{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"role-supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"products-popover":{"de":"die produkte","ru":"Продукты","_type":"localeString","en":"Products"},"introduction-popover":{"ru":"внедрения","_type":"localeString","en":"introduction"},"partners-popover":{"ru":"партнеры","_type":"localeString","en":"partners"},"update-profile-button":{"en":"Update profile","ru":"Обновить профиль","_type":"localeString"},"read-more-button":{"ru":"Показать ещё","_type":"localeString","en":"Show more"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"user-implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"categories":{"ru":"Компетенции","_type":"localeString","en":"Categories"},"description":{"en":"Description","ru":"Описание","_type":"localeString"},"role-user":{"_type":"localeString","en":"User","ru":"Пользователь"},"partnership-vendors":{"en":"Partnership with vendors","ru":"Партнерство с производителями","_type":"localeString"},"partnership-suppliers":{"_type":"localeString","en":"Partnership with suppliers","ru":"Партнерство с поставщиками"},"reference-bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus 4 reference"},"partner-status":{"en":"Partner status","ru":"Статус партнёра","_type":"localeString"},"country":{"ru":"Страна","_type":"localeString","en":"Country"},"partner-types":{"ru":"Типы партнеров","_type":"localeString","en":"Partner types"},"branch-popover":{"_type":"localeString","en":"branch","ru":"область деятельности"},"employees-popover":{"en":"number of employees","ru":"количество сотрудников","_type":"localeString"},"partnership-programme":{"_type":"localeString","en":"Partnership program","ru":"Партнерская программа"},"partner-discounts":{"ru":"Партнерские скидки","_type":"localeString","en":"Partner discounts"},"registered-discounts":{"ru":"Дополнительные преимущества за регистрацию сделки","_type":"localeString","en":"Additional benefits for registering a deal"},"additional-advantages":{"ru":"Дополнительные преимущества","_type":"localeString","en":"Additional Benefits"},"additional-requirements":{"en":"Partner level requirements","ru":"Требования к уровню партнера","_type":"localeString"},"certifications":{"ru":"Сертификация технических специалистов","_type":"localeString","en":"Certification of technical specialists"},"sales-plan":{"ru":"Годовой план продаж","_type":"localeString","en":"Annual Sales Plan"},"partners-vendors":{"en":"Partners-vendors","ru":"Партнеры-производители","_type":"localeString"},"partners-suppliers":{"en":"Partners-suppliers","ru":"Партнеры-поставщики","_type":"localeString"},"all-countries":{"_type":"localeString","en":"All countries","ru":"Все страны"},"supplied-products":{"_type":"localeString","en":"Supplied products","ru":"Поставляемые продукты"},"vendored-products":{"_type":"localeString","en":"Produced products","ru":"Производимые продукты"},"vendor-implementations":{"en":"Produced deployments","ru":"Производимые внедрения","_type":"localeString"},"supplier-implementations":{"_type":"localeString","en":"Supplied deployments","ru":"Поставляемые внедрения"},"show-all":{"en":"Show all","ru":"Показать все","_type":"localeString"},"not-yet-converted":{"ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later."},"schedule-event":{"en":"Events schedule","ru":"Pасписание событий","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"register":{"_type":"localeString","en":"Register","ru":"Регистрация "},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"auth-message":{"ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString","en":"To view company events please log in or register on the sit."},"company-presentation":{"_type":"localeString","en":"Company presentation","ru":"Презентация компании"}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString","en":"How does it works"},"login":{"ru":"Вход","_type":"localeString","en":"Log in","de":"Einloggen"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"_type":"localeString","en":"FAQ","de":"FAQ","ru":"FAQ"},"references":{"de":"References","ru":"Мои запросы","_type":"localeString","en":"Requests"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"en":"Bonus for reference","ru":"Бонус за референс","_type":"localeString"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"ru":"Сделки","_type":"localeString","en":"Deals"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"en":"Are you sure you want to delete","ru":"Подтвердите удаление","_type":"localeString"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"en":"My profile","ru":"Мои данные","_type":"localeString"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"en":"Products","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"en":"Learn implementation reviews","_type":"localeString"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString"},"company":{"_type":"localeString","en":"My Company","de":"Über die Firma","ru":"О компании"},"about":{"en":"About us","de":"Über uns","ru":"О нас","_type":"localeString"},"infocenter":{"ru":"Инфоцентр","_type":"localeString","en":"Infocenter","de":"Infocenter"},"tariffs":{"_type":"localeString","en":"Subscriptions","de":"Tarife","ru":"Тарифы"},"contact":{"de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString","en":"Contact us"},"marketplace":{"de":"Marketplace","ru":"Marketplace","_type":"localeString","en":"Marketplace"},"products":{"en":"Products","de":"Produkte","ru":"Продукты","_type":"localeString"},"compare":{"_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche","ru":"Подобрать и сравнить"},"calculate":{"ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost","de":"Kosten berechnen"},"get_bonus":{"_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix","de":"Vergleichsmatrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString","en":"Our social networks"},"subscribe":{"en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"_type":"localeString","en":"Privacy Policy","ru":"Политика конфиденциальности"},"user_agreement":{"en":"Agreement","ru":"Пользовательское соглашение ","_type":"localeString"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"_type":"localeString","en":"Price calculator","ru":"Калькулятор цены"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"ru":"блог","_type":"localeString","en":"blog"},"pay4content":{"_type":"localeString","en":"we pay for content","ru":"платим за контент"},"categories":{"ru":"категории","_type":"localeString","en":"categories"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"en":"This field is required","ru":"Это поле обязательное","_type":"localeString"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"_type":"localeString","en":"Please, enter the valid email","ru":"Пожалуйста, введите корректный адрес электронной почты"},"subscribe__email-placeholder":{"en":"username@gmail.com","ru":"username@gmail.com","_type":"localeString"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"en":"You are successfully subscribed! Check you mailbox.","ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString"},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."},"roi4presenter":{"de":"roi4presenter","ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"registration":{"en":"Registration","ru":"Регистрация","_type":"localeString"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"en":"Last name","ru":"Фамилия","_type":"localeString"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"_type":"localeString","en":"Actual cost","ru":"Фактическая стоимость"},"received-roi":{"_type":"localeString","en":"Received ROI","ru":"Полученный ROI"},"saving-type":{"_type":"localeString","en":"Saving type","ru":"Тип экономии"},"comment":{"ru":"Комментарий","_type":"localeString","en":"Comment"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"en":"I agree","ru":"Я согласен","_type":"localeString"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"ru":"Отправить","_type":"localeString","en":"Send"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"en":"Thank you for your understanding","ru":"Спасибо за ваше понимание","_type":"localeString"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"meta":[{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"},{"content":"website","name":"og:type"}],"translatable_meta":[{"name":"title","translations":{"_type":"localeString","en":"Company","ru":"Компания"}},{"translations":{"en":"Company description","ru":"Описание компании","_type":"localeString"},"name":"description"},{"name":"keywords","translations":{"_type":"localeString","en":"Company keywords","ru":"Ключевые слова для компании"}}],"title":{"ru":"ROI4CIO: Компания","_type":"localeString","en":"ROI4CIO: Company"}}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"positive-technologies":{"id":1779,"title":"Positive Technologies","logoURL":"https://old.roi4cio.com/uploads/roi/company/Positive_Technologies.png","alias":"positive-technologies","address":"","roles":[{"id":2,"type":"supplier"},{"id":3,"type":"vendor"}],"description":"Positive Technologies is a leading provider of vulnerability assessment, compliance management and threat analysis solutions to more than 1,000 global enterprise clients. Our solutions work seamlessly across your entire business: securing applications in development; assessing your network and application vulnerabilities; assuring compliance with regulatory requirements; and blocking real-time attacks.\r\n\r\n\r\nPositive Technologies helps you safeguard your business from security threats you can’t see. Protecting your organization is serious business that deserves to be based on science, not speculation; on modern technologies, not new buzz words.\r\n\r\nWe believe the right way forward includes making you smarter about security. That promise drives us each and every day.\r\n\r\nSource: https://www.ptsecurity.com/wwa/","companyTypes":["supplier","vendor"],"products":{},"vendoredProductsCount":3,"suppliedProductsCount":69,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":2,"supplierPartnersCount":1,"b4r":0,"categories":{"24":{"id":24,"title":"DLP - Data Leak Prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png","alias":"dlp-data-leak-prevention"},"42":{"id":42,"title":"UTM - Unified threat management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices&nbsp; </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_UTM.jpg","alias":"utm-unified-threat-management"},"45":{"id":45,"title":"SIEM - Security Information and Event Management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png","alias":"siem-security-information-and-event-management"},"52":{"id":52,"title":"SaaS - software as a service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as &quot;on-demand software&quot;, and was formerly referred to as &quot;software plus services&quot; by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term &quot;Software as a Service&quot; (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure.&nbsp; While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies.&nbsp; Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png","alias":"saas-software-as-a-service"},"79":{"id":79,"title":"VM - Vulnerability management","description":"Vulnerability management is the &quot;cyclical practice of identifying, classifying, prioritizing, remediating and mitigating&quot; software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png","alias":"vm-vulnerability-management"},"206":{"id":206,"title":"Application Security Testing","description":" Applications form the lifeline of any business today – and they are under attack more than ever before. Where previously we focused our attention on securing organizations’ network parameters, today the application level is where the focus is for attackers.\r\nAccording to Verizon’s 2014 Data Breach Investigations Report, web applications “remain the proverbial punching bag of the internet,” with about 80% of attacks in the application layer, as Gartner has stated.&nbsp; Taking proactive measures to protect your company and customer data is no longer an option: It is a business imperative for enterprises across all industries.\r\nIn 2013, the Ponemon Institute’s ‘Cost of a Data Breach Report’ found that security incidents in the U.S. averaged a total cost of $5.4 million. Preventing just one similar security incident would more than cover the cost of application security and prove your security programs value.\r\nApplication Security is built around the concept of ensuring that the code written for an application does what it was built to do, and keeps the contained data secure.\r\nAccording to Gartner, application security puts a primary focus on three elements:\r\n<ul><li>Reducing security vulnerabilities and risks</li><li>Improving security features and functions such as authentication, encryption or auditing</li><li>Integrating with the enterprise security infrastructure</li></ul>","materialsDescription":" Security testing techniques scour for vulnerabilities or security holes in applications. These vulnerabilities leave applications open to exploitation. Ideally, security testing is implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in a timely and thorough manner. Unfortunately, testing is often conducted as an afterthought at the end of the development cycle. With the growth of Continuous delivery and DevOps as popular software development and deployment models, continuous security models are becoming more popular.\r\nVulnerability scanners, and more specifically web application scanners, otherwise known as penetration testing tools (i.e. ethical hacking tools) have been historically used by security organizations within corporations and security consultants to automate the security testing of http request/responses; however, this is not a substitute for the need for actual source code review. Physical code reviews of an application's source code can be accomplished manually or in an automated fashion. Given the common size of individual programs (often 500,000 lines of code or more), the human brain cannot execute a comprehensive data flow analysis needed in order to completely check all circuitous paths of an application program to find vulnerability points. The human brain is suited more for filtering, interrupting and reporting the outputs of automated source code analysis tools available commercially versus trying to trace every possible path through a compiled code base to find the root cause level vulnerabilities.\r\nThere are many kinds of automated tools for identifying vulnerabilities in applications. Some require a great deal of security expertise to use and others are designed for fully automated use. The results are dependent on the types of information (source, binary, HTTP traffic, configuration, libraries, connections) provided to the tool, the quality of the analysis, and the scope of vulnerabilities covered. Common technologies used for identifying application vulnerabilities include:\r\n<span style=\"font-weight: bold;\">Static Application Security Testing (SAST)</span> is a technology that is frequently used as a Source Code Analysis tool. The method analyzes source code for security vulnerabilities prior to the launch of an application and is used to strengthen code. This method produces fewer false positives but for most implementations requires access to an application's source code and requires expert configuration and lots of processing power.\r\n<span style=\"font-weight: bold;\">Dynamic Application Security Testing (DAST)</span> is a technology, which is able to find visible vulnerabilities by feeding a URL into an automated scanner. This method is highly scalable, easily integrated and quick. DAST's drawbacks lie in the need for expert configuration and the high possibility of false positives and negatives.\r\n<span style=\"font-weight: bold;\">Interactive Application Security Testing (IAST)</span> is a solution that assesses applications from within using software instrumentation. This technique allows IAST to combine the strengths of both SAST and DAST methods as well as providing access to code, HTTP traffic, library information, backend connections and configuration information. Some IAST products require the application to be attacked, while others can be used during normal quality assurance testing.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Application_Security_Testing1.png","alias":"application-security-testing"},"791":{"id":791,"title":"Vulnerability Scanner","description":" A <span style=\"font-weight: bold;\">vulnerability scanner</span> is a computer program designed to assess computers, network vulnerability or applications for known weaknesses. In plain words, these scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. They&nbsp; are typically available as SaaS (Software as a service); provided over the internet and delivered as a web application. \r\nMost vulnerability scanners will also attempt to log in to systems using default or other credentials in order to build a more detailed picture of the system. After building up an inventory, the vulnerability scanner checks each item in the inventory against one or more databases of known vulnerabilities to see if any items are subject to any of these vulnerabilities. The result of such scan is a systems vulnerability analysis, highlighting any that have known vulnerabilities that may need threat and vulnerability management.\r\n<span style=\"font-weight: bold;\">How vulnerability scanning works</span>. Vulnerability scanning finds systems and software that have known security vulnerabilities, but this information is only useful to IT security teams when it is used as the first part of a four-part vulnerability management process. <span style=\"font-weight: bold;\">Vulnerability management process involves:</span>\r\n<ul><li>Identification of vulnerabilities</li><li>Evaluation of the risk posed by any vulnerabilities identified</li><li>Treatment of any identified vulnerabilities</li><li>Reporting on vulnerabilities and how they have been handled</li></ul>\r\n<br /><span style=\"font-weight: bold;\">Types of vulnerability scans. </span>Not all vulnerability scans are alike, and to ensure compliance with certain regulations (such as those set by the PCI Security Standards Council) it is necessary to carry out two distinct types of vulnerability scans: an internal and an external vulnerability scan. \r\n<span style=\"font-weight: bold;\">External vulnerability scan.</span> As the name suggests, an external vulnerability scan is carried out from outside an organization's network, and its principal purpose is to detect vulnerabilities in the perimeter defenses such as open ports in the network firewall or specialized web application firewall. An external vulnerability scan can help organizations fix security issues that could enable hackers to gain access to the organization's network.\r\n<span style=\"font-weight: bold;\">Internal vulnerability scan. </span>By contrast, an internal vulnerability scan is carried out from inside an organization's perimeter defenses. Its purpose is to detect vulnerabilities that could be exploited by hackers who successfully penetrate the perimeter defenses, or equally by &quot;insider threats&quot; such as contractors or disgruntled employees who have legitimate access to parts of the network.\r\n<span style=\"font-weight: bold;\">Unauthenticated and authenticated vulnerability scans.</span> A similar but not always identical variation of internal and external vulnerability scans is the concept of unauthenticated and authenticated vulnerability scans. Unauthenticated scans, like external scans, search for weaknesses in the network perimeter, while authenticated scans&nbsp; provide vulnerability scanners with various privileged credentials, allowing them to probe the inside of the network for weak passwords, configuration issues, and misconfigured databases or applications.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What is Vulnerability Assessment?</h1>\r\nVulnerability Assessment is also known as Vulnerability Testing, is a vulnerability scanning software performed to evaluate the security risks in the software system in order to reduce the probability of a threat. Vulnerability Analysis depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing (VAPT).\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of a vulnerability scanner:</span></p>\r\n<span style=\"font-weight: bold;\">Host Based. </span>Identifies the issues in the host or the system. The process is carried out by using host-based scanners and diagnose the vulnerabilities. The host-based tools will load a mediator software onto the target system; it will trace the event and report it to the security analyst.\r\n<span style=\"font-weight: bold;\">Network-Based.</span> It will detect the open port, and identify the unknown services running on these ports. Then it will disclose possible vulnerabilities associated with these services. This process is done by using Network-based Scanners.\r\n<span style=\"font-weight: bold;\">Database-Based.</span> It will identify the security exposure in the database systems using tools and techniques to prevent from SQL Injections. (SQL Injections: - Injecting SQL statements into the database by the malicious users, which can read the sensitive data's from a database and can update the data in the Database.)\r\n<h1 class=\"align-center\">How vulnerability scanners works?</h1>\r\nVulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.\r\nA security scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provide, possibly as a condition imposed by some authority.&nbsp; Vulnerability scans are also used by attackers looking for points of entry.\r\nA vulnerability scanner runs from the end point of the person inspecting the attack surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered.\r\nRunning a vulnerability scan can pose its own risks as it is inherently intrusive on the target machine’s running code. As a result, the scan can cause issues such as errors and reboots, reducing productivity.