For suppliers
Blog

Home
/ Companies
/ Hidden user

Hidden user

Hidden user

-

All countries

Description

User Information is confidential

…

Deployments

VMware vSphere® METRO STORAGE CLUSTER (vMSC) for virtualization of compute resources…

AMT Group Russia…

Broadcom (CA Technologies)

TrapX DeceptionGrid Platform for financial industry…

TrapX DeceptionGrid Platform for National Government…

TrapX DeceptionGrid Platform for Software Vendor…

TrapX DeceptionGrid Platform for Law Enforcement…

Barracuda NGFW on AWS for software provider…

Club Automation…

Amazon Web Services

Cisco ASA NGFW for Rio Summer Olympics 2016…

TrapX Deception Grid for manufacturer of steel products…

McAfee Endpoint Security for global software company…

Hidden supplier…

Cisco Email Security for Insurance company…

Cisco Email Security for Computer Software company…

Portnox Clear for bank…

Rapid7 Metasploit for retail chain…

Agiliway custom software development for GPS tracking system…

Agiliway custom software development for a Large Vehicle Manufacturer…

Barracuda NGFW on AWS for Software Vendor…

Club Automation…

Amazon Web Services

Imperva SecureSphere Database Firewall for Global Computer Technology Company…

McAfee Advanced Threat Defense for large global software company…

Hidden supplier…

Citrix ADC for gas and electric company…

Fortinet FortiGate NGFW for Major European Bank…

Hidden supplier…

My Company

About us
Subscriptions
Contact us
Privacy Policy
Agreement

Solutions

Selection and comparison of IT product
Price calculator
ROI calculators
Bonus for reference

4 vendors

blog

we pay for content

categories

All rights reserved

© 2022

Our social networks

LinkedIn Twitter Facebook

Subscribe to newsletter

and be the first to know about promotions, new features and recent software reviews

