployment.</b> Easy installation and setup by leveraging open APIs </li> </ul>","shortDescription":"The only SOAR platform that delivers autonomous threat detection and incident response automation in a single platform","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"LogicHub SOAR+","keywords":"","description":"<b>Data</b>\r\nIngest all available security events from SIEM and other security tools using large ecosystem of integrations, and enrich the data with threat intelligence information. Use ML to maintain context by comparing data. SOC knowledge of the in-house Ex","og:title":"LogicHub SOAR+","og:description":"<b>Data</b>\r\nIngest all available security events from SIEM and other security tools using large ecosystem of integrations, and enrich the data with threat intelligence information. Use ML to maintain context by comparing data. SOC knowledge of the in-house Ex","og:image":"https://old.roi4cio.com/fileadmin/user_upload/logichub.png"},"eventUrl":"","translationId":4165,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"suppliedProducts":[{"id":4166,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/logichub.png","logo":true,"scheme":false,"title":"LogicHub SOAR+","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"logichub-soar","companyTitle":"LogicHub","companyTypes":["supplier","vendor"],"companyId":5721,"companyAlias":"logichub","description":"<b>Data</b>\r\nIngest all available security events from SIEM and other security tools using large ecosystem of integrations, and enrich the data with threat intelligence information. Use ML to maintain context by comparing data. SOC knowledge of the in-house Expert SOC Team is captured in many out of the box security playbooks included in product. These automation workflows can be easily adopted by security teams.\r\n<b>Decisions </b>\r\nComplex data analysis and advanced correlations to identify known and unknown threats. The ML stitches multiple events into one, and it scores and ranks all threats and events. The ML also offers recommendations for enhancing existing automations and creating new automations. The platform identifies new threats and false positives by combining data ingested from integrations with its own built-in detection using security content included in the platform.\r\n<b>Actions</b>\r\nThe optimal response is decided by mimicking the actions that the analyst would take -- a cognitive approach. The engine executes playbooks to respond to threats automatically, at scale and at machine speeds. It creates cases to assist analysts in identifying incidents. No Python coding required. \r\n<b>The Foundation </b>\r\nFlexible architecture based on Apache Spark runs both on-prem or in the cloud. Our ML models are continuously monitored and improved by the feedback from the analysts and our Expert SOC Team. \r\n<b>Key Features</b>\r\n<ul> <li><b>Automation Engine.</b> Automate manual investigation steps for any SOC playbook </li> <li><b>Machine Learning.</b> Apply cognitive automation to mimic the expertise and intuition of skilled analysts </li> <li><b>Deep Correlation.</b> Threat Rank the highest priority alerts using sophisticated analysis across all event and intelligence data </li> <li><b>Feedback Loop.</b> Improve efficacy by easily providing context and expertise via an intuitive human feedback loop </li> <li><b>Full Traceability.</b> Automatically document alert scoring and reasoning for full visibility into the how and why </li> <li><b>Integrations.</b> Connect to hundreds of applications and services with a robust integration framework </li> <li><b>Ingestion Framework.</b> Easily intake security events data from SIEMs, log aggregators, cloud logs, and dozens of security products </li> <li><b>Visual Playbook Editor.</b> Enable easy creation of automation flows, without any coding </li> <li><b>Agentless Deployment.</b> Easy installation and setup by leveraging open APIs </li> </ul>","shortDescription":"The only SOAR platform that delivers autonomous threat detection and incident response automation in a single platform","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"LogicHub SOAR+","keywords":"","description":"<b>Data</b>\r\nIngest all available security events from SIEM and other security tools using large ecosystem of integrations, and enrich the data with threat intelligence information. Use ML to maintain context by comparing data. SOC knowledge of the in-house Ex","og:title":"LogicHub SOAR+","og:description":"<b>Data</b>\r\nIngest all available security events from SIEM and other security tools using large ecosystem of integrations, and enrich the data with threat intelligence information. Use ML to maintain context by comparing data. SOC knowledge of the in-house Ex","og:image":"https://old.roi4cio.com/fileadmin/user_upload/logichub.png"},"eventUrl":"","translationId":4165,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"partnershipProgramme":null}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}