\r\n<h1 class=\"align-center\">How to choose the best vulnerability scanning tool?</h1>\r\nWhen researching vulnerability scanners, it's important to find out how they're rated for accuracy (the most important metric) as well as reliability, scalability and reporting. If accuracy is lacking, you'll end up running two different scanners, hoping that one picks up vulnerabilities that the other misses. This adds cost and effort to the scanning process. \r\n<span style=\"font-weight: bold;\">Software-Based Vulnerability Scanners.</span> These types of scanning products generally include configuration auditing, target profiling, penetration testing and detailed vulnerability analysis. They integrate with Windows products, such as Microsoft System Center, to provide intelligent patch management; some work with mobile device managers. They can scan not only physical network devices, servers and workstations, but extend to virtual machines, BYOD mobile devices and databases.\r\n<span style=\"font-weight: bold;\">Cloud-Based Vulnerability Scanners: </span>Continuous, On-Demand Monitoring. A newer type of vulnerability finder&nbsp; is delivered on-demand as Software as a Service (SaaS). Like software-based scanners, on-demand scanners incorporate links for downloading vendor patches and updates for identified vulnerabilities, reducing remediation effort. These services also include scanning thresholds to prevent overloading devices during the scanning process, which can cause devices to crash.\r\n<h1 class=\"align-center\">What is mobile application security scanner?</h1>\r\nMobile application security testing can help ensure there aren’t any loopholes in the software that may cause data loss. The sets of tests are meant to attack the app to identify possible threats and vulnerabilities that would allow external persons or systems to access private information stored on the mobile device. \r\nMobile application vulnerability scanner can help to ensure that applications are free from the flaws and weaknesses that hackers use to gain access to sensitive information. From backdoors, malicious code and other threats, these flaws may be present both in commercial and open source applications as well as software developed in-house.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Vulnerability_Scanner.png","alias":"vulnerability-scanner"},"793":{"id":793,"title":"Web Application Vulnerability Scanner","description":" A <span style=\"font-weight: bold; \">web application vulnerability scanner,</span> also known as a <span style=\"font-weight: bold; \">web application security scanner,</span> is an automated security tool. It scans web applications for malware, vulnerabilities, and logical flaws. Web application scanner use black box tests, as these tests do not require access to the source code but instead launch external attacks to test for security vulnerabilities. These simulated attacks can detect path traversal, cross-site scripting(XSS), and command injection.\r\nWeb app scanners are categorized as <span style=\"font-weight: bold; \">Dynamic Application Security Testing (DAST) tools.</span> DAST tools provide insight into how your web applications behave while they are in production, enabling your business to address potential vulnerabilities before a hacker uses them to stage an attack. As your web applications evolve, DAST solutions continue to scan them so that your business can promptly identify and remediate emerging issues before they develop into serious risks.\r\nWeb app vulnerability scanner first crawls the entire website, analyzing in-depth each file it finds, and displaying the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities by launching a series of Web attacks. Web application scanners check for vulnerabilities on the Web server, proxy server, Web application server and even on other Web services. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.\r\nA web application vulnerability assessment is very different than a general vulnerability assessment where security focus on networks and hosts. App vulnerability scanner scans ports, connect to services, and use other techniques to gather information revealing the patch levels, configurations, and potential exposures of our infrastructure.\r\nAutomated web application scanning tools help the user making sure the whole website is properly crawled, and that no input or parameter is left unchecked.&nbsp; Automated web vulnerability scanners also help in finding a high percentage of the technical vulnerabilities, and give you a very good overview of the website’s structure, and security status.&nbsp; \r\nThe best way to identify web application security threats is to perform web application vulnerability assessment. The importance of these threats could leave your organization exposed if they are not properly identified and mitigated. Therefore, implementing a web app security scanner solution should be of paramount importance for your organizations security plans in the future. \r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Why Web Application Vulnerability Scanning is important?</h1>\r\nWeb applications are the technological base of modern companies. That’s why more and more businesses are betting on the development of this type of digital platforms. They stand out because they allow to automate processes, simplify tasks, be more efficient and offer a better service to the customer.<br /><br />The objective of web applications is that the user completes a task, be it buying, making a bank transaction, accessing e-mail, editing photos, texts, among many other things. In fact, they are very useful for an endless number of services, hence their popularity. Their disadvantages are few, but there is one that requires special attention: vulnerabilities.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Main web application security risks</span></p>\r\nA web vulnerability scanner tools will help you keep your services protected. However, it is important to be aware of the major security risks that exist so that both developers and security professionals are always alert and can find the most appropriate solutions in a timely manner.\r\n<ul><li><span style=\"font-weight: bold; \">Injection</span></li></ul>\r\nThis is a vulnerability that affects the application databases. They occur when unreliable data is sent to an interpreter by means of a command or query. The attacker may inject malicious code to disrupt the normal operation of the application by making it access the data without authorization or execute involuntary commands.\r\n<ul><li><span style=\"font-weight: bold; \">Authentication failures</span></li></ul>\r\nIf a vulnerability scan in web applications finds a failure, it may be due to loss of authentication. This is a critical vulnerability, as it allows the attacker to impersonate another user. This can compromise important data such as usernames, passwords, session tokens, and more.\r\n<ul><li><span style=\"font-weight: bold; \">Sensitive data exposure</span></li></ul>\r\nA serious risk is the exposure of sensitive data especially financial information such as credit cards or account numbers, personal data such as place of residence, or health-related information. If an attacker scans for this type of vulnerability, he or she may modify or steal this data and use it fraudulently. Therefore, it is essential to use a web app scanning tools to find vulnerabilities in web applications.<br /><br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_Application_Vulnerability_Scanner.png","alias":"web-application-vulnerability-scanner"}},"branches":"Information Technology","companySizes":"501 to 1000 Employees","companyUrl":"https://www.ptsecurity.com/","countryCodes":[],"certifications":[],"isSeller":true,"isSupplier":true,"isVendor":true,"presenterCodeLng":"","seo":{"title":"Positive Technologies","keywords":"your, Positive, Technologies, business, solutions, compliance, security, technologies","description":"Positive Technologies is a leading provider of vulnerability assessment, compliance management and threat analysis solutions to more than 1,000 global enterprise clients. Our solutions work seamlessly across your entire business: securing applications in devel","og:title":"Positive Technologies","og:description":"Positive Technologies is a leading provider of vulnerability assessment, compliance management and threat analysis solutions to more than 1,000 global enterprise clients. Our solutions work seamlessly across your entire business: securing applications in devel","og:image":"https://old.roi4cio.com/uploads/roi/company/Positive_Technologies.png"},"eventUrl":"","vendorPartners":[{"vendor":"Microsoft","partnershipLevel":"Gold","countries":"","partnersType":""},{"vendor":"Oracle","partnershipLevel":"Gold","countries":"","partnersType":""}],"supplierPartners":[{"supplier":"MONT","partnershipLevel":"Distributor","countries":"Georgia, Russian Federation","partnersType":""}],"vendoredProducts":[{"id":5564,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Positive_Technologies.png","logo":true,"scheme":false,"title":"Positive Technologies Industrial Security Incident Manager","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":1,"alias":"positive-technologies-industrial-security-incident-manager","companyTitle":"Positive Technologies","companyTypes":["supplier","vendor"],"companyId":1779,"companyAlias":"positive-technologies","description":"<p class=\"align-center\"><b>Overview</b></p>\r\nThe PT ISIM hardware appliance performs non-stop monitoring of ICS network security, helps to detect cyberattacks in their early stages, identifies negligent or malicious actions by staff, and promotes compliance with cybersecurity legislation and industry regulations. \r\n<ul> <li>For small businesses</li> <li>For larger companies</li> <li>For ICS integrators</li> </ul>\r\n<p class=\"align-center\"><b>Quick start and scalability </b></p>\r\nA flexible mix of components makes PT ISIM easy and quick to deploy, with minimal configuration required, on infrastructures belonging to companies in any industry. Whether rapid or gradual, scaling up is always a smooth process on even the most complex networks. \r\n<ul> <li>Inventory of ICS network assets</li> <li>Monitoring of ICS data flows</li> <li>Detection of unauthorized system administration</li> <li>Detection and prevention od ICS cyberattacks</li> <li>Enhanced regulatory compliance</li> <li>Investigation of ICS cybersecurity incidents</li> </ul>\r\n<p class=\"align-center\"><b>Non-stop protection and uninterrupted uptime </b></p>\r\nThe monitoring architecture of PT ISIM is passive-only. Unlike other popular ICS security products, PT ISIM isolates ICS components from any possible interference. \r\n<ul> <li>Uniterrupted ICS operations</li> <li>Automatic ICS network inventory</li> <li>Pinpoint threat detection</li> <li>Ease of deployment and scalability</li> <li>Awareness of site and business context</li> <li>Regulatory compliance</li> </ul>","shortDescription":"Simple, effective solution for ICS cybersecurity\r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Positive Technologies Industrial Security Incident Manager","keywords":"","description":"<p class=\"align-center\"><b>Overview</b></p>\r\nThe PT ISIM hardware appliance performs non-stop monitoring of ICS network security, helps to detect cyberattacks in their early stages, identifies negligent or malicious actions by staff, and promotes compliance wi","og:title":"Positive Technologies Industrial Security Incident Manager","og:description":"<p class=\"align-center\"><b>Overview</b></p>\r\nThe PT ISIM hardware appliance performs non-stop monitoring of ICS network security, helps to detect cyberattacks in their early stages, identifies negligent or malicious actions by staff, and promotes compliance wi","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Positive_Technologies.png"},"eventUrl":"","translationId":5563,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":269,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/MaxPatrol.jpg","logo":true,"scheme":false,"title":"MaxPatrol","vendorVerified":0,"rating":"1.90","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":1,"alias":"maxpatrol","companyTitle":"Positive Technologies","companyTypes":["supplier","vendor"],"companyId":1779,"companyAlias":"positive-technologies","description":"<span style=\"color: rgb(51, 51, 51); font-family: Arial, sans-serif; font-size: 12.8px; \">MaxPatrol™ provides vulnerability and compliance management for all your applications, databases, network and operating systems, as well as your ERP (SAP), ICS/SCADA, Core Telecom and Banking infrastructure. MaxPatrol™ is an all-in-one vulnerability management solution trusted by over 1,000 enterprises across 30 countries.</span>\r\nMaxPatrol™ provides agentless, low-privileged, black-box and white-box identification of vulnerabilities and configuration defects within your applications, databases, network and operating systems.\r\n\r\nWith unique capabilities to cover ERP (SAP), ICS/SCADA, Core Telecom and Banking Systems, MaxPatrol™ is an all-in-one vulnerability management solution trusted by over 1,000 enterprises to maintain security and compliance.\r\n\r\nSAP Security\r\nMaxPatrol is the only solution that:\r\nAutomates vulnerability and compliance management across all layers of your SAP infrastructure. MaxPatrol’s certified integration with SAP NetWeaver® 7.0, gives you control of SAP system parameters, services, vulnerabilities, SAProuter configurations, segregation of duties and so much more\r\nProvides an in-depth security assessment of core networks like ICS/SCADA, Core Telecom and Banking Systems and creates a practical attack model to illustrate where your business is at risk and outlines the steps you should take to protect it\r\nKEY BENEFITS:\r\nCore NetworksPoint Accuracy\r\nGet automated white-box and black-box analysis, security configuration assessments and detailed compliance checks across all your systems\r\nGo in-depth, to analyze system details, creating a baseline for security and eliminating false positives and false negatives\r\nProtect your critical infrastructure including ICS/SCADA, Core Telecom and Banking Systems\r\nAutomate your SAP security including network infrastructure, business modules and SAP Notes, and SoD analysis\r\nLeverage the knowledge of 200 security experts who perform more than 20 large-scale penetration tests, over 200 application security assessments and discover more than 150 0-day vulnerabilities each year","shortDescription":"MaxPatrol™ provides vulnerability and compliance management for all your applications, databases, network and operating systems, as well as your ERP (SAP), ICS/SCADA, Core Telecom and Banking infrastructure. MaxPatrol™ is an all-in-one vulnerability management solution trusted by over 1,000 enterprises across 30 countries.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"MaxPatrol","keywords":"your, security, Core, SCADA, infrastructure, Banking, Telecom, compliance","description":"<span style=\"color: rgb(51, 51, 51); font-family: Arial, sans-serif; font-size: 12.8px; \">MaxPatrol™ provides vulnerability and compliance management for all your applications, databases, network and operating systems, as well as your ERP (SAP), ICS/SCADA, Cor","og:title":"MaxPatrol","og:description":"<span style=\"color: rgb(51, 51, 51); font-family: Arial, sans-serif; font-size: 12.8px; \">MaxPatrol™ provides vulnerability and compliance management for all your applications, databases, network and operating systems, as well as your ERP (SAP), ICS/SCADA, Cor","og:image":"https://old.roi4cio.com/fileadmin/user_upload/MaxPatrol.jpg"},"eventUrl":"","translationId":270,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the &quot;cyclical practice of identifying, classifying, prioritizing, remediating and mitigating&quot; software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1612,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Positive_Technologies.png","logo":true,"scheme":false,"title":"PT Application Firewall","vendorVerified":0,"rating":"1.90","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":1,"alias":"pt-application-firewall","companyTitle":"Positive Technologies","companyTypes":["supplier","vendor"],"companyId":1779,"companyAlias":"positive-technologies","description":"<p>PT Application Firewall is a smart protection solution that offers a serious response to the security challenges created by web portals, ERP, and mobile applications.</p>\r\n<p>Each user group &mdash; security staff, network administrators, developers, and SOC operators &mdash; has role-based access to data and the admin interface.</p>\r\n<p><span style=\"font-weight: bold;\">Highlights:</span></p>\r\n<ul>\r\n<li>Focus on major threats. Correlation mechanisms reduce the number of alerts and highlight important incidents. Attack chain metrics simplify forensics.</li>\r\n<li>Instant Blocking. Defends against &ldquo;self-inflicted&rdquo; vulnerabilities in custom-built software with virtual patches that protect apps until insecure code is fixed.</li>\r\n<li>Protection against security bypass. Prevents most firewall bypass methods including HPC, HPP, and Verb Tampering.</li>\r\n<li>Behavioral analysis against robots. Automated malware protection prevents brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage.</li>\r\n<li>Evolving Security. Adapts to protect even the most dynamic applications that are constantly being refined and improved.</li>\r\n</ul>\r\n<p>Источник:&nbsp;https://azuremarketplace.microsoft.com/ru-ru/marketplace/apps/ptsecurity.ptaf?tab=Overview</p>","shortDescription":"PT Application Firewall detects known & unknown vulnerabilities and prevents attacks on web apps","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"PT Application Firewall","keywords":"","description":"<p>PT Application Firewall is a smart protection solution that offers a serious response to the security challenges created by web portals, ERP, and mobile applications.</p>\r\n<p>Each user group &mdash; security staff, network administrators, developers, and SO","og:title":"PT Application Firewall","og:description":"<p>PT Application Firewall is a smart protection solution that offers a serious response to the security challenges created by web portals, ERP, and mobile applications.</p>\r\n<p>Each user group &mdash; security staff, network administrators, developers, and SO","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Positive_Technologies.png"},"eventUrl":"","translationId":1613,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":19,"title":"WAF - Web Application Firewall"}],"testingArea":"","categories":[{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\">&nbsp;</p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"suppliedProducts":[{"id":3593,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/microsoft.png","logo":true,"scheme":false,"title":"Microsoft Defender Advanced Threat Protection (ATP)","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-defender-advanced-threat-protection-atp","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"<span style=\"font-weight: bold; \">Microsoft Defender Advanced Threat Protection (ATP)</span> is a complete security solution.\r\n<span style=\"font-weight: bold; \">Agentless, cloud-powered</span>\r\nNo additional deployment or infrastructure. No delays or update compatibility issues. Always up to date.\r\n<span style=\"font-weight: bold; \">Unparalleled optics</span>\r\nBuilt into Windows 10 for deeper insights. Exchanges signals with the Microsoft Intelligent Security Graph.\r\n<span style=\"font-weight: bold; \">Automated security</span>\r\nTake your security to a new level, by going from alert to remediation in minutes – at scale.\r\n<span style=\"font-weight: bold; \">Synchronized defense</span>\r\nMicrosoft 365 shares detection and exploration – across devices, identities and information – to speed up response and recovery.\r\n\r\n<span style=\"font-weight: bold; \">Announcing Threat &amp; Vulnerability Management</span>\r\nThreat and Vulnerability Management is a new capability within Microsoft Defender ATP designed to empower security teams to discover, prioritize and remediate vulnerabilities, and misconfigurations.<br /><span style=\"font-weight: bold; \">Microsoft Threat Experts</span>\r\nMicrosoft Threat Experts further empowers your Security Operations Centers by providing them with deep knowledge, expert level threat monitoring, analysis, and support to identify critical threats in your unique environment.\r\n<span style=\"font-weight: bold; \">Automation: From alert to remediation in minutes - at scale</span>\r\nAutomatically investigate alerts and remediate complex threats in minutes. Applies industry best practices and intelligent decision-making algorithms to determine whether a threat - file or fileless - is active and what action to take.\r\n<span style=\"font-weight: bold; \">Protect your business from advanced threats</span>\r\nThrough the power of the cloud, machine learning and behavior analytics, Microsoft Defender ATP provides connected pre-breach protection.\r\n<span style=\"font-weight: bold;\">Innovative Endpoint Detection and Response (EDR)</span>\r\nCyber attacks remain a serious threat. Microsoft Defender ATP detects network attacks and data breaches, and gives you the insights and tools to close incidents quickly.","shortDescription":"Microsoft Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":9,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft Defender Advanced Threat Protection (ATP)","keywords":"","description":"<span style=\"font-weight: bold; \">Microsoft Defender Advanced Threat Protection (ATP)</span> is a complete security solution.\r\n<span style=\"font-weight: bold; \">Agentless, cloud-powered</span>\r\nNo additional deployment or infrastructure. No delays or update co","og:title":"Microsoft Defender Advanced Threat Protection (ATP)","og:description":"<span style=\"font-weight: bold; \">Microsoft Defender Advanced Threat Protection (ATP)</span> is a complete security solution.