{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"},{"id":"ru","name":"Русский"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"_type":"localeString","en":"Vendor","ru":"Производитель"},"role-supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"products-popover":{"_type":"localeString","de":"die produkte","en":"Products","ru":"Продукты"},"introduction-popover":{"_type":"localeString","en":"introduction","ru":"внедрения"},"partners-popover":{"_type":"localeString","en":"partners","ru":"партнеры"},"update-profile-button":{"_type":"localeString","en":"Update profile","ru":"Обновить профиль"},"read-more-button":{"_type":"localeString","en":"Show more","ru":"Показать ещё"},"hide-button":{"_type":"localeString","en":"Hide","ru":"Скрыть"},"user-implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"categories":{"_type":"localeString","en":"Categories","ru":"Компетенции"},"description":{"_type":"localeString","en":"Description","ru":"Описание"},"role-user":{"_type":"localeString","en":"User","ru":"Пользователь"},"partnership-vendors":{"_type":"localeString","en":"Partnership with vendors","ru":"Партнерство с производителями"},"partnership-suppliers":{"_type":"localeString","en":"Partnership with suppliers","ru":"Партнерство с поставщиками"},"reference-bonus":{"_type":"localeString","en":"Bonus 4 reference","ru":"Бонус за референс"},"partner-status":{"_type":"localeString","en":"Partner status","ru":"Статус партнёра"},"country":{"_type":"localeString","en":"Country","ru":"Страна"},"partner-types":{"_type":"localeString","en":"Partner types","ru":"Типы партнеров"},"branch-popover":{"_type":"localeString","en":"branch","ru":"область деятельности"},"employees-popover":{"_type":"localeString","en":"number of employees","ru":"количество сотрудников"},"partnership-programme":{"_type":"localeString","en":"Partnership program","ru":"Партнерская программа"},"partner-discounts":{"_type":"localeString","en":"Partner discounts","ru":"Партнерские скидки"},"registered-discounts":{"_type":"localeString","en":"Additional benefits for registering a deal","ru":"Дополнительные преимущества за регистрацию сделки"},"additional-advantages":{"_type":"localeString","en":"Additional Benefits","ru":"Дополнительные преимущества"},"additional-requirements":{"_type":"localeString","en":"Partner level requirements","ru":"Требования к уровню партнера"},"certifications":{"_type":"localeString","en":"Certification of technical specialists","ru":"Сертификация технических специалистов"},"sales-plan":{"_type":"localeString","en":"Annual Sales Plan","ru":"Годовой план продаж"},"partners-vendors":{"_type":"localeString","en":"Partners-vendors","ru":"Партнеры-производители"},"partners-suppliers":{"_type":"localeString","en":"Partners-suppliers","ru":"Партнеры-поставщики"},"all-countries":{"_type":"localeString","en":"All countries","ru":"Все страны"},"supplied-products":{"_type":"localeString","en":"Supplied products","ru":"Поставляемые продукты"},"vendored-products":{"_type":"localeString","en":"Produced products","ru":"Производимые продукты"},"vendor-implementations":{"_type":"localeString","en":"Produced deployments","ru":"Производимые внедрения"},"supplier-implementations":{"_type":"localeString","en":"Supplied deployments","ru":"Поставляемые внедрения"},"show-all":{"_type":"localeString","en":"Show all","ru":"Показать все"},"not-yet-converted":{"_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время."},"schedule-event":{"_type":"localeString","en":"Events schedule","ru":"Pасписание событий"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"register":{"_type":"localeString","en":"Register","ru":"Регистрация "},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"auth-message":{"_type":"localeString","en":"To view company events please log in or register on the sit.","ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт."}},"header":{"help":{"_type":"localeString","de":"Hilfe","en":"Help","ru":"Помощь"},"how":{"_type":"localeString","de":"Wie funktioniert es","en":"How does it works","ru":"Как это работает"},"login":{"_type":"localeString","de":"Einloggen","en":"Log in","ru":"Вход"},"logout":{"_type":"localeString","en":"logout","ru":"Выйти"},"faq":{"_type":"localeString","de":"FAQ","en":"FAQ","ru":"FAQ"},"references":{"_type":"localeString","de":"References","en":"Requests","ru":"Мои запросы"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find-it-product":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"autoconfigurator":{"_type":"localeString","en":" Price calculator","ru":"Калькулятор цены"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"_type":"localeString","en":"ROI calculators","ru":"ROI калькуляторы"},"b4r":{"_type":"localeString","en":"Bonus for reference","ru":"Бонус за референс"},"business-booster":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"catalogs":{"_type":"localeString","en":"Catalogs","ru":"Каталоги"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"for-suppliers":{"_type":"localeString","en":"For suppliers","ru":"Поставщикам"},"blog":{"_type":"localeString","en":"Blog","ru":"Блог"},"agreements":{"_type":"localeString","en":"Deals","ru":"Сделки"},"my-account":{"_type":"localeString","en":"My account","ru":"Мой кабинет"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"_type":"localeString","en":"Deletion","ru":"Удаление"},"comparison-confirm":{"_type":"localeString","en":"Are you sure you want to delete","ru":"Подтвердите удаление"},"search-placeholder":{"_type":"localeString","en":"Enter your search term","ru":"Введите поисковый запрос"},"my-profile":{"_type":"localeString","en":"My Profile","ru":"Мои Данные"}},"footer":{"copyright":{"_type":"localeString","de":"Alle rechte vorbehalten","en":"All rights reserved","ru":"Все права защищены"},"company":{"_type":"localeString","de":"Über die Firma","en":"My Company","ru":"О компании"},"about":{"_type":"localeString","de":"Über uns","en":"About us","ru":"О нас"},"infocenter":{"_type":"localeString","de":"Infocenter","en":"Infocenter","ru":"Инфоцентр"},"tariffs":{"_type":"localeString","de":"Tarife","en":"Subscriptions","ru":"Тарифы"},"contact":{"_type":"localeString","de":"Kontaktiere uns","en":"Contact us","ru":"Связаться с нами"},"marketplace":{"_type":"localeString","de":"Marketplace","en":"Marketplace","ru":"Marketplace"},"products":{"_type":"localeString","de":"Produkte","en":"Products","ru":"Продукты"},"compare":{"_type":"localeString","de":"Wähle und vergleiche","en":"Pick and compare","ru":"Подобрать и сравнить"},"calculate":{"_type":"localeString","de":"Kosten berechnen","en":"Calculate the cost","ru":"Расчитать стоимость"},"get_bonus":{"_type":"localeString","de":"Holen Sie sich einen Rabatt","en":"Bonus for reference","ru":"Бонус за референс"},"salestools":{"_type":"localeString","de":"Salestools","en":"Salestools","ru":"Salestools"},"automatization":{"_type":"localeString","de":"Abwicklungsautomatisierung","en":"Settlement Automation","ru":"Автоматизация расчетов"},"roi_calcs":{"_type":"localeString","de":"ROI-Rechner","en":"ROI calculators","ru":"ROI калькуляторы"},"matrix":{"_type":"localeString","de":"Vergleichsmatrix","en":"Comparison matrix","ru":"Матрица сравнения"},"b4r":{"_type":"localeString","de":"Rebate 4 Reference","en":"Rebate 4 Reference","ru":"Rebate 4 Reference"},"our_social":{"_type":"localeString","de":"Unsere sozialen Netzwerke","en":"Our social networks","ru":"Наши социальные сети"},"subscribe":{"_type":"localeString","de":"Melden Sie sich für den Newsletter an","en":"Subscribe to newsletter","ru":"Подпишитесь на рассылку"},"subscribe_info":{"_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта"},"policy":{"_type":"localeString","en":"Privacy Policy","ru":"Политика конфиденциальности"},"user_agreement":{"_type":"localeString","en":"Agreement","ru":"Пользовательское соглашение "},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"_type":"localeString","en":"Price calculator","ru":"Калькулятор цены"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"_type":"localeString","en":"4 vendors","ru":"поставщикам"},"blog":{"_type":"localeString","en":"blog","ru":"блог"},"pay4content":{"_type":"localeString","en":"we pay for content","ru":"платим за контент"},"categories":{"_type":"localeString","en":"categories","ru":"категории"},"showForm":{"_type":"localeString","en":"Show form","ru":"Показать форму"},"subscribe__title":{"_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!"},"subscribe__email-label":{"_type":"localeString","en":"Email","ru":"Email"},"subscribe__name-label":{"_type":"localeString","en":"Name","ru":"Имя"},"subscribe__required-message":{"_type":"localeString","en":"This field is required","ru":"Это поле обязательное"},"subscribe__notify-label":{"_type":"localeString","en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях"},"subscribe__agree-label":{"_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*"},"subscribe__submit-label":{"_type":"localeString","en":"Subscribe","ru":"Подписаться"},"subscribe__email-message":{"_type":"localeString","en":"Please, enter the valid email","ru":"Пожалуйста, введите корректный адрес электронной почты"},"subscribe__email-placeholder":{"_type":"localeString","en":"username@gmail.com","ru":"username@gmail.com"},"subscribe__name-placeholder":{"_type":"localeString","en":"Last, first name","ru":"Имя Фамилия"},"subscribe__success":{"_type":"localeString","en":"You are successfully subscribed! Check you mailbox.","ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик."},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."}},"breadcrumbs":{"home":{"_type":"localeString","en":"Home","ru":"Главная"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"registration":{"_type":"localeString","en":"Registration","ru":"Регистрация"},"b2b-platform":{"_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"_type":"localeString","en":"First name","ru":"Имя"},"lastname":{"_type":"localeString","en":"Last name","ru":"Фамилия"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"_type":"localeString","en":"Position","ru":"Должность"},"actual-cost":{"_type":"localeString","en":"Actual cost","ru":"Фактическая стоимость"},"received-roi":{"_type":"localeString","en":"Received ROI","ru":"Полученный ROI"},"saving-type":{"_type":"localeString","en":"Saving type","ru":"Тип экономии"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"_type":"localeString","en":"Your rate","ru":"Ваша оценка"},"i-agree":{"_type":"localeString","en":"I agree","ru":"Я согласен"},"terms-of-use":{"_type":"localeString","en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности"},"send":{"_type":"localeString","en":"Send","ru":"Отправить"},"required-message":{"_type":"localeString","en":"{NAME} is required filed","ru":"{NAME} - это обязательное поле"}},"maintenance":{"title":{"_type":"localeString","en":"Site under maintenance","ru":"На сайте проводятся технические работы"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"meta":[{"content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg","name":"og:image"},{"content":"website","name":"og:type"}],"title":{"_type":"localeString","en":"ROI4CIO: Company","ru":"ROI4CIO: Компания"},"translatable_meta":[{"name":"title","translations":{"_type":"localeString","en":"Company","ru":"Компания"}},{"name":"description","translations":{"_type":"localeString","en":"Company description","ru":"Описание компании"}},{"name":"keywords","translations":{"_type":"localeString","en":"Company keywords","ru":"Ключевые слова для компании"}}]}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"skrytyi-polzovatel":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[{"id":1,"type":"user"}],"description":"User Information is confidential ","companyTypes":["user"],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[{"id":321,"title":"VMware vSphere® METRO STORAGE CLUSTER (vMSC) for virtualization of compute resources","description":"Description is not ready yet","alias":"vmware-vsphere-metro-storage-cluster-vmsc-for-virtualization-of-compute-resources","roi":0,"seo":{"title":"VMware vSphere® METRO STORAGE CLUSTER (vMSC) for virtualization of compute resources","keywords":"","description":"Description is not ready yet","og:title":"VMware vSphere® METRO STORAGE CLUSTER (vMSC) for virtualization of compute resources","og:description":"Description is not ready yet"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":630,"title":"AMT Group Russia","logoURL":"https://roi4cio.com/uploads/roi/company/AMT_Group.gif","alias":"amt-grup-rossija","address":"","roles":[],"description":"Company AMT Group has worked for 21 years at the Russian system integration market. AMT Group as a leading Russian systems integrator holds Technical appraisal, best worldwide practices and effective high-class solutions.\r\nAMT Group specializes in design, implementation and technical support of complex telecommunication, information and information security systems, consulting projects and trainings for customers’ personnel.\r\nAMT Group is partnering with 50 prominent worldwide equipment and software manufactures - Avaya, Cisco, Ericsson, Genesys, HP, IBM, Microsoft, Polycom and many others.\r\nAMT Group has four branch offices in Moscow, Saint-Petersburg, Krasnodar and Minsk(Belorussia).\r\nAMT Group has more than 60 service regional partners with partner network in more than hundred Russian and CIS cities. Company provides multivendor Prototyping Center to launch and test solutions to be implemented in complicated large projects.\r\nNow there are about 400 employees in the company, including 150 design and technical support engineers of different specializations. 13 employees have been qualified as Cisco Certified Internetwork Experts, carrying the top level expertise of networking technologies.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":159,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":1,"vendorImplementationsCount":0,"vendorPartnersCount":8,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://amt.ru/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"AMT Group Russia","keywords":"Group, Russian, employees, design, solutions, more, than, support","description":"Company AMT Group has worked for 21 years at the Russian system integration market. AMT Group as a leading Russian systems integrator holds Technical appraisal, best worldwide practices and effective high-class solutions.\r\nAMT Group specializes in design, impl","og:title":"AMT Group Russia","og:description":"Company AMT Group has worked for 21 years at the Russian system integration market. AMT Group as a leading Russian systems integrator holds Technical appraisal, best worldwide practices and effective high-class solutions.\r\nAMT Group specializes in design, impl","og:image":"https://roi4cio.com/uploads/roi/company/AMT_Group.gif"},"eventUrl":""},"vendors":[{"id":2781,"title":"Broadcom (CA Technologies)","logoURL":"https://roi4cio.com/uploads/roi/company/broadcom.jpg","alias":"broadcom-ca-technologies","address":"","roles":[],"description":"Broadcom, formerly known as CA Technologies and Computer Associates International, Inc. and CA, Inc., is an American publicly held corporation headquartered in New York City. It ranks as one of the largest independent software corporations in the world. The company creates systems software (and previously applications software) that runs in mainframe, distributed computing, virtual machine and cloud computing environments.\r\n\r\nThe company had been a provider of anti-virus and Internet security commercial software programs for personal computers during its venture into the business-to-consumer ("B2C") market, today it is primarily known for its business-to-business ("B2B") mainframe and distributed (client/server, etc.) information technology ("IT") infrastructure applications since the spin off of their security products into Total Defense. CA Technologies states that its computer software products are used by "a majority of the Fortune Global 500 companies, government organizations, educational institutions, and thousands of other companies in diverse industries worldwide." CA Technologies is also part of the Clinton Global Initiative.\r\n\r\nSource: https://en.wikipedia.org/wiki/CA_Technologies","companyTypes":[],"products":{},"vendoredProductsCount":5,"suppliedProductsCount":5,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.broadcom.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Broadcom (CA Technologies)","keywords":"software, Technologies, Global, company, into, applications, that, security","description":"Broadcom, formerly known as CA Technologies and Computer Associates International, Inc. and CA, Inc., is an American publicly held corporation headquartered in New York City. It ranks as one of the largest independent software corporations in the world. T","og:title":"Broadcom (CA Technologies)","og:description":"Broadcom, formerly known as CA Technologies and Computer Associates International, Inc. and CA, Inc., is an American publicly held corporation headquartered in New York City. It ranks as one of the largest independent software corporations in the world. T","og:image":"https://roi4cio.com/uploads/roi/company/broadcom.jpg"},"eventUrl":""},{"id":168,"title":"VMware","logoURL":"https://roi4cio.com/uploads/roi/company/vmware_logo.png","alias":"vmware","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">VMware was founded in 1998 and initially focused on the development of virtual machine technologies for standard computers. In 1999, VMware released its first product, VMware Workstation, and in 2001. entered the server market with VMware GSX Server and VMware ESX Server products. Today, VMware dominates the software virtualization market, controlling most of the global marketplace.<br /><br />The main activities of the company are such areas as software-defined data centers (SDDC), the creation of hybrid clouds (Hybrid Cloud), virtualization of workplaces of corporate users.<br />All VMware software products can be divided into several main categories: server virtualization, desktop virtualization, network virtualization, storage network virtualization, cloud environments.<br /><br />VMware software is used by millions of individuals and tens of thousands of enterprise customers around the world, including nearly all Fortune 100 companies. By leveraging VMware software to address business challenges such as increasing resource efficiency and availability, customers have achieved significant value. - In particular, to reduce the total cost of ownership, increase the return on investment and improve the quolity of customer service.<br /><br />VMware is headquartered in Palo Alto, California, USA and is majority owned by Dell EMC.</span>","companyTypes":[],"products":{},"vendoredProductsCount":24,"suppliedProductsCount":33,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":17,"vendorPartnersCount":3,"supplierPartnersCount":144,"b4r":0,"categories":{},"companyUrl":"https://www.vmware.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"VMware","keywords":"VMware, business, with, approach, cloud, modern, data, apps","description":"<span style=\"color: rgb(97, 97, 97); \">VMware was founded in 1998 and initially focused on the development of virtual machine technologies for standard computers. In 1999, VMware released its first product, VMware Workstation, and in 2001. entered the server m","og:title":"VMware","og:description":"<span style=\"color: rgb(97, 97, 97); \">VMware was founded in 1998 and initially focused on the development of virtual machine technologies for standard computers. In 1999, VMware released its first product, VMware Workstation, and in 2001. entered the server m","og:image":"https://roi4cio.com/uploads/roi/company/vmware_logo.png"},"eventUrl":""},{"id":4484,"title":"Veritas","logoURL":"https://roi4cio.com/uploads/roi/company/Veritas.png","alias":"veritas","address":"","roles":[],"description":"Veritas Technologies LLC is an American international data management company headquartered in Mountain View, California. The company has its origins in Tolerant Systems, founded in 1983 and later renamed Veritas Software. It specializes in storage management software including the first commercial journaling file system, VxFS, VxVM, VCS, the personal/small office backup software Backup Exec and the enterprise backup software, NetBackup. Veritas Record Now was an early CD recording software.\r\nPrior to merging with Symantec in 2004, Veritas was listed on the S&P 500 and the NASDAQ-100 under the VRTS ticker symbol. Following its merger, the Veritas brand was replaced by that of Symantec.\r\nIn 2014, Symantec announced that it would demerge its information management business as Veritas Technologies LLC, in order to focus on security. It was purchased as part of the demerger by the private equity firm The Carlyle Group for $8 billion in cash.\r\nSource: https://en.wikipedia.org/wiki/Veritas_Technologies","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":2,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://www.veritas.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Veritas","keywords":"","description":"Veritas Technologies LLC is an American international data management company headquartered in Mountain View, California. The company has its origins in Tolerant Systems, founded in 1983 and later renamed Veritas Software. It specializes in storage management ","og:title":"Veritas","og:description":"Veritas Technologies LLC is an American international data management company headquartered in Mountain View, California. The company has its origins in Tolerant Systems, founded in 1983 and later renamed Veritas Software. It specializes in storage management ","og:image":"https://roi4cio.com/uploads/roi/company/Veritas.png"},"eventUrl":""}],"products":[{"id":399,"logo":false,"scheme":false,"title":"CA Spectrum","vendorVerified":0,"rating":"1.00","implementationsCount":2,"presenterCode":"","suppliersCount":0,"alias":"ca-spectrum","companyTypes":[],"description":"CA Spectrum can enable your organization to discover, optimize and improve its infrastructure and the business services running on top of it.\r\n\r\nBy delivering large-enterprise scalability, robust features and superior root cause analysis, this solution can help your organization effectively manage its dynamic, complex IT infrastructure—including physical, virtual and cloud environments as well as network virtualization. The improved architecture of CA Spectrum reduces time and cost associated with the administration of multiple management consoles by supporting tens of thousands of devices and millions of models—increasing scalability while simplifying staff management.\r\n\r\nCA Spectrum can help your organization improve network service levels. And by integrating automated fault management, fault isolation, proactive change management and root cause analysis into a single platform, this solution can help reduce fault monitoring costs as well. This solution automates fault management across multi-vendor and multi-technology infrastructures, tailoring information views and management capabilities to meet the needs of a broad range of technical and non-technical users.\r\n\r\nCA Spectrum. Real results, right now.\r\n\r\nAccelerate issue resolution.\r\nLeverage automated discovery, event correlation and root cause analysis capabilities that improve MTTR.\r\nBoost service levels.\r\nImprove system availability and performance by minimizing erroneous changes.\r\nSpeed innovation.\r\nCapitalize on innovative technologies and approaches, such as cloud and virtualization, while using a single management platform.","shortDescription":"CA Spectrum - Ensure high performance and continuous availability with superior root cause analysis.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CA Spectrum","keywords":"management, Spectrum, fault, solution, your, help, organization, cause","description":"CA Spectrum can enable your organization to discover, optimize and improve its infrastructure and the business services running on top of it.\r\n\r\nBy delivering large-enterprise scalability, robust features and superior root cause analysis, this solution can hel","og:title":"CA Spectrum","og:description":"CA Spectrum can enable your organization to discover, optimize and improve its infrastructure and the business services running on top of it.\r\n\r\nBy delivering large-enterprise scalability, robust features and superior root cause analysis, this solution can hel"},"eventUrl":"","translationId":400,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":331,"title":"Network Management Software","alias":"network-management-software","description":" <span style=\"font-weight: bold; \">Network management software</span> is software that is used to provision, discover, monitor and maintain computer networks. \r\nWith the expansion of the world wide web and the Internet, computer networks have become very large and complex, making them impossible to manage manually. In response, a suite of network management software was developed to help reduce the burden of managing the growing complexity of computer networks. \r\nNetwork management software usually collects information about network devices (which are called Nodes) using protocols like SNMP, ICMP, CDP etc. This information is then presented to network administrators in an easy to understand and accessible manner to help them quickly identify and remediate problems. \r\nSome advanced network control software may rectify network problems automatically. Network management program may also help with tasks involved in provisioning new networks, such as installing and configuring new network nodes etc. Network management tools may also help with maintenance of existing networks like upgrading software on existing network devices, creating new virtual networks etc. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Functions</span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Provisioning:</span> Enables network managers to provision new network devices in an environment. Automating this step reduces cost and eliminates chances of human error.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Mapping or Discovery:</span> Enables the software to discover the features of a target network. Some features that are usually discovered are: the nodes in a network, the connectivity between these nodes, the vendor types, the performance characteristics etc.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Monitoring:</span> Enables the network management system to monitor the network for problems and to suggest improvements. The software may poll the devices periodically or register itself to receive alerts from network devices. One mechanism for network devices to volunteer information about itself is by sending an SNMP Trap. Monitoring can reveal faults in the network such as failed or misconfigured nodes, performance bottlenecks, intrusions etc.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Configuration management:</span> Enables the software to ensure that the network configuration is as desired and there is no configuration drift.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Regulatory compliance:</span> Enables the network management system software to ensure that the network meets the regulatory standards and complies with applicable laws.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Change control:</span> Enables the software to ensure that the network changes are enacted in a controlled and coordinated manner. Change control can enable audit trails which has applications during a forensic investigation after a network intrusion.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Software Asset Management:</span>Provides software deployment and patch management.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Cybersecurity: </span>Enabled the software to use all the data gathered from the nodes to identify security risks in an IT environment.</p>","materialsDescription":"<h1 class=\"align-center\">What does Network Inventory Management system mean?</h1>\r\nNetwork inventory management is the process of keeping records of all the IT or network assets that make up the network.\r\nIt enables network administrators/businesses to have a physical record of all IT and network equipment within the organization.