\r\n<span style=\"font-weight: bold; \">Agentless, cloud-powered</span>\r\nNo additional deployment or infrastructure. No delays or update co","og:image":"https://old.roi4cio.com/fileadmin/user_upload/microsoft.png"},"eventUrl":"","translationId":3594,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":838,"title":"Endpoint Detection and Response","alias":"endpoint-detection-and-response","description":"Endpoint Detection and Response (EDR) is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats. It is a subset of endpoint security technology and a critical piece of an optimal security posture. EDR differs from other endpoint protection platforms (EPP) such as antivirus (AV) and anti-malware in that its primary focus isn't to automatically stop threats in the pre-execution phase on an endpoint. Rather, EDR is focused on providing the right endpoint visibility with the right insights to help security analysts discover, investigate and respond to very advanced threats and broader attack campaigns stretching across multiple endpoints. Many EDR tools, however, combine EDR and EPP.\r\nWhile small and mid-market organizations are increasingly turning to EDR technology for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology. Utilizing advanced EDR features such as forensic analysis, behavioral monitoring and artificial intelligence (AI) is labor and resource intensive, requiring the attention of dedicated security professionals.\r\nA managed endpoint security service combines the latest technology, an around-the-clock team of certified CSOC experts and up-to-the-minute industry intelligence for a cost-effective monthly subscription. Managed services can help reduce the day-to-day burden of monitoring and responding to alerts, enhance security orchestration and automation (SOAR) and improve threat hunting and incident response.","materialsDescription":"<span style=\"font-weight: bold; \">What is Endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. One could even make the argument that endpoint detection and response is a form of advanced threat protection.\r\n<span style=\"font-weight: bold;\">What are the Key Aspects of EDR Security?</span>\r\nAccording to Gartner, effective EDR must include the following capabilities:\r\n<ul><li>Incident data search and investigation</li><li>Alert triage or suspicious activity validation</li><li>Suspicious activity detection</li><li>Threat hunting or data exploration</li><li>Stopping malicious activity</li></ul>\r\n<span style=\"font-weight: bold;\">What to look for in an EDR Solution?</span>\r\nUnderstanding the key aspects of EDR and why they are important will help you better discern what to look for in a solution. It’s important to find EDR software that can provide the highest level of protection while requiring the least amount of effort and investment — adding value to your security team without draining resources. Here are the six key aspects of EDR you should look for:\r\n<span style=\"font-weight: bold;\">1. Visibility:</span> Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment and stop them immediately.\r\n<span style=\"font-weight: bold;\">2. Threat Database:</span> Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.\r\n<span style=\"font-weight: bold;\">3. Behavioral Protection:</span> Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioral approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.\r\n<span style=\"font-weight: bold;\">4. Insight and Intelligence:</span> An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.\r\n<span style=\"font-weight: bold;\">5. Fast Response:</span> EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.\r\n<span style=\"font-weight: bold;\">6. Cloud-based Solution:</span> Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hgghghg.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4982,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Oracle_Flexcube.png","logo":true,"scheme":false,"title":"Oracle FLEXCUBE","vendorVerified":0,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":150,"alias":"oracle-flexcube","companyTitle":"Oracle","companyTypes":["supplier","vendor"],"companyId":164,"companyAlias":"oracle","description":"The financial services industry continues to evolve amidst disruption caused by an unprecedented proliferation of digital technologies and connectivity. This disruption coupled with several regulatory directives is also driving the emergence of connected ecosystems. To successfully address disruption, protect their customer relationships and business, effectively comply with regulations, stay competitive and leverage the ecosystem opportunity, banks must double down on transforming their systems so that they can leverage digital technologies and connectivity to deliver better services, experiences and value for their customers.\r\nWith technology at the core of banking, modernization of core systems is the cornerstone of digital transformation in a bank. Oracle FLEXCUBE Universal Banking can help banks jumpstart digital transformation and leapfrog their capabilities to stay relevant, competitive and compliant in a fast evolving industry. With its modern, digital, shrink-wrapped, pre-configured, interoperable, scalable and connected capabilities, Oracle FLEXCUBE Universal Banking can help catapult banks to the fore front of digital innovation and leadership.<br />\r\n<span style=\"font-weight: bold;\">ACCELERATED DIGITAL TRANSFORMATION</span><br />\r\nBanks can transform the way they understand customers, develop new products and services, focus on new business lines, initiatives and deliver engaging experiences across multiple digital channels.<br />\r\n<span style=\"font-weight: bold;\">Oracle FLEXCUBE offers:</span>\r\n<ul><li>Multi-channel, multi-device and multi-vendor access coupled with best-in-class functionality that helps banks offer innovative services and frictionless experiences.</li></ul>\r\n<ul><li>Multi-dimensional views of customer data to enable a deeper understanding of customers as individuals and helps banks offer personalized services and experiences that are highly contextual and relevant.</li></ul>\r\n<ul><li>Mobility, service ubiquity and experience that drives stakeholder convenience.</li></ul>\r\n<span style=\"font-weight: bold;\">Key Business Benefits:</span>\r\n<ul><li>Offers business mobility, service experience, ubiquity and customer centricity</li></ul>\r\n<ul><li>Drives growth through customer centricity</li></ul>\r\n<ul><li>Enables an accelerated time-tomarket</li></ul>\r\n<ul><li>Enables customized transformation using best of breed point or pre-integrated solutions</li></ul>\r\n<ul><li>Has a connected architecture that enables collaboration</li></ul>\r\n<ul><li>Enables Open Banking and API monetization</li></ul>\r\n<ul><li>Offers operational and cost efficiencies from automated decisioning</li></ul>","shortDescription":"Решение Oracle FLEXCUBE предназначено для финансовых учреждений и предлагает клиентоориентированные основные банковские функции, функции интернет-обслуживания и управления частным капиталом. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Oracle FLEXCUBE","keywords":"","description":"The financial services industry continues to evolve amidst disruption caused by an unprecedented proliferation of digital technologies and connectivity. This disruption coupled with several regulatory directives is also driving the emergence of connected ecosy","og:title":"Oracle FLEXCUBE","og:description":"The financial services industry continues to evolve amidst disruption caused by an unprecedented proliferation of digital technologies and connectivity. This disruption coupled with several regulatory directives is also driving the emergence of connected ecosy","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Oracle_Flexcube.png"},"eventUrl":"","translationId":4983,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":158,"title":"Core Banking System","alias":"core-banking-system","description":"Core (centralized online real-time exchange) banking is a banking service provided by a group of networked bank branches where customers may access their bank account and perform basic transactions from any of the member branch offices.\r\nCore banking system is often associated with retail banking and many banks treat the retail customers as their core banking customers. Businesses are usually managed via the corporate banking division of the institution. Core banking covers basic depositing and lending of money.\r\nCore banking functions will include transaction accounts, loans, mortgages and payments. Banks make these services available across multiple channels like automated teller machines, Internet banking, mobile banking and branches.\r\nBanking software and network technology allow a bank to centralise its record keeping and allow access from any location.\r\nAdvancements in Internet and information technology reduced manual work in banks and increasing efficiency. Computer software is developed to perform core operations of banking like recording of transactions, passbook maintenance, interest calculations on loans and deposits, customer records, balance of payments and withdrawal. This software is installed at different branches of bank and then interconnected by means of computer networks based on telephones, satellite and the Internet.\r\nGartner defines a core banking system as a back-end system that processes daily banking transactions, and posts updates to accounts and other financial records. Core banking solutions typically include deposit, loan and credit-processing capabilities, with interfaces to general ledger systems and reporting tools. Core banking applications are often one of the largest single expense for banks and legacy software are a major issue in terms of allocating resources. Spending on these systems is based on a combination of service-oriented architecture and supporting technologies.\r\nMany banks implement custom applications for core banking. Others implement or customize commercial independent software vendor packages. Systems integrators like Cognizant, EdgeVerve Systems Limited, Capgemini, Accenture, IBM and Tata Consultancy Services implement these core banking packages at banks. More recently, entrants such as Probanx (since 2000) and Temenos (late 1990's) have also provided entry level core banking software, focussing on neo-banks and electronic money institutions.\r\nOpen source Technology in core banking products or software can help banks to maintain their productivity and profitability at the same time. ","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is core banking solution (CBS)?</span></h1>\r\nToday Banking as a business has grown tremendously and transformed itself from only a deposits taking and loan providing system to an institution which provides an entire gamut of products and services under a wide umbrella. All such activities commenced by a bank is called Core Banking.\r\nCORE is an acronym for &quot;Centralized Online Real-time Exchange&quot;, thus the bank’s branches can access applications from centralized data centers.\r\nOther than retail banking customers, core banking is now also being extended to address the requirements of corporate clients and provide for a comprehensive banking solution.<br />Digital core banking offer the following advantages to the bank:\r\n<ul><li>Improved operations which address customer demands and industry consolidation;</li><li>Errors due to multiple entries eradicated;</li><li>Easy ability to introduce new financial products and manage changes in existing products;</li><li>Seamless merging of back office data and self-service operations.</li></ul>\r\n<span style=\"font-weight: bold;\">Minimum features of Core Banking Solution:</span>\r\n<ol><li>Customer-On Boarding.</li><li>Managing deposits and withdrawals.</li><li>Transactions management.</li><li>Calculation and management.</li><li>Payments processing (cash, cheques /checks, mandates, NEFT, RTGS etc.).</li><li>Customer relationship management (CRM) activities.</li><li>Designing new banking products.</li><li>Loans disbursal and management.</li><li>Accounts management</li><li>Establishing criteria for minimum balances, interest rates, number of withdrawals allowed and so on.</li></ol>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Choosing the best core banking system software</span></h1>\r\n<p class=\"align-left\">Today, there are four primary core banking providers, FIS, Fiserv, Jack Henry and D+H, that have managed to eat up 96 percent of the market share (90 percent for banks under $1 billion in assets and 98 percent for banks over $1 billion in assets). But there are also some strong players rounding out the remaining 4 percent.<br />Deciding on a core banking software solutions is the first key task for banks and credit unions looking to make the switch. But the decision is not one to be taken lightly, as pointed out by Forbes “Core technologies are evolving into highly agile architectures, and the implications for making the wrong decision will be lasting — and could put banks at competitive risk.”</p>\r\n<p class=\"align-left\">To help your bank and credit union make the best use of your resources, Gartner identified the eight key criteria that have the most impact on CBS banking system decisions:<br /><br /></p>\r\n<ul><li>&nbsp;&nbsp;&nbsp; Functionality</li><li>&nbsp;&nbsp;&nbsp; Flexibility</li><li>&nbsp;&nbsp;&nbsp; Cost</li><li>&nbsp;&nbsp;&nbsp; Viability</li><li>&nbsp;&nbsp;&nbsp; Operational Performance</li><li>&nbsp;&nbsp;&nbsp; Program Management</li><li>&nbsp;&nbsp;&nbsp; Partner Management</li><li>&nbsp;&nbsp;&nbsp; Customer References</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Core_Banking_System1.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3215,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Oracle_Enterprise_Manager.png","logo":true,"scheme":false,"title":"Oracle Enterprise Manager","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":150,"alias":"oracle-enterprise-manager","companyTitle":"Oracle","companyTypes":["supplier","vendor"],"companyId":164,"companyAlias":"oracle","description":"<span style=\"color: rgb(97, 97, 97); \">Oracle Enterprise Manager (OEM or EM) is a set of web-based tools aimed at managing software and hardware produced by Oracle Corporation as well as by some non-Oracle entities.</span>\r\n<span style=\"font-weight: bold; \"><span style=\"color: rgb(97, 97, 97); \">Modern Systems Management</span></span>\r\nAs an IT operations professional, your job is more critical than ever because cloud operations are now a fact of life. From managing on-premises assets to deploying and managing new applications to the cloud, Oracle provides a comprehensive solution for managing your environments with Oracle Management Cloud and Oracle Enterprise Manager.\r\nOracle Enterprise Manager has traditionally provided deep management for the Oracle stack using an on-premises delivery method. Oracle Management Cloud is our next-generation, cloud-based management offering powered by machine learning and big data analytics.\r\n<span style=\"font-weight: bold; \">An Extensive Portfolio of Management Solutions</span>\r\n<span style=\"font-weight: bold; \">Cloud Management</span>\r\nFor existing Oracle Enterprise Manager customers, managing cloud assets is possible right within the cloud control user interface. For new customers, the easiest way to monitor cloud assets is to use Oracle Management Cloud.\r\n<span style=\"font-weight: bold; \">Application Management</span>\r\nManage Oracle packaged applications, including - but not limited to - Oracle E-Business Suite, Siebel, PeopleSoft, JD Edwards EnterpriseOne, Tax and Utilities, Oracle Communications applications, and Primavera.\r\n<span style=\"font-weight: bold; \">Middleware Management</span>\r\nOracle Enterprise Manager provides a comprehensive management solution for Oracle WebLogic Server, Oracle Fusion Middleware, and non-Oracle middleware technology such as Apache Tomcat, JBoss Application Server, and IBM WebSphere Application Server. The solution offers capabilities spanning configuration and compliance management, patching, provisioning, and performance management, as well as administration and auditing.\r\n<span style=\"font-weight: bold; \">Database Management</span>\r\nTake advantage of Oracle&amp;rsquo;s time-tested and popular solutions including Diagnostics Pack, Tuning Pack, Real Application Testing, and related technologies to manage Oracle Databases.\r\n<span style=\"font-weight: bold; \">Hardware and Virtualization Management</span>\r\nManage physical and virtual server environments including Oracle Solaris and Oracle Linux operating systems and virtual environments (Solaris Zones and OVM for SPARC).\r\n<span style=\"font-weight: bold; \">Application Performance Management</span>\r\nManage web and Java applications built on Oracle WebLogic Server and Oracle Databases. Monitor web browser activity and application transactions to optimize user experience and application performance.\r\n<span style=\"font-weight: bold; \">Application Quality Management</span>\r\nA complete testing solution for Oracle Database, Oracle packaged applications, and custom web applications.\r\n<span style=\"font-weight: bold; \">Engineered Systems Management</span>\r\nManage Exadata Database Machine with comprehensive lifecycle management, from monitoring to management and ongoing maintenance.\r\n<span style=\"font-weight: bold; \">Lifecycle Management</span>\r\nPowerful capabilities to aid consolidation, enforce standardization, and deploy automation.\r\n<span style=\"font-weight: bold;\">Heterogeneous Management</span>\r\nExtend Oracle Enterprise Manager to monitor non-Oracle technologies. For customers new to Oracle Enterprise Manager, please review Oracle Management Cloud for cloud-based monitoring of heterogeneous environments.","shortDescription":"Enterprise Manager allows administrators to manage the work of complex information systems built primarily on the basis of Oracle technologies, including software products from other companies.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Oracle Enterprise Manager","keywords":"","description":"<span style=\"color: rgb(97, 97, 97); \">Oracle Enterprise Manager (OEM or EM) is a set of web-based tools aimed at managing software and hardware produced by Oracle Corporation as well as by some non-Oracle entities.</span>\r\n<span style=\"font-weight: bold; \"><s","og:title":"Oracle Enterprise Manager","og:description":"<span style=\"color: rgb(97, 97, 97); \">Oracle Enterprise Manager (OEM or EM) is a set of web-based tools aimed at managing software and hardware produced by Oracle Corporation as well as by some non-Oracle entities.</span>\r\n<span style=\"font-weight: bold; \"><s","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Oracle_Enterprise_Manager.png"},"eventUrl":"","translationId":3216,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":243,"title":"Database Development and Management Tools","alias":"database-development-and-management-tools","description":" Many companies create various multi-functional applications to facilitate the management, development and administration of databases.\r\nMost relational databases consist of two separate components: a “back-end” where data is stored and a “front-end” —a user interface for interacting with data. This type of design is smart enough, as it parallels a two-level programming model that separates the data layer from the user interface and allows you to concentrate the software market directly on improving its products. This model opens doors for third parties who create their own applications for interacting with various databases.\r\nDatabase development tools can be used to create varieties of the following programs:\r\n<ul><li>client programs;</li><li>database servers and their individual components;</li><li>custom applications.</li></ul>\r\nThe programs of the first and second types are rather small since they are intended mainly for system programmers. The third type packages are much larger, but smaller than full-featured DBMS.\r\nThe development tools for custom applications include programming systems, various program libraries for various programming languages, and development automation packages (including client-server systems).<br />Database management system, abbr. DBMS (Eng. Database Management System, abbr. DBMS) - a set of software and linguistic tools for general or special purposes, providing management of the creation and use of databases.\r\nDBMS - a set of programs that allow you to create a database (DB) and manipulate data (insert, update, delete and select). The system ensures the safety, reliability of storage and data integrity, as well as provides the means to administer the database.","materialsDescription":" <span style=\"font-weight: bold;\">The main functions of the DBMS:</span>\r\n<ul><li>data management in external memory (on disk);</li><li>data management in RAM using disk cache;</li><li>change logging, backup and recovery of databases after failures;</li><li>support for database languages ​​(data definition language, data manipulation language).</li></ul>\r\n<span style=\"font-weight: bold;\">The composition of the DBMS:</span>\r\nUsually, a modern DBMS contains the following components:\r\n<ul><li>the core, which is responsible for managing data in external and RAM and logging;</li><li>database language processor, which provides the optimization of requests for the extraction and modification of data and the creation, as a rule, of a machine-independent executable internal code;</li><li>a run-time support subsystem that interprets data manipulation programs that create a user interface with a DBMS;<br />service programs (external utilities) that provide a number of additional capabilities for maintaining an information system.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Database_Development_and_Management_Tools.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4796,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/microsoft_scsm.png","logo":true,"scheme":false,"title":"Microsoft System Center Service Manager (SCSM)","vendorVerified":0,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-system-center-service-manager-scsm","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"Microsoft System Center 2012 Service Manager (SCSM 2012) is a management product in the System Center 2012 suite that can help an enterprise automate and adapt its IT service management. SCSM includes built-in processes that address situations enterprises will come across, such as changing control, managing assets' lifecycles and resolving problems and incidents as they occur. The SCSM 2012 application consists of three tiers: a console, a data access module and a database.<br />Enterprises must take two important factors into consideration before deploying SCSM 2012. First, they must create and identify a domain account to use when setting up Service Manager. Second, they must create a user group in Active Directory Domain Services.<br />There a number of ways to deploy SCSM 2012, but there are three deployment options that receive the most attention: one virtual computer and one physical computer; two computers to host the management server and database; and four computers to host the management server and database.<br /><br />","shortDescription":"Microsoft System Center Service Manager is designed to improve and simplify IT support operations.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft System Center Service Manager (SCSM)","keywords":"","description":"Microsoft System Center 2012 Service Manager (SCSM 2012) is a management product in the System Center 2012 suite that can help an enterprise automate and adapt its IT service management. SCSM includes built-in processes that address situations enterprises will","og:title":"Microsoft System Center Service Manager (SCSM)","og:description":"Microsoft System Center 2012 Service Manager (SCSM 2012) is a management product in the System Center 2012 suite that can help an enterprise automate and adapt its IT service management. SCSM includes built-in processes that address situations enterprises will","og:image":"https://old.roi4cio.com/fileadmin/user_upload/microsoft_scsm.png"},"eventUrl":"","translationId":4797,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li>&nbsp;&nbsp;&nbsp; Lower costs for IT operations</li><li>&nbsp;&nbsp;&nbsp; Higher returns on IT investments</li><li>&nbsp;&nbsp;&nbsp; Minimal service outages</li><li>&nbsp;&nbsp;&nbsp; Ability to establish well-defined, repeatable, and manageable IT processes</li><li>&nbsp;&nbsp;&nbsp; Efficient analysis of IT problems to reduce repeat incidents</li><li>&nbsp;&nbsp;&nbsp; Improved efficiency of IT help desk teams</li><li>&nbsp;&nbsp;&nbsp; Well-defined roles and responsibilities</li><li>&nbsp;&nbsp;&nbsp; Clear expectations on service levels and service availability</li><li>&nbsp;&nbsp;&nbsp; Risk-free implementation of IT changes</li><li>&nbsp;&nbsp;&nbsp; Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the &quot;needs&quot; primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":5564,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Positive_Technologies.png","logo":true,"scheme":false,"title":"Positive Technologies Industrial Security Incident Manager","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":1,"alias":"positive-technologies-industrial-security-incident-manager","companyTitle":"Positive Technologies","companyTypes":["supplier","vendor"],"companyId":1779,"companyAlias":"positive-technologies","description":"<p class=\"align-center\"><b>Overview</b></p>\r\nThe PT ISIM hardware appliance performs non-stop monitoring of ICS network security, helps to detect cyberattacks in their early stages, identifies negligent or malicious actions by staff, and promotes compliance with cybersecurity legislation and industry regulations. \r\n<ul> <li>For small businesses</li> <li>For larger companies</li> <li>For ICS integrators</li> </ul>\r\n<p class=\"align-center\"><b>Quick start and scalability </b></p>\r\nA flexible mix of components makes PT ISIM easy and quick to deploy, with minimal configuration required, on infrastructures belonging to companies in any industry. Whether rapid or gradual, scaling up is always a smooth process on even the most complex networks. \r\n<ul> <li>Inventory of ICS network assets</li> <li>Monitoring of ICS data flows</li> <li>Detection of unauthorized system administration</li> <li>Detection and prevention od ICS cyberattacks</li> <li>Enhanced regulatory compliance</li> <li>Investigation of ICS cybersecurity incidents</li> </ul>\r\n<p class=\"align-center\"><b>Non-stop protection and uninterrupted uptime </b></p>\r\nThe monitoring architecture of PT ISIM is passive-only. Unlike other popular ICS security products, PT ISIM isolates ICS components from any possible interference. \r\n<ul> <li>Uniterrupted ICS operations</li> <li>Automatic ICS network inventory</li> <li>Pinpoint threat detection</li> <li>Ease of deployment and scalability</li> <li>Awareness of site and business context</li> <li>Regulatory compliance</li> </ul>","shortDescription":"Simple, effective solution for ICS cybersecurity\r\n\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":4,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Positive Technologies Industrial Security Incident Manager","keywords":"","description":"<p class=\"align-center\"><b>Overview</b></p>\r\nThe PT ISIM hardware appliance performs non-stop monitoring of ICS network security, helps to detect cyberattacks in their early stages, identifies negligent or malicious actions by staff, and promotes compliance wi","og:title":"Positive Technologies Industrial Security Incident Manager","og:description":"<p class=\"align-center\"><b>Overview</b></p>\r\nThe PT ISIM hardware appliance performs non-stop monitoring of ICS network security, helps to detect cyberattacks in their early stages, identifies negligent or malicious actions by staff, and promotes compliance wi","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Positive_Technologies.png"},"eventUrl":"","translationId":5563,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of &quot;exclusive&quot; (written for specific protocols and ICS software) malware, considering your system safe &quot;by default&quot; is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4842,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/orchestrator_20121.jpg","logo":true,"scheme":false,"title":"Microsoft System Center Orchestrator","vendorVerified":0,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-system-center-orchestrator","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"Microsoft System Center Orchestrator is a workflow automation software product that allows administrators to automate the monitoring and deployment of data center resources.<br /><br />Microsoft System Center Orchestrator was introduced as part of the Microsoft System Center 2012 suite as a rebranding of Microsoft’s previous workflow automation software, Opalis vNext. Orchestrator uses a drag and drop graphical interface to allow admins to define run books. Orchestrator translates these visual representations into .NET scripts, PowerShell or SSH commands to automate workflows. It is capable of managing multiple operating systems and can also handle VMware- and Citrix-based workflows.<br /><br />Microsoft offers add-ons for System Center Orchestrator that extend its functionality, including the Microsoft System Center 2012 Orchestrator Integration Toolkit and the Microsoft System Center 2012 Orchestrator Integration Pack.","shortDescription":"Microsoft System Center Orchestrator is a workflow automation software product that allows administrators to automate the monitoring and deployment of data center resources.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft System Center Orchestrator","keywords":"","description":"Microsoft System Center Orchestrator is a workflow automation software product that allows administrators to automate the monitoring and deployment of data center resources.<br /><br />Microsoft System Center Orchestrator was introduced as part of the Microsof","og:title":"Microsoft System Center Orchestrator","og:description":"Microsoft System Center Orchestrator is a workflow automation software product that allows administrators to automate the monitoring and deployment of data center resources.<br /><br />Microsoft System Center Orchestrator was introduced as part of the Microsof","og:image":"https://old.roi4cio.com/fileadmin/user_upload/orchestrator_20121.jpg"},"eventUrl":"","translationId":4843,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li>&nbsp;&nbsp;&nbsp; Lower costs for IT operations</li><li>&nbsp;&nbsp;&nbsp; Higher returns on IT investments</li><li>&nbsp;&nbsp;&nbsp; Minimal service outages</li><li>&nbsp;&nbsp;&nbsp; Ability to establish well-defined, repeatable, and manageable IT processes</li><li>&nbsp;&nbsp;&nbsp; Efficient analysis of IT problems to reduce repeat incidents</li><li>&nbsp;&nbsp;&nbsp; Improved efficiency of IT help desk teams</li><li>&nbsp;&nbsp;&nbsp; Well-defined roles and responsibilities</li><li>&nbsp;&nbsp;&nbsp; Clear expectations on service levels and service availability</li><li>&nbsp;&nbsp;&nbsp; Risk-free implementation of IT changes</li><li>&nbsp;&nbsp;&nbsp; Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the &quot;needs&quot; primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":269,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/MaxPatrol.jpg","logo":true,"scheme":false,"title":"MaxPatrol","vendorVerified":0,"rating":"1.90","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":1,"alias":"maxpatrol","companyTitle":"Positive Technologies","companyTypes":["supplier","vendor"],"companyId":1779,"companyAlias":"positive-technologies","description":"<span style=\"color: rgb(51, 51, 51); font-family: Arial, sans-serif; font-size: 12.8px; \">MaxPatrol™ provides vulnerability and compliance management for all your applications, databases, network and operating systems, as well as your ERP (SAP), ICS/SCADA, Core Telecom and Banking infrastructure. MaxPatrol™ is an all-in-one vulnerability management solution trusted by over 1,000 enterprises across 30 countries.</span>\r\nMaxPatrol™ provides agentless, low-privileged, black-box and white-box identification of vulnerabilities and configuration defects within your applications, databases, network and operating systems.\r\n\r\nWith unique capabilities to cover ERP (SAP), ICS/SCADA, Core Telecom and Banking Systems, MaxPatrol™ is an all-in-one vulnerability management solution trusted by over 1,000 enterprises to maintain security and compliance.\r\n\r\nSAP Security\r\nMaxPatrol is the only solution that:\r\nAutomates vulnerability and compliance management across all layers of your SAP infrastructure. MaxPatrol’s certified integration with SAP NetWeaver® 7.0, gives you control of SAP system parameters, services, vulnerabilities, SAProuter configurations, segregation of duties and so much more\r\nProvides an in-depth security assessment of core networks like ICS/SCADA, Core Telecom and Banking Systems and creates a practical attack model to illustrate where your business is at risk and outlines the steps you should take to protect it\r\nKEY BENEFITS:\r\nCore NetworksPoint Accuracy\r\nGet automated white-box and black-box analysis, security configuration assessments and detailed compliance checks across all your systems\r\nGo in-depth, to analyze system details, creating a baseline for security and eliminating false positives and false negatives\r\nProtect your critical infrastructure including ICS/SCADA, Core Telecom and Banking Systems\r\nAutomate your SAP security including network infrastructure, business modules and SAP Notes, and SoD analysis\r\nLeverage the knowledge of 200 security experts who perform more than 20 large-scale penetration tests, over 200 application security assessments and discover more than 150 0-day vulnerabilities each year","shortDescription":"MaxPatrol™ provides vulnerability and compliance management for all your applications, databases, network and operating systems, as well as your ERP (SAP), ICS/SCADA, Core Telecom and Banking infrastructure. MaxPatrol™ is an all-in-one vulnerability management solution trusted by over 1,000 enterprises across 30 countries.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"MaxPatrol","keywords":"your, security, Core, SCADA, infrastructure, Banking, Telecom, compliance","description":"<span style=\"color: rgb(51, 51, 51); font-family: Arial, sans-serif; font-size: 12.8px; \">MaxPatrol™ provides vulnerability and compliance management for all your applications, databases, network and operating systems, as well as your ERP (SAP), ICS/SCADA, Cor","og:title":"MaxPatrol","og:description":"<span style=\"color: rgb(51, 51, 51); font-family: Arial, sans-serif; font-size: 12.8px; \">MaxPatrol™ provides vulnerability and compliance management for all your applications, databases, network and operating systems, as well as your ERP (SAP), ICS/SCADA, Cor","og:image":"https://old.roi4cio.com/fileadmin/user_upload/MaxPatrol.jpg"},"eventUrl":"","translationId":270,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the &quot;cyclical practice of identifying, classifying, prioritizing, remediating and mitigating&quot; software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1612,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Positive_Technologies.png","logo":true,"scheme":false,"title":"PT Application Firewall","vendorVerified":0,"rating":"1.90","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":1,"alias":"pt-application-firewall","companyTitle":"Positive Technologies","companyTypes":["supplier","vendor"],"companyId":1779,"companyAlias":"positive-technologies","description":"<p>PT Application Firewall is a smart protection solution that offers a serious response to the security challenges created by web portals, ERP, and mobile applications.</p>\r\n<p>Each user group &mdash; security staff, network administrators, developers, and SOC operators &mdash; has role-based access to data and the admin interface.</p>\r\n<p><span style=\"font-weight: bold;\">Highlights:</span></p>\r\n<ul>\r\n<li>Focus on major threats. Correlation mechanisms reduce the number of alerts and highlight important incidents. Attack chain metrics simplify forensics.</li>\r\n<li>Instant Blocking. Defends against &ldquo;self-inflicted&rdquo; vulnerabilities in custom-built software with virtual patches that protect apps until insecure code is fixed.</li>\r\n<li>Protection against security bypass. Prevents most firewall bypass methods including HPC, HPP, and Verb Tampering.</li>\r\n<li>Behavioral analysis against robots. Automated malware protection prevents brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage.</li>\r\n<li>Evolving Security. Adapts to protect even the most dynamic applications that are constantly being refined and improved.</li>\r\n</ul>\r\n<p>Источник:&nbsp;https://azuremarketplace.microsoft.com/ru-ru/marketplace/apps/ptsecurity.ptaf?tab=Overview</p>","shortDescription":"PT Application Firewall detects known & unknown vulnerabilities and prevents attacks on web apps","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":8,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"PT Application Firewall","keywords":"","description":"<p>PT Application Firewall is a smart protection solution that offers a serious response to the security challenges created by web portals, ERP, and mobile applications.</p>\r\n<p>Each user group &mdash; security staff, network administrators, developers, and SO","og:title":"PT Application Firewall","og:description":"<p>PT Application Firewall is a smart protection solution that offers a serious response to the security challenges created by web portals, ERP, and mobile applications.</p>\r\n<p>Each user group &mdash; security staff, network administrators, developers, and SO","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Positive_Technologies.png"},"eventUrl":"","translationId":1613,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":19,"title":"WAF - Web Application Firewall"}],"testingArea":"","categories":[{"id":546,"title":"WAF-web application firewall appliance","alias":"waf-web-application-firewall-appliance","description":"A web application firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious. The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which - from a technical point of view - does not depend on the application itself.” According to the PCI DSS Information Supplement for requirement 6.6, a WAF is defined as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.” In other words, a WAF can be a physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats. These vulnerabilities may be because the application itself is a legacy type or it was insufficiently coded by design. The WAF addresses these code shortcomings by special configurations of rule sets, also known as policies.\r\nPreviously unknown vulnerabilities can be discovered through penetration testing or via a vulnerability scanner. A web application vulnerability scanner, also known as a web application security scanner, is defined in the SAMATE NIST 500-269 as “an automated program that examines web applications for potential security vulnerabilities. In addition to searching for web application-specific vulnerabilities, the tools also look for software coding errors.” Resolving vulnerabilities is commonly referred to as remediation. Corrections to the code can be made in the application but typically a more prompt response is necessary. In these situations, the application of a custom policy for a unique web application vulnerability to provide a temporary but immediate fix (known as a virtual patch) may be necessary.\r\nWAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems to provide a holistic defense strategy.\r\nWAFs typically follow a positive security model, a negative security model, or a combination of both as mentioned by the SANS Institute. WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection. The OWASP produces a list of the top ten web application security flaws. All commercial WAF offerings cover these ten flaws at a minimum. There are non-commercial options as well. As mentioned earlier, the well-known open source WAF engine called ModSecurity is one of these options. A WAF engine alone is insufficient to provide adequate protection, therefore OWASP along with Trustwave's Spiderlabs help organize and maintain a Core-Rule Set via GitHub to use with the ModSecurity WAF engine.","materialsDescription":"A Web Application Firewall or WAF provides security for online services from malicious Internet traffic. WAFs detect and filter out threats such as the OWASP Top 10, which could degrade, compromise or bring down online applications.\r\n<span style=\"font-weight: bold;\">What are Web Application Firewalls?</span>\r\nWeb application firewalls assist load balancing by examining HTTP traffic before it reaches the application server. They also protect against web application vulnerability and unauthorized transfer of data from the web server at a time when security breaches are on the rise. According to the Verizon Data Breach Investigations Report, web application attacks were the most prevalent breaches in 2017 and 2018.\r\nThe PCI Security Standards Council defines a web application firewall as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\n<span style=\"font-weight: bold;\">How does a Web Application Firewall wWork?</span>\r\nA web application firewall (WAF) intercepts and inspects all HTTP requests using a security model based on a set of customized policies to weed out bogus traffic. WAFs block bad traffic outright or can challenge a visitor with a CAPTCHA test that humans can pass but a malicious bot or computer program cannot.\r\nWAFs follow rules or policies customized to specific vulnerabilities. As a result, this is how WAFs prevent DDoS attacks. Creating the rules on a traditional WAF can be complex and require expert administration. The Open Web Application Security Project maintains a list of the OWASP top web application security flaws for WAF policies to address.\r\nWAFs come in the form of hardware appliances, server-side software, or filter traffic as-a-service. WAFs can be considered as reverse proxies i.e. the opposite of a proxy server. Proxy servers protect devices from malicious applications, while WAFs protect web applications from malicious endpoints.\r\n<span style=\"font-weight: bold;\">What Are Some Web Application Firewall Benefits?</span>\r\nA web application firewall (WAF) prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<span style=\"font-weight: bold;\">What Is the Difference Between a Firewall and a Web Application Firewall?</span>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).\r\n<span style=\"font-weight: bold;\">When Should You Use a Web Application Firewall?</span>\r\nAny business that uses a website to generate revenue should use a web application firewall to protect business data and services. Organizations that use online vendors should especially deploy web application firewalls because the security of outside groups cannot be controlled or trusted.\r\n<span style=\"font-weight: bold;\">How Do You Use a Web Application Firewall?</span>\r\nA web application firewall requires correct positioning, configuration, administration and monitoring. Web application firewall installation must include the following four steps: secure, monitor, test and improve. This should be a continuous process to ensure application specific protection.<br />The configuration of the firewall should be determined by the business rules and guardrails by the company’s security policy. This approach will allow the rules and filters in the web application firewall to define themselves.