\r\nNetwork inventory management is generally performed to through IT asset tracking software that scans, compiles and records data about each device/node over a network.\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Network inventory management software may include:</span></p>\r\n<ul><li>Number of routers, their make, type and place of installation, serial number</li><li>IP addresses of all devices/nodes, IP addressing scheme used</li><li>Number and type of software along with license keys and expiry dates</li></ul>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">This data helps businesses with:</span></p>\r\n<ul><li>Network size estimation</li><li>Network capacity planning</li><li>Network cost/ROI estimation</li><li>Physical network administration (to deal with device/equipment loss and theft)</li></ul>\r\n<h1 class=\"align-center\">What is SNMP Management Software?</h1>\r\n<span style=\"font-weight: bold; \">SNMP (Simple Network Management Protocol) management software</span> is an application or program used to manage and monitor many network devices – such as servers, printers, hubs, switches, and routers – that are SNMP-aware and which an SNMP agent software can poll and receive alert traps when needed.\r\nSNMP network management software is currently considered the best choice by professionals for IP (Internet Protocol) network management, and as a result, SNMP is widely supported and featured in many hardware devices and network management software packages. \r\nSNMP software is designed to be able to be deployed on a large number of network devices, to have minimal impact and transport requirements on the managed nodes and to continue working when most other network applications fail.\r\n\r\n","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Network_Management_Software.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1102,"logo":false,"scheme":false,"title":"VMware vSphere® Metro Storage Cluster (vMSC)","vendorVerified":0,"rating":"2.40","implementationsCount":1,"presenterCode":"","suppliersCount":0,"alias":"vmware-vspherer-metro-storage-cluster-vmsc","companyTypes":[],"description":"VMware vSphere® Metro Storage Cluster (vMSC) is a specific configuration within the VMware Hardware\r\nCompatibility List (HCL). These configurations are commonly referred to as stretched storage clusters or metro storage clusters and are implemented in environments where disaster and downtime avoidance is a key requirement. This best practices document was developed to provide additional insight and information for operation of a vMSC infrastructure in conjunction with VMware vSphere. This paper explains how vSphere handles specific failure scenarios, and it discusses various design considerations and operational procedures.\r\nvMSC infrastructures are implemented with a goal of reaping the same benefits that high-availability clusters provide to a local site, in a geographically dispersed model with two data centers in different locations.\r\nA vMSC infrastructure is essentially a stretched cluster. The architecture is built on the premise of extending what is defined as “local” in terms of network and storage to enable these subsystems to span geographies, presenting a single and common base infrastructure set of resources to the vSphere cluster at both sites.\r\nIt in essence stretches storage and the network between sites.\r\nThe primary benefit of a stretched cluster model is that it enables fully active and workload-balanced data centers to be used to their full potential while gaining the capability to migrate virtual machines (VMs) with VMware vSphere vMotion®, and VMware vSphere Storage vMotion®, between sites to enable on-demand and nonintrusive mobility of workloads. The capability of a stretched cluster to provide this active balancing of resources should always be the primary design and implementation goal. Although often associated with disaster recovery, vMSC infrastructures are not recommended as primary solutions for pure disaster recovery.\r\n<span style=\"font-weight: bold;\">Stretched cluster solutions offer the following benefits:</span>\r\n•<span style=\"white-space:pre\">\t</span>Workload mobility\r\n•<span style=\"white-space:pre\">\t</span>Cross-site automated load balancing\r\n•<span style=\"white-space:pre\">\t</span>Enhanced downtime avoidance\r\n•<span style=\"white-space:pre\">\t</span>Disaster avoidance\r\n<span style=\"font-weight: bold;\">Technical Requirements and Constraints</span>\r\n•<span style=\"white-space:pre\">\t</span>Storage connectivity using Fibre Channel, iSCSI, NFS, and FCoE is supported.\r\n•<span style=\"white-space:pre\">\t</span>The maximum supported network latency between sites for the VMware ESXi™ management networks is 10ms round-trip time (RTT).\r\n•<span style=\"white-space:pre\">\t</span>vSphere vMotion, and vSphere Storage vMotion, supports a maximum of 150ms latency as of vSphere 6.0, but this is not intended for stretched clustering usage.\r\n•<span style=\"white-space:pre\">\t</span>The maximum supported latency for synchronous storage replication links is 10ms RTT. Refer to documentation from the storage vendor because the maximum tolerated latency is lower in most cases.\r\nThe most commonly supported maximum RTT is 5ms.\r\n•<span style=\"white-space:pre\">\t</span>The ESXi vSphere vMotion network has a redundant network link minimum of 250Mbps.\r\nThe storage requirements are slightly more complex. A vSphere Metro Storage Cluster requires what is in effect a single storage subsystem that spans both sites. In this design, a given datastore must be accessible—that is, be able to be read and be written to—simultaneously from both sites. Further, when problems occur, the ESXi hosts must be able to continue to access datastores from either array transparently and with no impact to ongoing storage operations.\r\nThis precludes traditional synchronous replication solutions because they create a primary–secondary\r\nrelationship between the active (primary) LUN where data is being accessed and the secondary LUN that is receiving replication. To access the secondary LUN, replication is stopped, or reversed, and the LUN is made visible to hosts. This “promoted” secondary LUN has a completely different LUN ID and is essentially a newly available copy of a former primary LUN. This type of solution works for traditional disaster recovery–type configurations because it is expected that VMs must be started up on the secondary site. The vMSC configuration requires simultaneous, uninterrupted access to enable live migration of running VMs between sites.\r\nThe storage subsystem for a vMSC must be able to be read from and write to both locations simultaneously.\r\nAll disk writes are committed synchronously at both locations to ensure that data is always consistent regardless of the location from which it is being read. This storage architecture requires significant bandwidth and very low latency between the sites in the cluster. Increased distances or latencies cause delays in writing to disk and a dramatic decline in performance. They also preclude successful vMotion migration between cluster nodes that reside in different locations. \r\n","shortDescription":"A VMware vSphere Metro Storage Cluster configuration is a vSphere certified solution that combines replication with array-based clustering. These solutions are typically deployed in environments where the distance between data centers is limited, often metropolitan or campus environments.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"VMware vSphere® Metro Storage Cluster (vMSC)","keywords":"storage, vSphere, vMSC, sites, cluster, that, between, VMware","description":"VMware vSphere® Metro Storage Cluster (vMSC) is a specific configuration within the VMware Hardware\r\nCompatibility List (HCL). These configurations are commonly referred to as stretched storage clusters or metro storage clusters and are implemented in environm","og:title":"VMware vSphere® Metro Storage Cluster (vMSC)","og:description":"VMware vSphere® Metro Storage Cluster (vMSC) is a specific configuration within the VMware Hardware\r\nCompatibility List (HCL). These configurations are commonly referred to as stretched storage clusters or metro storage clusters and are implemented in environm"},"eventUrl":"","translationId":1103,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":299,"title":"Application and User Session Virtualization","alias":"application-and-user-session-virtualization","description":"Application virtualization is a technology that allows you to separate the software from the operating system on which it operates. Fully virtualized software is not installed in the traditional sense, although the end-user at first glance can not see it, because the virtualized software works just as normal. The software in the execution process works just as if it interacted with the operating system directly and with all its resources, but can be isolated or executed in a sandbox with different levels of restriction.\r\nModern operating systems, such as Microsoft Windows and Linux, can include limited software virtualization. For example, Windows 7 has Windows XP mode that allows you to run Windows XP software on Windows 7 without any changes.\r\nUser session virtualization is a newer version of desktop virtualization that works at the operating system level. While normal virtualization of the desktop allows an operating system to be run by virtualizing the hardware of the desktop, RDS and App-V allow for the virtualization of the applications. User session virtualization lies between the two.\r\nA desktop has an operating system loaded on the base hardware. This can be either physical or virtual. The user session virtualization keeps track of all changes to the operating system that a user might make by encapsulating the configuration changes and associating them to the user account. This allows the specific changes to be applied to the underlying operating system without actually changing it. This allows several users to have completely different operating system configurations applied to base operating system installation.\r\nIf you are in a distributed desktop environment and there are local file servers available at each location, you can deploy virtualized user sessions in the form of redirected folders and roaming profiles.","materialsDescription":" <span style=\"font-weight: bold;\">Understanding application virtualization</span>\r\nApplication virtualization technology isolates applications from the underlying operating system and from other applications to increase compatibility and manageability. This application virtualization technology enables applications to be streamed from a centralized location into an isolation environment on the target device where they will execute. The application files, configuration, and settings are copied to the target device and the application execution at run time is controlled by the application virtualization layer. When executed, the application run time believes that it is interfacing directly with the operating system when, in fact, it is interfacing with a virtualization environment that proxies all requests to the operating system.\r\n<span style=\"font-weight: bold;\">Understanding session virtualization</span>\r\nSession virtualization uses application streaming to deliver applications to hosting servers in the datacenter. The Application then connects the user to the server. The application then executes entirely on the server. The user interacts with the application remotely by sending mouse-clicks and keystrokes to the server. The server then responds by sending screen updates back to the user’s device. Whereas application virtualization is limited to Windows-based operating systems, session virtualization allows any user on any operating system to access any application delivered by IT. As a result, the application enables Windows, Mac, Linux, iOS and Android devices to run any applications using session virtualization. Furthermore, session virtualization leverages server-side processing power which liberates IT from the endless cycle of PC hardware refreshes which are typically needed to support application upgrades when using traditional application deployment methods.","iconURL":"https://roi4cio.com/fileadmin/user_upload/Application_and_User_Session_Virtualization__1_.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2078,"logo":false,"scheme":false,"title":"Veritas Backup Exec","vendorVerified":0,"rating":"1.00","implementationsCount":2,"presenterCode":"","suppliersCount":0,"alias":"veritas-backup-exec","companyTypes":[],"description":"<p>Veritas Backup Exec is a data protection software product that supports virtual, physical and cloud platforms. Sold by Veritas Technologies LLC, Backup Exec is compatible with most storage devices, including disk, tape and cloud.</p>\r\n<p>The product was previously known as Symantec Backup Exec when Veritas was part of security giant Symantec Corp. Veritas was sold by Symantec in January 2016 to The Carlyle Group private equity firm for $7.4 billion.</p>\r\n<p><span style=\"font-weight: bold;\">Veritas Backup Exec features:</span></p>\r\n<p>Veritas claims more than 2 million Backup Exec customers, mainly in the SMB and midmarket arena.</p>\r\n<p>Key Veritas Backup Exec features include:</p>\r\n<ul>\r\n<li>fast virtual machine (VM) snapshots through integration with Microsoft Volume Shadow Copy Service (Microsoft VSS);</li>\r\n<li>instant recovery of VMware and Hyper-V VMs;</li>\r\n<li>integrated global deduplication and changed block tracking;</li>\r\n<li>integrated bare-metal, physical-to-virtual and virtual-to-physical recovery;</li>\r\n<li>the ability to protect thousands of VMs from a single user console.</li>\r\n</ul>\r\n<p>Backup Exec 15 features support for VMware ESXi 6 and vCenter 6, VMware Virtual SAN 6 and Virtual Volumes. Backup Exec 15 also offered enhanced VM capabilities with support for SAN restores and VMs with volumes of more than 2 terabytes.</p>\r\n<p>Veritas Backup Exec 16, which became generally available in November 2016, expanded its support to include the Microsoft Azure cloud, Windows Server 2016 and Hyper-V Server 2016. Previous product versions already supported Amazon Web Services (AWS) and the Google Cloud Platform, as well as third-party clouds that support the Amazon Simple Storage Service protocol.</p>\r\n<p>Other new features of Backup Exec 16 include:</p>\r\n<ul>\r\n<li>Veritas branding;</li>\r\n<li>a simplified licensing and purchasing model built for midsize companies that do not have complicated infrastructures or dedicated backup administrators;</li>\r\n<li>expanded cloud support that streamlines migration to the cloud by offering a single platform to protect critical data across cloud, virtual and physical infrastructures;</li>\r\n<li>a new default database instance that installs SQL Server 2014 Express Service Pack 2.</li>\r\n</ul>","shortDescription":"Veritas Backup Exec is a data protection software product that supports virtual, physical and cloud platforms.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Veritas Backup Exec","keywords":"","description":"<p>Veritas Backup Exec is a data protection software product that supports virtual, physical and cloud platforms. Sold by Veritas Technologies LLC, Backup Exec is compatible with most storage devices, including disk, tape and cloud.</p>\r\n<p>The product was pre","og:title":"Veritas Backup Exec","og:description":"<p>Veritas Backup Exec is a data protection software product that supports virtual, physical and cloud platforms. Sold by Veritas Technologies LLC, Backup Exec is compatible with most storage devices, including disk, tape and cloud.</p>\r\n<p>The product was pre"},"eventUrl":"","translationId":2079,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":109,"title":"Kyrgyzstan","name":"KGZ"},{"id":180,"title":"Russia","name":"RUS"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":10,"title":"Ensure Compliance"},{"id":307,"title":"Enhance Competitive Ability"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":175,"title":"Aging IT infrastructure"}]}},"categories":[{"id":331,"title":"Network Management Software","alias":"network-management-software","description":" <span style=\"font-weight: bold; \">Network management software</span> is software that is used to provision, discover, monitor and maintain computer networks. \r\nWith the expansion of the world wide web and the Internet, computer networks have become very large and complex, making them impossible to manage manually. In response, a suite of network management software was developed to help reduce the burden of managing the growing complexity of computer networks. \r\nNetwork management software usually collects information about network devices (which are called Nodes) using protocols like SNMP, ICMP, CDP etc. This information is then presented to network administrators in an easy to understand and accessible manner to help them quickly identify and remediate problems. \r\nSome advanced network control software may rectify network problems automatically. Network management program may also help with tasks involved in provisioning new networks, such as installing and configuring new network nodes etc. Network management tools may also help with maintenance of existing networks like upgrading software on existing network devices, creating new virtual networks etc. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Functions</span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Provisioning:</span> Enables network managers to provision new network devices in an environment. Automating this step reduces cost and eliminates chances of human error.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Mapping or Discovery:</span> Enables the software to discover the features of a target network. Some features that are usually discovered are: the nodes in a network, the connectivity between these nodes, the vendor types, the performance characteristics etc.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Monitoring:</span> Enables the network management system to monitor the network for problems and to suggest improvements. The software may poll the devices periodically or register itself to receive alerts from network devices. One mechanism for network devices to volunteer information about itself is by sending an SNMP Trap. Monitoring can reveal faults in the network such as failed or misconfigured nodes, performance bottlenecks, intrusions etc.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Configuration management:</span> Enables the software to ensure that the network configuration is as desired and there is no configuration drift.