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall_appliance.png"},{"id":481,"title":"WAF-web application firewall","alias":"waf-web-application-firewall","description":"A <span style=\"font-weight: bold; \">WAF (Web Application Firewall)</span> helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.\r\nIn recent years, web application security has become increasingly important, especially after web application attacks ranked as the most common reason for breaches, as reported in the Verizon Data Breach Investigations Report. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is inline with traffic, some functions are conveniently implemented by a load balancer.\r\nAccording to the PCI Security Standards Council, WAFs function as “a security policy enforcement point positioned between a web application and the client endpoint. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”\r\nBy deploying a WAF firewall in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a web firewall is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.\r\nA WAF operates through a set of rules often called <span style=\"font-weight: bold; \">policies.</span> These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF management comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.\r\nWAF solutions can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud WAF service, option or do you want your WAF to sit on-premises?\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">A WAF products can be implemented one of three different ways:</span></p>\r\n<ul><li><span style=\"font-weight: bold; \">A network-based WAF</span> is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.</li><li><span style=\"font-weight: bold; \">A host-based WAF</span> may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.</li><li><span style=\"font-weight: bold; \">Cloud-based WAFs</span> offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them. </li></ul>\r\n<p class=\"align-left\">&nbsp;</p>\r\n\r\n","materialsDescription":"<p class=\"align-center\"><span style=\"color: rgb(97, 97, 97); \"><span style=\"font-weight: bold; \">What types of attack WAF prevents?</span></span></p>\r\n<p class=\"align-left\"><span style=\"color: rgb(97, 97, 97); \">WAFs can prevent many attacks, including:</span></p>\r\n<ul><li><span style=\"color: rgb(97, 97, 97); \">Cross-site Scripting (XSS) — Attackers inject client-side scripts into web pages viewed by other users.</span></li><li><span style=\"color: rgb(97, 97, 97); \">SQL injection — Malicious code is inserted or injected into an web entry field that allows attackers to compromise the application and underlying systems.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Cookie poisoning — Modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Unvalidated input — Attackers tamper with HTTP request (including the url, headers and form fields) to bypass the site’s security mechanisms.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Layer 7 DoS — An HTTP flood attack that utilizes valid requests in typical URL data retrievals.</span></li><li><span style=\"color: rgb(97, 97, 97); \">Web scraping — Data scraping used for extracting data from websites.</span><span style=\"font-weight: bold; \"></span></li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What are some WAFs Benefits?</span></p>\r\nWeb app firewall prevents attacks that try to take advantage of the vulnerabilities in web-based applications. The vulnerabilities are common in legacy applications or applications with poor coding or designs. WAFs handle the code deficiencies with custom rules or policies.\r\nIntelligent WAFs provide real-time insights into application traffic, performance, security and threat landscape. This visibility gives administrators the flexibility to respond to the most sophisticated attacks on protected applications.\r\nWhen the Open Web Application Security Project identifies the OWASP top vulnerabilities, WAFs allow administrators to create custom security rules to combat the list of potential attack methods. An intelligent WAF analyzes the security rules matching a particular transaction and provides a real-time view as attack patterns evolve. Based on this intelligence, the WAF can reduce false positives.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">What is the difference between a firewall and a Web Application Firewall?</span></p>\r\nA traditional firewall protects the flow of information between servers while a web application firewall is able to filter traffic for a specific web application. Network firewalls and web application firewalls are complementary and can work together.\r\nTraditional security methods include network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS). They are effective at blocking bad L3-L4 traffic at the perimeter on the lower end (L3-L4) of the Open Systems Interconnection (OSI) model. Traditional firewalls cannot detect attacks in web applications because they do not understand Hypertext Transfer Protocol (HTTP) which occurs at layer 7 of the OSI model. They also only allow the port that sends and receives requested web pages from an HTTP server to be open or closed. This is why web application firewalls are effective for preventing attacks like SQL injections, session hijacking and Cross-Site Scripting (XSS).","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_WAF_web_application_firewall.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4097,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/microsoft.png","logo":true,"scheme":false,"title":"Microsoft Bot Framework","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-bot-framework","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"Azure Bot Service enables you to build intelligent, enterprise-grade bots with ownership and control of your data. Begin with a simple Q&amp;A bot or build a sophisticated virtual assistant.\r\nUse comprehensive open-source SDK and tools to easily connect your bot to popular channels and devices. Give your bot the ability to speak, listen, and understand your users with native integration to Azure Cognitive Services.\r\n<span style=\"font-weight: bold;\">AI and natural language</span>\r\nCreate a bot with the ability to speak, listen, understand, and learn from your users with Azure Cognitive Services.\r\n<span style=\"font-weight: bold;\">Open &amp; Extensible</span>\r\nBenefit from open-source SDK and tools to build, test, and connect bots that interact naturally with users, wherever they are.\r\n<span style=\"font-weight: bold;\">Enterprise-grade solutions</span>\r\nBuild secure, global, scalable solutions that integrate with your existing IT ecosystem.\r\n<span style=\"font-weight: bold;\">Ownership and control</span>\r\nCreate an AI experience that can extend your brand and keep you in control of your own data.","shortDescription":"Microsoft Bot Framework is a comprehensive framework for building enterprise-grade conversational AI experiences.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":16,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft Bot Framework","keywords":"","description":"Azure Bot Service enables you to build intelligent, enterprise-grade bots with ownership and control of your data. Begin with a simple Q&amp;A bot or build a sophisticated virtual assistant.\r\nUse comprehensive open-source SDK and tools to easily connect your b","og:title":"Microsoft Bot Framework","og:description":"Azure Bot Service enables you to build intelligent, enterprise-grade bots with ownership and control of your data. Begin with a simple Q&amp;A bot or build a sophisticated virtual assistant.\r\nUse comprehensive open-source SDK and tools to easily connect your b","og:image":"https://old.roi4cio.com/fileadmin/user_upload/microsoft.png"},"eventUrl":"","translationId":4098,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":103,"title":"Chatbot Development"}],"testingArea":"","categories":[{"id":842,"title":"Chatbot Development","alias":"chatbot-development","description":"A chatbot is a piece of software that conducts a conversation via auditory or textual methods. Such programs are often designed to convincingly simulate how a human would behave as a conversational partner, although as of 2019, they are far short of being able to pass the Turing test. Chatbots are typically used in dialog systems for various practical purposes including customer service or information acquisition. Some chatbots use sophisticated natural language processing systems, but many simpler ones scan for keywords within the input, then pull a reply with the most matching keywords, or the most similar wording pattern, from a database.\r\nThe term &quot;ChatterBot&quot; was originally coined by Michael Mauldin (creator of the first Verbot, Julia) in 1994 to describe these conversational programs. Today, most chatbots are accessed via virtual assistants such as Google Assistant and Amazon Alexa, via messaging apps such as Facebook Messenger or WeChat, or via individual organizations' apps and websites. Chatbots can be classified into usage categories such as conversational commerce (e-commerce via chat), analytics, communication, customer support, design, developer tools, education, entertainment, finance, food, games, health, HR, marketing, news, personal, productivity, shopping, social, sports, travel and utilities.\r\nBeyond chatbots, Conversational AI refers to the use of messaging apps, speech-based assistants and chatbots to automate communication and create personalized customer experiences at scale.\r\nThe process of building, testing and deploying chatbots can be done on cloud-based chatbot development platforms offered by cloud Platform as a Service (PaaS) providers such as Oracle Cloud Platform SnatchBot and IBM Watson. These cloud platforms provide Natural Language Processing, Artificial Intelligence and Mobile Backend as a Service for chatbot development.\r\nSome Companies like Microsoft Azure and AARC are currently providing their Bot Engines through which chatbot Platforms or Software can be developed.","materialsDescription":"New tools designed to simplify the interaction between humans and computers have hit the market: Chatbots or Virtual Assistants. In banking, chatbots and virtual assistants are some of the industry’s newest tools designed to simplify the interaction between humans and computers.\r\n<span style=\"font-weight: bold;\">What is a chatbot?</span>\r\nA chatbot is artificial intelligence (AI) software that can simulate a conversation (or a chat) with a user in natural language through messaging applications, websites, mobile apps or through the telephone.\r\n<span style=\"font-weight: bold;\">Why are chatbots important?</span>\r\nA chatbot is often described as one of the most advanced and promising expressions of interaction between humans and machines. However, from a technological point of view, a chatbot only represents the natural evolution of a Question-Answering system leveraging Natural Language Processing (NLP). Formulating responses to questions in natural language is one of the most typical examples of Natural Language Processing applied in various enterprises’ end-use applications.\r\n<span style=\"font-weight: bold;\">How does a chatbot work?</span>\r\nThere are two different tasks at the core of a chatbot:\r\n<ol><li>user request analysis</li><li>returning the response</li></ol>\r\nUser request analysis: this is the first task that a chatbot performs. It analyzes the user’s request to identify the user intent and to extract relevant entities.\r\nThe ability to identify the user’s intent and extract data and relevant entities contained in the user’s request is the first condition and the most relevant step at the core of a chatbot: If you are not able to correctly understand the user’s request, you won’t be able to provide the correct answer.\r\nReturning the response: once the user’s intent has been identified, the chatbot must provide the most appropriate response for the user’s request. The answer may be:\r\n<ul><li>a generic and predefined text;</li><li>a text retrieved from a knowledge base that contains different answers;</li><li>a contextualized piece of information based on data the user has provided;</li><li>data stored in enterprise systems;</li><li>the result of an action that the chatbot performed by interacting with one or more backend application;</li><li>a disambiguating question that helps the chatbot to correctly understand the user’s request.</li></ul>\r\n<span style=\"font-weight: bold;\">In what is the benefit of chatbots?</span>\r\nChatbot applications streamline interactions between people and services, enhancing the customer experience. At the same time, they offer companies new opportunities to improve the customer's engagement process and operational efficiency by reducing the typical cost of customer service.\r\nTo be successful, a chatbot solution should be able to effectively perform both of these tasks. Human support plays a key role here: Regardless of the kind of approach and the platform, human intervention is crucial in configuring, training and optimizing the chatbot system.\r\n<span style=\"font-weight: bold;\">Which chatbot application is right for you?</span>\r\nThere are different approaches and tools that you can use to develop a chatbot. Depending on the use case you want to address, some chatbot technologies are more appropriate than others. In order to achieve the desired results, the combination of different AI forms such as natural language processing, machine learning, and semantic understanding may be the best option.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Chatbot_Development.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1541,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Oracle_CS.jpg","logo":true,"scheme":false,"title":"Oracle Cloud Storage","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":150,"alias":"oracle-cloud-storage","companyTitle":"Oracle","companyTypes":["supplier","vendor"],"companyId":164,"companyAlias":"oracle","description":"<p><span style=\"color: #74767b; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-size: 18px; background-color: #ffffff;\">Oracle Cloud Infrastructure provides data storage options for a wide spectrum of applications from small websites to the most demanding enterprise applications.</span></p>\r\n<h5 class=\"P1 grey2\" style=\"box-sizing: border-box; margin: 0.2rem 0px 0.5rem; padding: 0px; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-weight: 300; color: #74767b; text-rendering: optimizeLegibility; line-height: 1.5rem; font-size: 1rem; background-color: #ffffff;\">When the ultimate in performance is required, local NVMe SSD&rsquo;s provide extreme storage performance for VM&rsquo;s and bare metal compute instances. Examples include relational databases, data warehousing, big data, analytics, AI and HPC applications.</h5>\r\n<h5 class=\"P1 grey2\" style=\"box-sizing: border-box; margin: 0.2rem 0px 0.5rem; padding: 0px; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-weight: 300; color: #74767b; text-rendering: optimizeLegibility; line-height: 1.5rem; font-size: 1rem; background-color: #ffffff;\">High performance, persistent storage for a wide range of application workloads. Block volumes can scale to 512 TB per compute instance. Typical workloads include NoSQL databases, Hadoop/HDFS applications, IoT and eCommerce applications.</h5>\r\n<h5 class=\"P1 grey2\" style=\"box-sizing: border-box; margin: 0.2rem 0px 0.5rem; padding: 0px; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-weight: 300; color: #74767b; text-rendering: optimizeLegibility; line-height: 1.5rem; font-size: 1rem; background-color: #ffffff;\">Easy to implement file-system that can be shared across many applications from all operating systems. Start small and scale as data grows. Perfect for migration of on-premises applications, media management, content management, and web applications.&nbsp;</h5>","shortDescription":"Oracle Cloud Storage - is a storage service from Oracle. Fast and reliable storage options for all enterprise workloads","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Oracle Cloud Storage","keywords":"","description":"<p><span style=\"color: #74767b; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-size: 18px; background-color: #ffffff;\">Oracle Cloud Infrastructure provides data storage options for a wide spectrum of applications from small websites","og:title":"Oracle Cloud Storage","og:description":"<p><span style=\"color: #74767b; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-size: 18px; background-color: #ffffff;\">Oracle Cloud Infrastructure provides data storage options for a wide spectrum of applications from small websites","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Oracle_CS.jpg"},"eventUrl":"","translationId":1542,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":24,"title":"IaaS - storage"}],"testingArea":"","categories":[{"id":789,"title":"IaaS - storage","alias":"iaas-storage","description":"IaaS is an abbreviation that stands for Infrastructure as a Service (“infrastructure as a service”). This model provides for a cloud provider to provide the client with the necessary amount of computing resources - virtual servers, remote workstations, data warehouses, with or without the provision of software - and software deployment within the infrastructure remains the client's prerogative. In essence, IaaS is an alternative to renting physical servers, racks in the data center, operating systems; instead, the necessary resources are purchased with the ability to quickly scale them if necessary. In many cases, this model may be more profitable than the traditional purchase and installation of equipment, here are just a few examples:\r\n<ul><li>if the need for computing resources is not constant and can vary greatly depending on the period, and there is no desire to overpay for unused capacity;</li><li>when a company is just starting its way on the market and does not have working capital in order to buy all the necessary infrastructure - a frequent option among startups;</li><li>there is a rapid growth in business, and the network infrastructure must keep pace with it;</li><li>if you need to reduce the cost of purchasing and maintaining equipment;</li><li>when a new direction is launched, and it is necessary to test it without investing significant funds in resources.</li></ul>\r\nIaaS can be organized on the basis of a public or private cloud, as well as by combining two approaches - the so-called. “Hybrid cloud”, created using the appropriate software.","materialsDescription":" IaaS or Infrastructure as a service translated into Russian as “Infrastructure as a service”.\r\n&quot;Infrastructure&quot; in the case of IaaS, it can be virtual servers and networks, data warehouses, operating systems.\r\n“As a service” means that the cloud infrastructure components listed above are provided to you as a connected service.\r\nIaaS is a cloud infrastructure utilization model in which the computing power is provided to the client for independent management.\r\n<span style=\"font-weight: bold;\">What is the difference from PaaS and SaaS?</span>\r\nFrequently asked questions, what distinguishes IaaS, PaaS, SaaS from each other? What is the difference? Answering all questions, you decide to leave in the area of ​​responsibility of its IT specialists. It requires only time and financial costs for your business.\r\n<span style=\"font-weight: bold;\">Who is responsible for what?</span>\r\nIn the case of using IaaS models, a company can independently use resources: install and run software, exercise control over systems, applications, and virtual storage systems.\r\nFor example, networks, servers, servers and servers. The IaaS service provider manages its own software and operating system, middleware and applications, is responsible for the infrastructure during the purchase, installation and configuration.\r\n<span style=\"font-weight: bold;\">Why do companies choose IaaS?</span>\r\nScaling capabilities. All users have access to resources, and you must use all the resources you need.\r\nCost savings. As a rule, the use of cloud services costs the company less than buying its own infrastructure.\r\nMobility. Ability to work with conventional applications.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IaaS_storage.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1543,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Oracle.png","logo":true,"scheme":false,"title":"Fast and Scalable Compute Resources","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":150,"alias":"fast-and-scalable-compute-resources","companyTitle":"Oracle","companyTypes":["supplier","vendor"],"companyId":164,"companyAlias":"oracle","description":"<span style=\"color: #74767b; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-size: 18px; background-color: #ffffff;\">Oracle Cloud Infrastructure compute instances are the building blocks for applications from small websites to the largest enterprise applications. The main shapes each have use cases for which they are especially suitable:</span>\r\n<h5 class=\"P1 grey2\" style=\"box-sizing: border-box; margin: 0.2rem 0px 0.5rem; padding: 0px; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-weight: 300; color: #74767b; text-rendering: optimizeLegibility; line-height: 1.5rem; font-size: 1rem; background-color: #ffffff;\">Virtual machine (VM) instances offer compute resources in many shapes, from a single OCPU to 24 OCPUs, catering to a variety of workloads and software architectures. All Oracle Cloud Infrastructure VM shapes support remote block storage, but the Dense I/O shapes also offer up to 25.6 TB of local NVMe SSD storage for applications requiring low latency, millions of IOPS, and high local storage capacity.