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Regulatory compliance:</span> Enables the network management system software to ensure that the network meets the regulatory standards and complies with applicable laws.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Change control:</span> Enables the software to ensure that the network changes are enacted in a controlled and coordinated manner. Change control can enable audit trails which has applications during a forensic investigation after a network intrusion.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Software Asset Management:</span>Provides software deployment and patch management.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold;\">Cybersecurity: </span>Enabled the software to use all the data gathered from the nodes to identify security risks in an IT environment.</p>","materialsDescription":"<h1 class=\"align-center\">What does Network Inventory Management system mean?</h1>\r\nNetwork inventory management is the process of keeping records of all the IT or network assets that make up the network.\r\nIt enables network administrators/businesses to have a physical record of all IT and network equipment within the organization.\r\nNetwork inventory management is generally performed to through IT asset tracking software that scans, compiles and records data about each device/node over a network.\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Network inventory management software may include:</span></p>\r\n<ul><li>Number of routers, their make, type and place of installation, serial number</li><li>IP addresses of all devices/nodes, IP addressing scheme used</li><li>Number and type of software along with license keys and expiry dates</li></ul>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">This data helps businesses with:</span></p>\r\n<ul><li>Network size estimation</li><li>Network capacity planning</li><li>Network cost/ROI estimation</li><li>Physical network administration (to deal with device/equipment loss and theft)</li></ul>\r\n<h1 class=\"align-center\">What is SNMP Management Software?</h1>\r\n<span style=\"font-weight: bold; \">SNMP (Simple Network Management Protocol) management software</span> is an application or program used to manage and monitor many network devices – such as servers, printers, hubs, switches, and routers – that are SNMP-aware and which an SNMP agent software can poll and receive alert traps when needed.\r\nSNMP network management software is currently considered the best choice by professionals for IP (Internet Protocol) network management, and as a result, SNMP is widely supported and featured in many hardware devices and network management software packages. \r\nSNMP software is designed to be able to be deployed on a large number of network devices, to have minimal impact and transport requirements on the managed nodes and to continue working when most other network applications fail.\r\n\r\n","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Network_Management_Software.png"},{"id":299,"title":"Application and User Session Virtualization","alias":"application-and-user-session-virtualization","description":"Application virtualization is a technology that allows you to separate the software from the operating system on which it operates. Fully virtualized software is not installed in the traditional sense, although the end-user at first glance can not see it, because the virtualized software works just as normal. The software in the execution process works just as if it interacted with the operating system directly and with all its resources, but can be isolated or executed in a sandbox with different levels of restriction.\r\nModern operating systems, such as Microsoft Windows and Linux, can include limited software virtualization. For example, Windows 7 has Windows XP mode that allows you to run Windows XP software on Windows 7 without any changes.\r\nUser session virtualization is a newer version of desktop virtualization that works at the operating system level. While normal virtualization of the desktop allows an operating system to be run by virtualizing the hardware of the desktop, RDS and App-V allow for the virtualization of the applications. User session virtualization lies between the two.\r\nA desktop has an operating system loaded on the base hardware. This can be either physical or virtual. The user session virtualization keeps track of all changes to the operating system that a user might make by encapsulating the configuration changes and associating them to the user account. This allows the specific changes to be applied to the underlying operating system without actually changing it. This allows several users to have completely different operating system configurations applied to base operating system installation.\r\nIf you are in a distributed desktop environment and there are local file servers available at each location, you can deploy virtualized user sessions in the form of redirected folders and roaming profiles.","materialsDescription":" <span style=\"font-weight: bold;\">Understanding application virtualization</span>\r\nApplication virtualization technology isolates applications from the underlying operating system and from other applications to increase compatibility and manageability. This application virtualization technology enables applications to be streamed from a centralized location into an isolation environment on the target device where they will execute. The application files, configuration, and settings are copied to the target device and the application execution at run time is controlled by the application virtualization layer. When executed, the application run time believes that it is interfacing directly with the operating system when, in fact, it is interfacing with a virtualization environment that proxies all requests to the operating system.\r\n<span style=\"font-weight: bold;\">Understanding session virtualization</span>\r\nSession virtualization uses application streaming to deliver applications to hosting servers in the datacenter. The Application then connects the user to the server. The application then executes entirely on the server. The user interacts with the application remotely by sending mouse-clicks and keystrokes to the server. The server then responds by sending screen updates back to the user’s device. Whereas application virtualization is limited to Windows-based operating systems, session virtualization allows any user on any operating system to access any application delivered by IT. As a result, the application enables Windows, Mac, Linux, iOS and Android devices to run any applications using session virtualization. Furthermore, session virtualization leverages server-side processing power which liberates IT from the endless cycle of PC hardware refreshes which are typically needed to support application upgrades when using traditional application deployment methods.","iconURL":"https://roi4cio.com/fileadmin/user_upload/Application_and_User_Session_Virtualization__1_.png"},{"id":46,"title":"Data Protection and Recovery Software","alias":"data-protection-and-recovery-software","description":"Data protection and recovery software provide data backup, integrity and security for data backups and it enables timely, reliable and secure backup of data from a host device to destination device. Recently, Data Protection and Recovery Software market are disrupted by innovative technologies such as server virtualization, disk-based backup, and cloud services where emerging players are playing an important role. Tier one players such as IBM, Hewlett Packard Enterprise, EMC Corporation, Symantec Corporation and Microsoft Corporation are also moving towards these technologies through partnerships and acquisitions.\r\nThe major factor driving data protection and recovery software market is the high adoption of cloud-based services and technologies. Many organizations are moving towards the cloud to reduce their operational expenses and to provide real-time access to their employees. However, increased usage of the cloud has increased the risk of data loss and data theft and unauthorized access to confidential information, which increases the demand for data protection and recovery solution suites.","materialsDescription":" \r\n<span style=\"font-weight: bold; \">What is Data recovery?</span>\r\nData recovery is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a normal way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, magnetic tapes, CDs, DVDs, RAID subsystems, and other electronic devices. Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted by the host operating system (OS).\r\nThe most common data recovery scenario involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage or deletion, etc. (typically, on a single-drive, single-partition, single-OS system), in which case the ultimate goal is simply to copy all important files from the damaged media to another new drive. This can be easily accomplished using a Live CD or DVD by booting directly from a ROM instead of the corrupted drive in question. Many Live CDs or DVDs provide a means to mount the system drive and backup drives or removable media, and to move the files from the system drive to the backup media with a file manager or optical disc authoring software. Such cases can often be mitigated by disk partitioning and consistently storing valuable data files (or copies of them) on a different partition from the replaceable OS system files.