</h5>\r\n<h5 class=\"P1 grey2\" style=\"box-sizing: border-box; margin: 0.2rem 0px 0.5rem; padding: 0px; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-weight: 300; color: #74767b; text-rendering: optimizeLegibility; line-height: 1.5rem; font-size: 1rem; background-color: #ffffff;\">Bare metal instances support applications requiring intensive compute and large memory resources. You can build cloud environments with performance equal or better than other clouds or on-premises infrastructure. Bare metal provides customers with exceptional isolation, visibility, and control.</h5>\r\n<h5 class=\"P1 grey2\" style=\"box-sizing: border-box; margin: 0.2rem 0px 0.5rem; padding: 0px; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-weight: 300; color: #74767b; text-rendering: optimizeLegibility; line-height: 1.5rem; font-size: 1rem; background-color: #ffffff;\">Accelerated computing requires consistently fast infrastructure across every service. With GPU instances you can process and analyze massive data sets more efficiently, making them ideal for complex machine learning (ML), artificial intelligence (AI) algorithms, and many industrial HPC applications.</h5>","shortDescription":"Fast and Scalable Compute Resources - is a convenient computing service from Oracle","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":17,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Fast and Scalable Compute Resources","keywords":"","description":"<span style=\"color: #74767b; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-size: 18px; background-color: #ffffff;\">Oracle Cloud Infrastructure compute instances are the building blocks for applications from small websites to the la","og:title":"Fast and Scalable Compute Resources","og:description":"<span style=\"color: #74767b; font-family: 'Helvetica Neue', 'Segoe UI', Arial, sans-serif-regular; font-size: 18px; background-color: #ffffff;\">Oracle Cloud Infrastructure compute instances are the building blocks for applications from small websites to the la","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Oracle.png"},"eventUrl":"","translationId":1545,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":26,"title":"IaaS - computing"}],"testingArea":"","categories":[],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4105,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/microsoft.png","logo":true,"scheme":false,"title":"Luis.ai","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":272,"alias":"luisai","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"<p>Language Understanding (LUIS) is a machine learning-based service to build natural language into apps, bots, and IoT devices. Quickly create enterprise-ready, custom models that continuously improve.</p>\r\n<p><span style=\"text-decoration: underline;\"><span style=\"font-weight: bold;\">Benefits:</span></span></p>\r\n<p><span style=\"font-weight: bold;\">Add natural language to your apps</span></p>\r\n<p>Designed to identify valuable information in conversations, LUIS interprets user goals (intents) and distills valuable information from sentences (entities), for a high quality, nuanced language model. LUIS integrates seamlessly with the Azure Bot Service, making it easy to create a sophisticated bot.</p>\r\n<p><span style=\"font-weight: bold;\">Quickly build a custom language solution</span></p>\r\n<p>Powerful developer tools are combined with customizable pre-built apps and entity dictionaries, such as Calendar, Music, and Devices, so you can build and deploy a solution more quickly. Dictionaries are mined from the collective knowledge of the web and supply billions of entries, helping your model to correctly identify valuable information from user conversations.</p>\r\n<p><span style=\"font-weight: bold;\">Always learning and improving</span></p>\r\n<p>Active learning is used to continuously improve the quality of natural language models. Once the model starts processing input, LUIS begins active learning, allowing you to constantly update and improve the model.</p>\r\n<p><span style=\"font-weight: bold;\">Enterprise-ready, available worldwide</span></p>\r\n<p>The service is ready to be deployed in commercial applications and can scale with enterprise quality and performance. The service meets international compliance standards, supports 13 languages and available worldwide, making it highly accessible around the world.</p>","shortDescription":"A machine learning-based service to build natural language into apps, bots, and IoT devices. Quickly create enterprise-ready, custom models that continuously improve.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Luis.ai","keywords":"","description":"<p>Language Understanding (LUIS) is a machine learning-based service to build natural language into apps, bots, and IoT devices. Quickly create enterprise-ready, custom models that continuously improve.</p>\r\n<p><span style=\"text-decoration: underline;\"><span s","og:title":"Luis.ai","og:description":"<p>Language Understanding (LUIS) is a machine learning-based service to build natural language into apps, bots, and IoT devices. Quickly create enterprise-ready, custom models that continuously improve.</p>\r\n<p><span style=\"text-decoration: underline;\"><span s","og:image":"https://old.roi4cio.com/fileadmin/user_upload/microsoft.png"},"eventUrl":"","translationId":4106,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":103,"title":"Chatbot Development"}],"testingArea":"","categories":[{"id":842,"title":"Chatbot Development","alias":"chatbot-development","description":"A chatbot is a piece of software that conducts a conversation via auditory or textual methods. Such programs are often designed to convincingly simulate how a human would behave as a conversational partner, although as of 2019, they are far short of being able to pass the Turing test. Chatbots are typically used in dialog systems for various practical purposes including customer service or information acquisition. Some chatbots use sophisticated natural language processing systems, but many simpler ones scan for keywords within the input, then pull a reply with the most matching keywords, or the most similar wording pattern, from a database.\r\nThe term &quot;ChatterBot&quot; was originally coined by Michael Mauldin (creator of the first Verbot, Julia) in 1994 to describe these conversational programs. Today, most chatbots are accessed via virtual assistants such as Google Assistant and Amazon Alexa, via messaging apps such as Facebook Messenger or WeChat, or via individual organizations' apps and websites. Chatbots can be classified into usage categories such as conversational commerce (e-commerce via chat), analytics, communication, customer support, design, developer tools, education, entertainment, finance, food, games, health, HR, marketing, news, personal, productivity, shopping, social, sports, travel and utilities.\r\nBeyond chatbots, Conversational AI refers to the use of messaging apps, speech-based assistants and chatbots to automate communication and create personalized customer experiences at scale.\r\nThe process of building, testing and deploying chatbots can be done on cloud-based chatbot development platforms offered by cloud Platform as a Service (PaaS) providers such as Oracle Cloud Platform SnatchBot and IBM Watson. These cloud platforms provide Natural Language Processing, Artificial Intelligence and Mobile Backend as a Service for chatbot development.\r\nSome Companies like Microsoft Azure and AARC are currently providing their Bot Engines through which chatbot Platforms or Software can be developed.","materialsDescription":"New tools designed to simplify the interaction between humans and computers have hit the market: Chatbots or Virtual Assistants. In banking, chatbots and virtual assistants are some of the industry’s newest tools designed to simplify the interaction between humans and computers.\r\n<span style=\"font-weight: bold;\">What is a chatbot?</span>\r\nA chatbot is artificial intelligence (AI) software that can simulate a conversation (or a chat) with a user in natural language through messaging applications, websites, mobile apps or through the telephone.\r\n<span style=\"font-weight: bold;\">Why are chatbots important?</span>\r\nA chatbot is often described as one of the most advanced and promising expressions of interaction between humans and machines. However, from a technological point of view, a chatbot only represents the natural evolution of a Question-Answering system leveraging Natural Language Processing (NLP). Formulating responses to questions in natural language is one of the most typical examples of Natural Language Processing applied in various enterprises’ end-use applications.\r\n<span style=\"font-weight: bold;\">How does a chatbot work?</span>\r\nThere are two different tasks at the core of a chatbot:\r\n<ol><li>user request analysis</li><li>returning the response</li></ol>\r\nUser request analysis: this is the first task that a chatbot performs. It analyzes the user’s request to identify the user intent and to extract relevant entities.\r\nThe ability to identify the user’s intent and extract data and relevant entities contained in the user’s request is the first condition and the most relevant step at the core of a chatbot: If you are not able to correctly understand the user’s request, you won’t be able to provide the correct answer.\r\nReturning the response: once the user’s intent has been identified, the chatbot must provide the most appropriate response for the user’s request. The answer may be:\r\n<ul><li>a generic and predefined text;</li><li>a text retrieved from a knowledge base that contains different answers;</li><li>a contextualized piece of information based on data the user has provided;</li><li>data stored in enterprise systems;</li><li>the result of an action that the chatbot performed by interacting with one or more backend application;</li><li>a disambiguating question that helps the chatbot to correctly understand the user’s request.</li></ul>\r\n<span style=\"font-weight: bold;\">In what is the benefit of chatbots?</span>\r\nChatbot applications streamline interactions between people and services, enhancing the customer experience. At the same time, they offer companies new opportunities to improve the customer's engagement process and operational efficiency by reducing the typical cost of customer service.\r\nTo be successful, a chatbot solution should be able to effectively perform both of these tasks. Human support plays a key role here: Regardless of the kind of approach and the platform, human intervention is crucial in configuring, training and optimizing the chatbot system.\r\n<span style=\"font-weight: bold;\">Which chatbot application is right for you?</span>\r\nThere are different approaches and tools that you can use to develop a chatbot. Depending on the use case you want to address, some chatbot technologies are more appropriate than others. In order to achieve the desired results, the combination of different AI forms such as natural language processing, machine learning, and semantic understanding may be the best option.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Chatbot_Development.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":778,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Surface_Laptop.jpg","logo":true,"scheme":false,"title":"Microsoft Surface Laptop","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-surface-laptop","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"Surface Laptop provides the perfect blend of texture, subtle details, and clean, elegant lines — plus the luxurious touch of our Signature Alcantara® material-covered keyboard.\r\nThe perfect balance of portability and performance.\r\nYou don’t have to choose between power and traveling light. At just 2.76 pounds, Surface Laptop gives you an ideal balance of both, plus all-day battery life.\r\nA stunning screen that responds to your touch.\r\nExperience faster, more natural navigation on the vibrant 13.5” PixelSense™ Display with immersive touchscreen. Enjoy more space for your ideas with an edge-to-edge display and ultra-thin bezel.\r\n\r\n","shortDescription":"Microsoft Surface Laptop is designed for Windows 10 S — streamlined for security and superior performance.2 Applications are delivered via the Windows Store, ensuring that they’re Microsoft verified.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":13,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft Surface Laptop","keywords":"Laptop, Surface, touch, your, plus, perfect, balance, with","description":"Surface Laptop provides the perfect blend of texture, subtle details, and clean, elegant lines — plus the luxurious touch of our Signature Alcantara® material-covered keyboard.\r\nThe perfect balance of portability and performance.\r\nYou don’t have to choose betw","og:title":"Microsoft Surface Laptop","og:description":"Surface Laptop provides the perfect blend of texture, subtle details, and clean, elegant lines — plus the luxurious touch of our Signature Alcantara® material-covered keyboard.\r\nThe perfect balance of portability and performance.\r\nYou don’t have to choose betw","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Surface_Laptop.jpg"},"eventUrl":"","translationId":779,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1034,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Coco_Framework.png","logo":true,"scheme":false,"title":"Microsoft Coco Framework","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-coco-framework","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"Coco achieves this by designing specifically for confidential consortiums, where nodes and actors are explicitly declared and controlled. Based on these requirements, Coco presents an alternative approach to ledger construction, giving enterprises the scalability, distributed governance and enhanced confidentiality they need without sacrificing the inherent security and immutability they expect.\r\nLeveraging the power of existing blockchain protocols, trusted execution environments (TEEs) such as Intel SGX and Windows Virtual Secure Mode (VSM), distributed systems and cryptography, Coco enables enterprise-ready blockchain networks that deliver:\r\n\r\n<ul><li>Throughput and latency approaching database speeds.</li><li>Richer, more flexible, business-specific confidentiality models.</li><li>Network policy management through distributed governance.</li><li>Support for non-deterministic transactions.</li></ul>\r\nBy providing these capabilities, Coco offers a trusted foundation with which existing blockchain protocols can be integrated to deliver complete, enterprise-ready ledger solutions, opening up broad, high scale scenarios across industries, and furthering blockchain's ability to digital transform business.\r\nWe have already begun exploring Coco’s potential across a variety of industries, including retail, supply chain and financial services.\r\nWhether a customer is designing an end-to-end trade finance solution, using blockchain to ensure security at the edge or leveraging Enterprise Smart Contracts to drive back office efficiencies, Coco enables them to meet their enterprise requirements. Microsoft is the only cloud provider that delivers consistency across on-premises and the public cloud at hyperscale while providing access to the rich Azure ecosystem for the wide range of applications that will be built on top of blockchain as a shared data layer.\r\nAn open approach\r\nBy design, Coco is open and compatible with any blockchain protocol. Microsoft has already begun integrating Ethereum into Coco and we’re thrilled to announce that J.P. Morgan Chase, Intel and R3 have committed to integrating enterprise ledgers, Quorum, Hyperledger Sawtooth and Corda, respectively. This is just the beginning, and we look forward to exploring integration opportunities with other ledgers in the near future.\r\n","shortDescription":"Microsoft Coco Framework is an open-source system that enables high-scale, confidential blockchain networks that meet all key enterprise requirements—providing a means to accelerate production enterprise adoption of blockchain technology.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft Coco Framework","keywords":"Coco, blockchain, that, with, distributed, Microsoft, across, existing","description":"Coco achieves this by designing specifically for confidential consortiums, where nodes and actors are explicitly declared and controlled. Based on these requirements, Coco presents an alternative approach to ledger construction, giving enterprises the scalabil","og:title":"Microsoft Coco Framework","og:description":"Coco achieves this by designing specifically for confidential consortiums, where nodes and actors are explicitly declared and controlled. Based on these requirements, Coco presents an alternative approach to ledger construction, giving enterprises the scalabil","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Coco_Framework.png"},"eventUrl":"","translationId":1035,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":5,"title":"Security Software","alias":"security-software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement&nbsp; security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1546,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/data-warehouse.jpg","logo":true,"scheme":false,"title":"Azure Data Warehouse","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":272,"alias":"azure-data-warehouse","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"<p>Create a single center for all your data, be it structured, unstructured or streaming data.&nbsp;Provide work of such transformational decisions, as functions of business analytics, reports, the expanded analytics and analytics in real time.&nbsp;To easily get started, take advantage of the performance, flexibility, and security of Azure's fully managed services, such as SQL Azure and Azure Databricks.</p>\r\n<h2>Get rid of worries</h2>\r\n<h2><br /><span style=\"font-weight: normal;\">Built-in advanced security features include transparent data encryption, auditing, threat detection, integration with Azure Active Directory and virtual network endpoints.&nbsp;Azure services correspond to&nbsp;more than 50 industry and geographic&nbsp;certifications and are available worldwide in&nbsp;42 regions&nbsp;to store your data wherever your users are located.&nbsp;Finally, Microsoft offers financially secured service level agreements to spare you any hassle.</span></h2>","shortDescription":"Azure Data Warehouse - is a modern data storage from Microsoft","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":19,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Azure Data Warehouse","keywords":"","description":"<p>Create a single center for all your data, be it structured, unstructured or streaming data.&nbsp;Provide work of such transformational decisions, as functions of business analytics, reports, the expanded analytics and analytics in real time.&nbsp;To easily ","og:title":"Azure Data Warehouse","og:description":"<p>Create a single center for all your data, be it structured, unstructured or streaming data.&nbsp;Provide work of such transformational decisions, as functions of business analytics, reports, the expanded analytics and analytics in real time.&nbsp;To easily ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/data-warehouse.jpg"},"eventUrl":"","translationId":1549,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":24,"title":"IaaS - storage"}],"testingArea":"","categories":[{"id":789,"title":"IaaS - storage","alias":"iaas-storage","description":"IaaS is an abbreviation that stands for Infrastructure as a Service (“infrastructure as a service”). This model provides for a cloud provider to provide the client with the necessary amount of computing resources - virtual servers, remote workstations, data warehouses, with or without the provision of software - and software deployment within the infrastructure remains the client's prerogative. In essence, IaaS is an alternative to renting physical servers, racks in the data center, operating systems; instead, the necessary resources are purchased with the ability to quickly scale them if necessary. In many cases, this model may be more profitable than the traditional purchase and installation of equipment, here are just a few examples:\r\n<ul><li>if the need for computing resources is not constant and can vary greatly depending on the period, and there is no desire to overpay for unused capacity;</li><li>when a company is just starting its way on the market and does not have working capital in order to buy all the necessary infrastructure - a frequent option among startups;</li><li>there is a rapid growth in business, and the network infrastructure must keep pace with it;</li><li>if you need to reduce the cost of purchasing and maintaining equipment;</li><li>when a new direction is launched, and it is necessary to test it without investing significant funds in resources.</li></ul>\r\nIaaS can be organized on the basis of a public or private cloud, as well as by combining two approaches - the so-called. “Hybrid cloud”, created using the appropriate software.","materialsDescription":" IaaS or Infrastructure as a service translated into Russian as “Infrastructure as a service”.\r\n&quot;Infrastructure&quot; in the case of IaaS, it can be virtual servers and networks, data warehouses, operating systems.\r\n“As a service” means that the cloud infrastructure components listed above are provided to you as a connected service.\r\nIaaS is a cloud infrastructure utilization model in which the computing power is provided to the client for independent management.\r\n<span style=\"font-weight: bold;\">What is the difference from PaaS and SaaS?</span>\r\nFrequently asked questions, what distinguishes IaaS, PaaS, SaaS from each other? What is the difference? Answering all questions, you decide to leave in the area of ​​responsibility of its IT specialists. It requires only time and financial costs for your business.\r\n<span style=\"font-weight: bold;\">Who is responsible for what?</span>\r\nIn the case of using IaaS models, a company can independently use resources: install and run software, exercise control over systems, applications, and virtual storage systems.\r\nFor example, networks, servers, servers and servers. The IaaS service provider manages its own software and operating system, middleware and applications, is responsible for the infrastructure during the purchase, installation and configuration.\r\n<span style=\"font-weight: bold;\">Why do companies choose IaaS?</span>\r\nScaling capabilities. All users have access to resources, and you must use all the resources you need.\r\nCost savings. As a rule, the use of cloud services costs the company less than buying its own infrastructure.\r\nMobility. Ability to work with conventional applications.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IaaS_storage.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1550,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Azure-Virtual-machines.png","logo":true,"scheme":false,"title":"Azure Virtual Machines","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":272,"alias":"azure-virtual-machines","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"<p>Supporting Linux, Windows Server, SQL Server, Oracle, IBM, SAP and other platforms, Azure virtual machines provide the flexibility of virtualization for a wide range of computing solutions.&nbsp;All current-generation virtual machines include load balancing and autoscaling.&nbsp; <span style=\"color: #505050; font-family: 'Segoe UI', SegoeUI, 'Segoe WP', Tahoma, Arial, sans-serif; font-size: 15px; background-color: #ffffff;\"><br /></span>Azure Virtual Machines - is a proposal that includes various solutions, from an inexpensive B series to virtual machines with the latest GPU optimized for machine learning.&nbsp;It is designed to perform any workloads within any budget.</p>","shortDescription":"Azure Virtual Machines - is a computing service from Microsoft","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Azure Virtual Machines","keywords":"","description":"<p>Supporting Linux, Windows Server, SQL Server, Oracle, IBM, SAP and other platforms, Azure virtual machines provide the flexibility of virtualization for a wide range of computing solutions.&nbsp;All current-generation virtual machines include load balancing","og:title":"Azure Virtual Machines","og:description":"<p>Supporting Linux, Windows Server, SQL Server, Oracle, IBM, SAP and other platforms, Azure virtual machines provide the flexibility of virtualization for a wide range of computing solutions.&nbsp;All current-generation virtual machines include load balancing","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Azure-Virtual-machines.png"},"eventUrl":"","translationId":1551,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":26,"title":"IaaS - computing"}],"testingArea":"","categories":[{"id":786,"title":"IaaS - computing","alias":"iaas-computing","description":"Cloud computing is the on demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. The term is generally used to describe data centers available to many users over the Internet. Large clouds, predominant today, often have functions distributed over multiple locations from central servers. If the connection to the user is relatively close, it may be designated an edge server.\r\nInfrastructure as a service (IaaS) are online services that provide high-level APIs used to dereference various low-level details of underlying network infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc. A hypervisor, such as Xen, Oracle VirtualBox, Oracle VM, KVM, VMware ESX/ESXi, or Hyper-V, LXD, runs the virtual machines as guests. Pools of hypervisors within the cloud operational system can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements.\r\nTypically IaaS involve the use of a cloud orchestration technology like Open Stack, Apache Cloudstack or Open Nebula. This manages the creation of a virtual machine and decides on which hypervisor (i.e. physical host) to start it, enables VM migration features between hosts, allocates storage volumes and attaches them to VMs, usage information for billing and lots more.\r\nAn alternative to hypervisors are Linux containers, which run in isolated partitions of a single Linux kernel running directly on the physical hardware. Linux cgroups and namespaces are the underlying Linux kernel technologies used to isolate, secure and manage the containers. Containerisation offers higher performance than virtualization, because there is no hypervisor overhead. Also, container capacity auto-scales dynamically with computing load, which eliminates the problem of over-provisioning and enables usage-based billing.\r\nIaaS clouds often offer additional resources such as a virtual-machine disk-image library, raw block storage, file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles.\r\nThe NIST's definition of cloud computing defines Infrastructure as a Service as:\r\n<ul><li>The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.</li><li>The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).</li></ul>\r\nAccording to the Internet Engineering Task Force (IETF), the most basic cloud-service model is that of providers offering IT infrastructure — virtual machines and other resources — as a service to subscribers.\r\nIaaS-cloud providers supply these resources on-demand from their large pools of equipment installed in data centers. For wide-area connectivity, customers can use either the Internet or carrier clouds (dedicated virtual private networks). To deploy their applications, cloud users install operating-system images and their application software on the cloud infrastructure. In this model, the cloud user patches and maintains the operating systems and the application software. Cloud providers typically bill IaaS services on a utility computing basis: cost reflects the amount of resources allocated and consumed.","materialsDescription":" <span style=\"font-weight: bold; \">Cloud Computing Basics</span>\r\nWhether you are running applications that share photos to millions of mobile users or you’re supporting the critical operations of your business, a cloud services platform provides rapid access to flexible and low cost IT resources. With cloud computing, you don’t need to make large upfront investments in hardware and spend a lot of time on the heavy lifting of managing that hardware. Instead, you can provision exactly the right type and size of computing resources you need to power your newest bright idea or operate your IT department. You can access as many resources as you need, almost instantly, and only pay for what you use.\r\n<span style=\"font-weight: bold; \">How Does Cloud Computing Work?</span>\r\nCloud computing provides a simple way to access servers, storage, databases and a broad set of application services over the Internet. A Cloud services platform such as Amazon Web Services owns and maintains the network-connected hardware required for these application services, while you provision and use what you need via a web application.\r\n<span style=\"font-weight: bold; \">Six Advantages and Benefits of Cloud Computing</span>\r\n<span style=\"font-weight: bold; \">Trade capital expense for variable expense</span>\r\nInstead of having to invest heavily in data centers and servers before you know how you’re going to use them, you can only pay when you consume computing resources, and only pay for how much you consume.\r\n<span style=\"font-weight: bold; \">Benefit from massive economies of scale</span>\r\nBy using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers are aggregated in the cloud, providers can achieve higher economies of scale which translates into lower pay as you go prices.\r\n<span style=\"font-weight: bold; \">Stop guessing capacity</span>\r\nEliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to deploying an application, you often either end up sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little as you need, and scale up and down as required with only a few minutes notice.\r\n<span style=\"font-weight: bold; \">Increase speed and agility</span>\r\nIn a cloud computing environment, new IT resources are only ever a click away, which means you reduce the time it takes to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.\r\n<span style=\"font-weight: bold; \">Stop spending money on running and maintaining data centers</span>\r\nFocus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking and powering servers.\r\n<span style=\"font-weight: bold; \">Go global in minutes</span>\r\nEasily deploy your application in multiple regions around the world with just a few clicks. This means you can provide a lower latency and better experience for your customers simply and at minimal cost.\r\n<span style=\"font-weight: bold;\">Types of Cloud Computing</span>\r\nCloud computing has three main types that are commonly referred to as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Selecting the right type of cloud computing for your needs can help you strike the right balance of control and the avoidance of undifferentiated heavy lifting.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IaaS_computing.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3344,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Cloud_App_Security.jpg","logo":true,"scheme":false,"title":"Microsoft Cloud App Security","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-cloud-app-security","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"Microsoft Cloud App Security is a multimode Cloud Access Security Broker (CASB). It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.\r\nMicrosoft Cloud App Security natively integrates with leading Microsoft solutions. It is designed with security professionals in mind—providing simple deployment, centralized management, and innovative automation capabilities.\r\n<span style=\"font-weight: bold;\">FEATURES:</span>\r\n<span style=\"font-weight: bold;\">Discover and control the use of Shadow IT</span>\r\nIdentify cloud apps and services used by your organization. Assess their risk levels and business readiness of &gt;16,000 apps against &gt;70 risk and start managing them to ensure security and compliance.\r\n<span style=\"font-weight: bold;\">Protect your sensitive information anywhere in the cloud</span>\r\nUnderstand, classify and protect the exposure of sensitive information at rest, or leverage out-of-the box policies and automated processes to apply controls in real-time - across all your cloud apps.\r\n<span style=\"font-weight: bold;\">Protect against cyberthreats and anomalies</span>\r\nDetect unusual behavior across cloud apps to identify ransomware, compromised users or rogue applications, analyze high-risk usage and remediate automatically to limit the risk to your organization.\r\n<span style=\"font-weight: bold;\">Assess the compliance of your cloud apps</span>\r\nAssess if your cloud apps meet relevant compliance requirements including regulatory compliance and industry standards. Prevent data leaks to non-compliant apps, and limit access to regulated data.","shortDescription":"Microsoft Cloud App Security provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft Cloud App Security","keywords":"","description":"Microsoft Cloud App Security is a multimode Cloud Access Security Broker (CASB). It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.\r\nMicrosoft Cloud App Securit","og:title":"Microsoft Cloud App Security","og:description":"Microsoft Cloud App Security is a multimode Cloud Access Security Broker (CASB). It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.\r\nMicrosoft Cloud App Securit","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Cloud_App_Security.jpg"},"eventUrl":"","translationId":3345,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":95,"title":"Cloud Access Security Broker (CASB)"}],"testingArea":"","categories":[{"id":832,"title":"CASB - Cloud Access Security Broker","alias":"casb-cloud-access-security-broker","description":"A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud-based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer a variety of services, including but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware.\r\nA CASB may deliver security, the management or both. Broadly speaking, &quot;security&quot; is the prevention of high-risk events, whilst &quot;management&quot; is the monitoring and mitigation of high-risk events.\r\nCASBs that deliver security must be in the path of data access, between the user and the cloud. Architecturally, this might be achieved with proxy agents on each end-point device, or in agentless fashion without requiring any configuration on each device. Agentless CASB allows for rapid deployment and delivers security on all devices, company-managed or unmanaged BYOD. Agentless CASB also respects user privacy, inspecting only corporate data. Agent-based CASB is difficult to deploy and effective only on devices that are managed by the corporation. Agent-based CASB typically inspects both corporate and personal data.\r\nCASBs that deliver management may use APIs to inspect data and activity in the cloud to alert of risky events after the fact. Another management capability of a CASB is to inspect firewall or proxy logs for the usage of cloud applications.","materialsDescription":"<span style=\"font-weight: bold;\">What is CASB?</span> A Cloud Access Security Broker (CASB) is a policy enforcement point that secures data &amp; apps in the cloud and on any device, anywhere.\r\n<span style=\"font-weight: bold;\">What is the difference between security and management?</span> Security is preventing risky events from happening, management is cleaning up after high-risk events.\r\n<span style=\"font-weight: bold;\">What is Shadow IT?</span> Cloud applications used by business users without IT oversight, also known as unmanaged apps.\r\n<span style=\"font-weight: bold;\">What are managed apps?</span> Cloud Applications that are managed by IT, e.g.Office 365.\r\n<span style=\"font-weight: bold;\">What are the types of CASB?</span> Three types of Cloud Access Security Broker\r\n<ul><li>a) API-only CASB offer basic management</li><li>b) multi-mode first-gen CASB offer management &amp; security</li><li>c) Next-Gen CASB deliver management, security &amp; Zero-Day protection.</li></ul>\r\n<span style=\"font-weight: bold;\">What is a forward proxy?</span> A proxy where traffic must be forwarded by the end-point Such proxies requires agents and configuration on client devices.\r\n<span style=\"font-weight: bold;\">What is a reverse proxy?</span> A proxy where traffic is automatically routed, requiring no agent or configuration on the end-point.\r\n<span style=\"font-weight: bold;\">What is AJAX-VM?</span> Acronym for &quot;Adaptive Javascript and XML- Virtual Machine.&quot; AJAX-VM virtualizes cloud apps on the fly so they can be proxied without agents. Reverse-proxy CASB are brittle without AJAX-VM and break frequently with app changes.\r\n<span style=\"font-weight: bold;\">What are the types of CASB architecture?</span> There are three types of CASB architecture: API-only, forward proxy, and reverse proxy. Some CASB are API-only, others API and forward proxy. Next-Gen CASBs offer all three with AJAX-VM.\r\n<span style=\"font-weight: bold;\">What is CASB encryption?</span>&nbsp; Encryption/decryption of data prior to upload/download to a cloud application.\r\n <span style=\"font-weight: bold;\">What is searchable encryption?</span> An encryption system that combines full encryption with a clear-text index to enable search and sort without compromising encryption strength.\r\n<span style=\"font-weight: bold;\">What is tokenization?</span> Obfuscation by encoding each input string as a unique output string.\r\n<span style=\"font-weight: bold;\">What is agentless MDM?</span> Mobile security for BYOD that does not require agents. Easy to deploy and has no access to personal data or apps, thereby preserving user privacy.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_CASB.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3090,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Project.jpg","logo":true,"scheme":false,"title":"Microsoft Project","vendorVerified":0,"rating":"2.00","implementationsCount":2,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-project","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"<p>Microsoft Project is a project management system and a way to optimize portfolio management, which allows you to plan and control project activities of organizations.</p>\r\n<p>Compared with other similar programs, the MS Project is considered the most common and &ldquo;easy&rdquo; to refer to the initial level of project management software with a classic standard office interface. In the single-user and small solutions market, the software product takes about 80% (about 20 million people use it).</p>\r\n<p>It is believed that as an integrated set of methods, processes and tools for planning and monitoring projects, MS Project is more often used in the implementation of relatively small project ideas. However, the existence of several paid options - basic, professional and advanced - when choosing the most complete functionality allows you to significantly expand the capabilities of the program compared to the basic version.</p>\r\n<p>Another focus of the \"detuning\" is the specialization of the product. Among such software, Primavera is popular, which is widespread in the field of engineering and construction projects as a means of calendar-network planning, which allows to take into account financial, material and labor resources in medium and large projects. Basecamp software cloud tool is considered the main competitor in the segment of ultra-light management decisions. At the same time, Microsoft has also been offering a cloud version of its product since 2013.</p>\r\n<p>In addition to the cloud application, several products are available under the Project brand:</p>\r\n<ol>\r\n<li>Project Standard allows for individual planning for small projects.</li>\r\n<li>Corporate management is carried out with the help of a special platform, including:</li>\r\n</ol>\r\n<ul>\r\n<li>Project Server,</li>\r\n<li>the corporate version of Project Professional, where collaborative tools (Project Server and SharePoint Foundation / Server) are added to the capabilities of the Standard version,</li>\r\n<li>the technology of the web interface of the reporting of executives on the progress of tasks, for viewing project portfolios and other collaboration (Project Web Access).</li>\r\n</ul>\r\n<p>Source: <a href=\"https://finswin.com/projects/instrumenty/microsoft-project.html\" target=\"_blank\" rel=\"noopener\">finswin.com/projects/instrumenty/microsoft-project.html</a></p>","shortDescription":"Microsoft Project is a project management system and a way to optimize portfolio management, which allows you to plan and control project activities of organizations.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft Project","keywords":"","description":"<p>Microsoft Project is a project management system and a way to optimize portfolio management, which allows you to plan and control project activities of organizations.</p>\r\n<p>Compared with other similar programs, the MS Project is considered the most common","og:title":"Microsoft Project","og:description":"<p>Microsoft Project is a project management system and a way to optimize portfolio management, which allows you to plan and control project activities of organizations.</p>\r\n<p>Compared with other similar programs, the MS Project is considered the most common","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Microsoft_Project.jpg"},"eventUrl":"","translationId":3091,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":81,"title":"Project and Portfolio Management"}],"testingArea":"","categories":[{"id":363,"title":"Project and Portfolio Management","alias":"project-and-portfolio-management","description":"<span style=\"font-weight: bold;\">Project Portfolio Management (PPM)</span> is the centralized management of the processes, methods, and technologies used by project managers and project management offices (PMOs) to analyze and collectively manage current or proposed projects based on numerous key characteristics. The objectives of PPM are to determine the optimal resource mix for delivery and to schedule activities to best achieve an organization’s operational and financial goals, while honouring constraints imposed by customers, strategic objectives, or external real-world factors. The International standard defines the framework of the Project Portfolio Management.\r\nPPM provides program and project managers in large, program/project-driven organizations with the capabilities needed to manage the time, resources, skills, and budgets necessary to accomplish all interrelated tasks. It provides a framework for issue resolution and risk mitigation, as well as the centralized visibility to help planning and scheduling teams to identify the fastest, cheapest, or most suitable approach to deliver projects and programs. Portfolio Managers define Key Performance Indicators and the strategy for their portfolio.\r\n<span style=\"font-style: italic;\">Pipeline Management.</span> Pipeline management involves steps to ensure that an adequate number of project proposals are not generated and not evaluated to determine whether (and how) a set of projects in the portfolio can be executed with finite development resources in a specified time. There are three major sub-components to pipeline management: ideation, work intake processes, and Phase-Gate reviews. Fundamental to pipeline management is the ability to align the decision-making process for estimating and selecting new capital investment projects with the strategic plan.\r\n<span style=\"font-style: italic;\">Resource Manager.</span> The focus on the efficient and effective deployment of an organization’s resources where and when they are needed. These can include financial resources, inventory, human resources, technical skills, production, and design. In addition to project-level resource allocation, users can also model ‘what-if’ resource scenarios, and extend this view across the portfolio.\r\n<span style=\"font-style: italic;\">Change Control.</span> The capture and prioritization of change requests that can include new requirements, features, functions, operational constraints, regulatory demands, and technical enhancements. PPM provides a central repository for these change requests and the ability to match available resources to evolving demand within the financial and operational constraints of individual projects.\r\n<span style=\"font-style: italic;\">Financial Management.</span> With PPM, the Office of Finance can improve their accuracy for estimating and managing the financial resources of a project or group of projects. In addition, the value of projects can be demonstrated in relation to the strategic objectives and priorities of the organization through financial controls and to assess progress through earned value and other project financial techniques.\r\n<span style=\"font-style: italic;\">Risk Management.</span> An analysis of the risk sensitivities residing within each project, as the basis for determining confidence levels across the portfolio. The integration of cost and schedule risk management with techniques for determining contingency and risk response plans, enable organizations to gain an objective view of project uncertainties.","materialsDescription":" <span style=\"font-weight: bold;\">What’s the difference between Project Management and Project Portfolio Management?</span>\r\nProject management is focused on an individual project, making sure it achieves its objectives and adheres to cost schedule baselines and performance standards. Project portfolio management, on the other hand, takes into consideration all the projects within a portfolio. The primary objective here is to select and maintain the appropriate mix of projects and to assess the costs, risks, and returns of running these projects in relation to how they match with organizational goals. Simply put, project management is about doing the project right, project portfolio management is about doing the right projects.\r\n<span style=\"font-weight: bold;\">What Problems Can Project Portfolio Management Address?</span>\r\nProject Portfolio Management helps companies avoid project overload and work on projects that are not aligned with the ultimate vision. In other words, project portfolio management helps companies to work towards their goals without getting sidetracked by too many shiny pennies (ie. projects that appear to be enticing but actually drain their resources for little return).\r\n<span style=\"font-weight: bold;\">How does Project Portfolio Management help with new product development?</span>\r\nProject Portfolio Management supports companies in assessing, evaluating and ranking new product ideas before they become projects, so that time, money and human resources can be spent working on projects that support strategic objectives. This becomes increasingly important and relevant for companies that receive dozens if not hundreds of project proposals.\r\n<span style=\"font-weight: bold;\">What are the key elements of successful portfolio management?</span>\r\nGoals, objectives, governance, approval processes and monitoring portfolio performance.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Project_and_Portfolio_Management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1044,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/microsoft.png","logo":true,"scheme":false,"title":"Microsoft System Center Virtual Machine Manager Analytics solution","vendorVerified":0,"rating":"2.00","implementationsCount":2,"suppliersCount":0,"supplierPartnersCount":272,"alias":"microsoft-system-center-virtual-machine-manager-analytics-solution","companyTitle":"Microsoft","companyTypes":["vendor"],"companyId":163,"companyAlias":"microsoft","description":"The Virtual Machine Manager Analytics solution comes with some built-in reports with preconfigured data visualizations so you can easily get started with frequently used queries, such as:\r\n\r\n<ul><li>Distribution of failed jobs across VMM instances to easily scope down the broken instances.</li><li>Distribution of failures over time to find sudden spikes, and to help with correlating the cause and failures.</li><li>Distribution of failed jobs and errors to help with identifying the most error-prone jobs and the cause.</li><li>Distribution of the job runtime across different runs to identify the sluggish and error-prone jobs.</li></ul>\r\nThese are just a few examples of the possibilities with Virtual Machine Manager Analytics. Because the solution is open-source, we are looking forward to contributions from the community for other data visualizations.\r\nFurther, the data from System Center Virtual Machine Manager can be combined with several features in OMS for compelling use cases, including:\r\n<ul><li>Bring together the jobs data from multiple VMM instances to a single OMS workspace. With a view, now you can keep an eye on job details for all your VMM instances together.</li><li>Configure your OMS alerts with VMM jobs information to raise notifications for completion or failure of VMM jobs, and inform the appropriate teams.</li><li>Correlate VMM job data with other events in OMS log analytics for faster troubleshooting of failures. You can easily identify the possible causes of sudden failures on a VMM machine by correlating the VMM job logs with information from solutions like Change Tracking and Hyper-V management solutions.</li><li>Use Azure Automation runbooks with VMM job data to help enable automatic remediation for known or frequent issues.</li></ul>","shortDescription":"Virtual Machine Manager Analytics is an open-source solution that can be included in your OMS workspace. This solution brings in the job data of your on-premises VMM instances to the log analytics in OMS. VMM admins can then use this versatile platform to construct queries for searching the relevant data and creating data visualizations.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Microsoft System Center Virtual Machine Manager Analytics solution","keywords":"with, jobs, data, failures, Distribution, instances, Manager, from","description":"The Virtual Machine Manager Analytics solution comes with some built-in reports with preconfigured data visualizations so you can easily get started with frequently used queries, such as:\r\n\r\n<ul><li>Distribution of failed jobs across VMM instances to easily sc","og:title":"Microsoft System Center Virtual Machine Manager Analytics solution","og:description":"The Virtual Machine Manager Analytics solution comes with some built-in reports with preconfigured data visualizations so you can easily get started with frequently used queries, such as:\r\n\r\n<ul><li>Distribution of failed jobs across VMM instances to easily sc","og:image":"https://old.roi4cio.com/fileadmin/user_upload/microsoft.png"},"eventUrl":"","translationId":1045,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":2,"title":"Virtual machine and cloud system software","alias":"virtual-machine-and-cloud-system-software","description":" A virtual machine (VM) is a software-based computer that exists within another computer’s operating system, often used for the purposes of testing, backing up data, or running SaaS applications. To fully grasp how VMs work, it’s important to first understand how computer software and hardware are typically integrated by an operating system.\r\n&quot;The cloud&quot; refers to servers that are accessed over the Internet, and the software and databases that run on those servers. Cloud servers are located in data centers all over the world. By using cloud computing, users and companies don't have to manage physical servers themselves or run software applications on their own machines.\r\nThe cloud enables users to access the same files and applications from almost any device, because the computing and storage take place on servers in a data center, instead of locally on the user device. This is why a user can log into their Instagram account on a new phone after their old phone breaks and still find their old account in place, with all their photos, videos, and conversation history. It works the same way with cloud email providers like Gmail or Microsoft Office 365, and with cloud storage providers like Dropbox or Google Drive.\r\nFor businesses, switching to cloud computing removes some IT costs and overhead: for instance, they no longer need to update and maintain their own servers, as the cloud vendor they are using will do that. This especially makes an impact on small businesses that may not have been able to afford their own internal infrastructure but can outsource their infrastructure needs affordably via the cloud. The cloud can also make it easier for companies to operate internationally because employees and customers can access the same files and applications from any location.\r\nSeveral cloud providers offer virtual machines to their customers. These virtual machines typically live on powerful servers that can act as a host to multiple VMs and can be used for a variety of reasons that wouldn’t be practical with a locally-hosted VM. These include:\r\n<ul><li>Running SaaS applications - Software-as-a-Service, or SaaS for short, is a cloud-based method of providing software to users. SaaS users subscribe to an application rather than purchasing it once and installing it. These applications are generally served to the user over the Internet. Often, it is virtual machines in the cloud that are doing the computation for SaaS applications as well as delivering them to users. If the cloud provider has a geographically distributed network edge, then the application will run closer to the user, resulting in faster performance.</li><li>Backing up data - Cloud-based VM services are very popular for backing up data because the data can be accessed from anywhere. Plus, cloud VMs provide better redundancy, require less maintenance, and generally scale better than physical data centers. (For example, it’s generally fairly easy to buy an extra gigabyte of storage space from a cloud VM provider, but much more difficult to build a new local data server for that extra gigabyte of data.)</li><li>Hosting services like email and access management - Hosting these services on cloud VMs is generally faster and more cost-effective, and helps minimize maintenance and offload security concerns as well.</li></ul>","materialsDescription":"What is an operating system?\r\nTraditional computers are built out of physical hardware, including hard disk drives, processor chips, RAM, etc. In order to utilize this hardware, computers rely on a type of software known as an operating system (OS). Some common examples of OSes are Mac OSX, Microsoft Windows, Linux, and Android.\r\nThe OS is what manages the computer’s hardware in ways that are useful to the user. For example, if the user wants to access the Internet, the OS directs the network interface card to make the connection. If the user wants to download a file, the OS will partition space on the hard drive for that file. The OS also runs and manages other pieces of software. For example, it can run a web browser and provide the browser with enough random access memory (RAM) to operate smoothly. Typically, operating systems exist within a physical computer at a one-to-one ratio; for each machine, there is a single OS managing its physical resources.\r\n<span style=\"font-weight: bold;\">Can you have two or more operating systems on one computer?</span>\r\nSome users want to be able to run multiple operating systems simultaneously on one computer, either for testing or one of the other reasons listed in the section below. This can be achieved through a process called virtualization. In virtualization, a piece of software behaves as if it were an independent computer. This piece of software is called a virtual machine, also known as a ‘guest’ computer. (The computer on which the VM is running is called the ‘host’.) The guest has an OS as well as its own virtual hardware.\r\n‘Virtual hardware’ may sound like a bit of an oxymoron, but it works by mapping to real hardware on the host computer. For example, the VM’s ‘hard drive’ is really just a file on the host computer’s hard drive. When the VM wants to save a new file, it actually has to communicate with the host OS, which will write this file to the host hard drive. Because virtual hardware must perform this added step of negotiating with the host to access hardware resources, virtual machines can’t run quite as fast as their host computers.\r\nWith virtualization, one computer can run two or more operating systems. The number of VMs that can run on one host is limited only by the host’s available resources. The user can run the OS of a VM in a window like any other program, or they can run it in fullscreen so that it looks and feels like a genuine host OS.\r\n <span style=\"font-weight: bold; \">What are virtual machines used for?</span>\r\nSome of the most popular reasons people run virtual machines include:\r\n<span style=\"font-weight: bold; \">Testing</span> - Oftentimes software developers want to be able to test their applications in different environments. They can use virtual machines to run their applications in various OSes on one computer. This is simpler and more cost-effective than having to test on several different physical machines.\r\n<span style=\"font-weight: bold; \">Running software designed for other OSes</span> - Although certain software applications are only available for a single platform, a VM can run software designed for a different OS. For example, a Mac user who wants to run software designed for Windows can run a Windows VM on their Mac host.\r\n<span style=\"font-weight: bold; \">Running outdated software</span> - Some pieces of older software can’t be run in modern OSes. Users who want to run these applications can run an old OS on a virtual machine.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Virtual_machine_and_cloud_system_software.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3364,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Oracle_CASB_Cloud_Service.png","logo":true,"scheme":false,"title":"Oracle CASB Cloud Service","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":150,"alias":"oracle-casb-cloud-service","companyTitle":"Oracle","companyTypes":["supplier","vendor"],"companyId":164,"companyAlias":"oracle","description":"The Oracle CASB Cloud Service is the only Cloud Access Security Broker (CASB) that gives you both visibility into your entire cloud stack and the security automation tool your IT team needs.\r\n<span style=\"font-weight: bold;\">Threat Detection</span>\r\nIdentify existing threats to your cloud footprint by leveraging real-time threat intelligence feeds and machine learning techniques to establish security baselines and to learn behavior patterns.\r\n<span style=\"font-weight: bold;\">Predictive Analytics</span>\r\nStay a step ahead of threats with patent-pending modeling techniques that evaluate risks across hundreds of threat vectors to provide you with a concise summary of potential threats.\r\n<span style=\"font-weight: bold;\">Automated Incident Response</span>\r\nKeep enterprises secure by automating responses to threats with forensics, incident management, orchestration and remediation through native capabilities as well as integration with existing technologies.\r\n<span style=\"font-weight: bold;\">Security Configuration Management</span>\r\nEliminate labor intensive, error prone manual processes and manages security configurations within cloud applications by asserting configurations as well as continuously enforcing them.","shortDescription":"The Oracle CASB Cloud Service is the only Cloud Access Security Broker (CASB) that gives you both visibility into your entire cloud stack and the security automation tool your IT team needs.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":19,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Oracle CASB Cloud Service","keywords":"","description":"The Oracle CASB Cloud Service is the only Cloud Access Security Broker (CASB) that gives you both visibility into your entire cloud stack and the security automation tool your IT team needs.\r\n<span style=\"font-weight: bold;\">Threat Detection</span>\r\nIdentify e","og:title":"Oracle CASB Cloud Service","og:description":"The Oracle CASB Cloud Service is the only Cloud Access Security Broker (CASB) that gives you both visibility into your entire cloud stack and the security automation tool your IT team needs.\r\n<span style=\"font-weight: bold;\">Threat Detection</span>\r\nIdentify e","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Oracle_CASB_Cloud_Service.png"},"eventUrl":"","translationId":3365,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":95,"title":"Cloud Access Security Broker (CASB)"}],"testingArea":"","categories":[{"id":832,"title":"CASB - Cloud Access Security Broker","alias":"casb-cloud-access-security-broker","description":"A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud-based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer a variety of services, including but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware.\r\nA CASB may deliver security, the management or both. Broadly speaking, &quot;security&quot; is the prevention of high-risk events, whilst &quot;management&quot; is the monitoring and mitigation of high-risk events.\r\nCASBs that deliver security must be in the path of data access, between the user and the cloud. Architecturally, this might be achieved with proxy agents on each end-point device, or in agentless fashion without requiring any configuration on each device. Agentless CASB allows for rapid deployment and delivers security on all devices, company-managed or unmanaged BYOD. Agentless CASB also respects user privacy, inspecting only corporate data. Agent-based CASB is difficult to deploy and effective only on devices that are managed by the corporation. Agent-based CASB typically inspects both corporate and personal data.\r\nCASBs that deliver management may use APIs to inspect data and activity in the cloud to alert of risky events after the fact. Another management capability of a CASB is to inspect firewall or proxy logs for the usage of cloud applications.","materialsDescription":"<span style=\"font-weight: bold;\">What is CASB?</span> A Cloud Access Security Broker (CASB) is a policy enforcement point that secures data &amp; apps in the cloud and on any device, anywhere.\r\n<span style=\"font-weight: bold;\">What is the difference between security and management?</span> Security is preventing risky events from happening, management is cleaning up after high-risk events.\r\n<span style=\"font-weight: bold;\">What is Shadow IT?</span> Cloud applications used by business users without IT oversight, also known as unmanaged apps.\r\n<span style=\"font-weight: bold;\">What are managed apps?</span> Cloud Applications that are managed by IT, e.g.Office 365.\r\n<span style=\"font-weight: bold;\">What are the types of CASB?</span> Three types of Cloud Access Security Broker\r\n<ul><li>a) API-only CASB offer basic management</li><li>b) multi-mode first-gen CASB offer management &amp; security</li><li>c) Next-Gen CASB deliver management, security &amp; Zero-Day protection.</li></ul>\r\n<span style=\"font-weight: bold;\">What is a forward proxy?</span> A proxy where traffic must be forwarded by the end-point Such proxies requires agents and configuration on client devices.\r\n<span style=\"font-weight: bold;\">What is a reverse proxy?</span> A proxy where traffic is automatically routed, requiring no agent or configuration on the end-point.\r\n<span style=\"font-weight: bold;\">What is AJAX-VM?</span> Acronym for &quot;Adaptive Javascript and XML- Virtual Machine.&quot; AJAX-VM virtualizes cloud apps on the fly so they can be proxied without agents. Reverse-proxy CASB are brittle without AJAX-VM and break frequently with app changes.\r\n<span style=\"font-weight: bold;\">What are the types of CASB architecture?</span> There are three types of CASB architecture: API-only, forward proxy, and reverse proxy. Some CASB are API-only, others API and forward proxy. Next-Gen CASBs offer all three with AJAX-VM.\r\n<span style=\"font-weight: bold;\">What is CASB encryption?</span>&nbsp; Encryption/decryption of data prior to upload/download to a cloud application.\r\n <span style=\"font-weight: bold;\">What is searchable encryption?</span> An encryption system that combines full encryption with a clear-text index to enable search and sort without compromising encryption strength.\r\n<span style=\"font-weight: bold;\">What is tokenization?</span> Obfuscation by encoding each input string as a unique output string.\r\n<span style=\"font-weight: bold;\">What is agentless MDM?</span> Mobile security for BYOD that does not require agents. Easy to deploy and has no access to personal data or apps, thereby preserving user privacy.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_CASB.png"},{"id":52,"title":"SaaS - software as a service","alias":"saas-software-as-a-service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as &quot;on-demand software&quot;, and was formerly referred to as &quot;software plus services&quot; by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term &quot;Software as a Service&quot; (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure.&nbsp; While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies.&nbsp; Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"partnershipProgramme":{"levels":[{"id":555,"level":"Reseller"},{"id":557,"level":"Distributor"}],"partnerDiscounts":{"Reseller":"","Distributor":""},"registeredDiscounts":{"Reseller":"","Distributor":""},"additionalBenefits":[],"salesPlan":{"Reseller":"","Distributor":""},"additionalRequirements":[]}}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}