\r\nAnother scenario involves a drive-level failure, such as a compromised file system or drive partition, or a hard disk drive failure. In any of these cases, the data is not easily read from the media devices. Depending on the situation, solutions involve repairing the logical file system, partition table or master boot record, or updating the firmware or drive recovery techniques ranging from software-based recovery of corrupted data, hardware- and software-based recovery of damaged service areas (also known as the hard disk drive's "firmware"), to hardware replacement on a physically damaged drive which allows for extraction of data to a new drive. If a drive recovery is necessary, the drive itself has typically failed permanently, and the focus is rather on a one-time recovery, salvaging whatever data can be read.\r\nIn a third scenario, files have been accidentally "deleted" from a storage medium by the users. Typically, the contents of deleted files are not removed immediately from the physical drive; instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by other data files.\r\nThe term "data recovery" is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.\r\n<span style=\"font-weight: bold;\">What is a backup?</span>\r\nA backup, or data backup, or the process of backing up, refers to the copying into an archive file of computer data that is already in secondary storage—so that it may be used to restore the original after a data loss event. The verb form is "back up" (a phrasal verb), whereas the noun and adjective form is "backup".\r\nBackups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data deletion or corruption. Data loss can be a common experience of computer users; a 2008 survey found that 66% of respondents had lost files on their home PC. The secondary purpose of backups is to recover data from an earlier time, according to a user-defined data retention policy, typically configured within a backup application for how long copies of data are required. Though backups represent a simple form of disaster recovery and should be part of any disaster recovery plan, backups by themselves should not be considered a complete disaster recovery plan. One reason for this is that not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server by simply restoring data from a backup.\r\nSince a backup system contains at least one copy of all data considered worth saving, the data storage requirements can be significant. Organizing this storage space and managing the backup process can be a complicated undertaking. A data repository model may be used to provide structure to the storage. Nowadays, there are many different types of data storage devices that are useful for making backups. There are also many different ways in which these devices can be arranged to provide geographic redundancy, data security, and portability.\r\nBefore data are sent to their storage locations, they are selected, extracted, and manipulated. Many different techniques have been developed to optimize the backup procedure. These include optimizations for dealing with open files and live data sources as well as compression, encryption, and de-duplication, among others. Every backup scheme should include dry runs that validate the reliability of the data being backed up. It is important to recognize the limitations and human factors involved in any backup scheme.","iconURL":"https://roi4cio.com/fileadmin/user_upload/Data_Protection_and_Recovery_Software__1_.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"http://www.amt.ru/web/ru/arhiv/-/asset_publisher/yxdwXflc0xp2/content/amt-grup-modernizirovala-it-infrastrukturu-nacional-nogo-banka-kyrgyzskoj-respubliki?inheritRedirect=false&redirect=http%3A%2F%2Fwww.amt.ru%2Fweb%2Fru%2Farhiv%3Fp_p_id%3D101_INSTANCE_yxdwXflc0xp2%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_p_col_id%3Dcolumn-1%26p_p_col_count%3D1%26_101_INSTANCE_yxdwXflc0xp2_advancedSearch%3Dfalse%26_101_INSTANCE_yxdwXflc0xp2_keywords%3D%26_101_INSTANCE_yxdwXflc0xp2_delta%3D20%26p_r_p_564233524_resetCur%3Dfalse%26_101_INSTANCE_yxdwXflc0xp2_cur%3D4%26_101_INSTANCE_yxdwXflc0xp2_andOperator%3Dtrue","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":428,"title":"TrapX DeceptionGrid Platform for financial industry","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold; \">Attackers Target Authentication Data</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold; \">Project Background - a Technology Evaluation</span>\r\nOur financial case study focuses on a global insurance institution. Prior toour involvement, there were absolutely no indicators of malware infection or persistent threats visible to the customer. The customer had a robustindustry suite of cyber defense products which included a firewall, antivirussuites, intrusion detection software, endpoint security and othersoftware.\r\nWithin a short period of time, the TrapX DeceptionGrid generatedALERTS and identified two malicious separate processes involved inunauthorized lateral movement within the insurance company network.\r\nUpon analysis it was determined that both of these malicious processeswere communicating with multiple connection points in Russia.\r\nThese connection points in Russia and the other injected softwarecaptured worked together as an advanced password stealer. The attackerspenetrated the network and had captured password information. This targeted theft of authentication credentials represented a serious threat tothe integrity of the company's overall operations. At this time it has notbeen determined to what extent passwords were captured prior todetection.\r\nOther malware of lower risk identified by DeceptionGrid included Trj/Downloader.LEK Trojan, TROJ_QHOST.DB Trojan, and theW32.Greypack worm. All of these were not detected by the customersexisting cyber suite. Analysis suggests at least one of them might havebeen detected but the alerts were missed against the volume of overallalert traffic.\r\n\r\n<span style=\"font-weight: bold;\">Critical and Confidential Authentication Credentials at Risk</span>\r\nTrapX determined that critical and confidential password data was beingexfiltrated to Russia. The scope of data compromise is still underinvestigation at this time and the global insurance firm has taken preemptivemeasures to replace credentials on suspected software systems. \r\n","alias":"trapx-deceptiongrid-platform-for-financial-industry","roi":0,"seo":{"title":"TrapX DeceptionGrid Platform for financial industry","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold; \">Attackers Target Authentication Data</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold; \">Pro","og:title":"TrapX DeceptionGrid Platform for financial industry","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold; \">Attackers Target Authentication Data</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold; \">Pro"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""},"vendors":[{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""}],"products":[{"id":1724,"logo":false,"scheme":false,"title":"TrapX DeceptionGrid platform","vendorVerified":0,"rating":"3.30","implementationsCount":5,"presenterCode":"https://slides.roi4presenter.com/presentation/0f7b0859d2a2a6d267c6c39d1887edbf","suppliersCount":0,"alias":"trapx-deceptiongrid-platform","companyTypes":[],"description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defeat Advanced Cyber Attackers. </b>\r\nDeceptionGrid, named the Best Deception Technology of 2018, deploys a shifting minefield of Traps (decoys) and Deception Tokens (lures) that appear identical to your real IT & IoT assets that no attacker can avoid.\r\n<b>Actionable Intelligence </b>\r\nJust one touch of a Trap by an attacker sets off a high-confidence alert. DeceptionGrid integrates with key elements of the network and security ecosystem to contain attacks and enable a return to normal operations.\r\n<b>The Deception Product of Choice </b>\r\nDeceptionGrid analyzes your network and automatically provisions hundreds-to-thousands of Traps and Lures. Each Trap is tailor-made to be identical to your native environment. Attackers can never tell what’s real and what’s fake because each Trap is designed to look and behave exactly like your real assets. In addition, Traps can also be camouflaged as any specialized IoT and OT devices.\r\n<b>Gain Access to a Powerful Community </b>\r\nFor the first time, defenders can collaborate and share deceptive counter-measures with each other. The DeceptionNet Community enables cyber-security teams to deceive cyber attackers by sharing deception strategies, new types of Traps, third-party connectors, best practices and more.\r\n<b>Deception Tokens </b>\r\nDeception Tokens (lures) appear as ordinary files, scripts and configurations, are embedded within real IT assets to bait and divert attackers away from real high value assets and into the traps.\r\n<b>Active Traps </b>\r\nActive Traps create a stream of false network traffic between deployed Traps to confuse and divert attackers that monitor the network traffic.\r\n<b><ins>Emulated Traps </ins></b>\r\n<b>Medium Interaction Emulated Traps </b>\r\nOur patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and Traps tailor-made to your organization’s native environment. After a Trap is interacted with and the cyber-attack is thwarted, the Trap will change its shape and location, so the attacker will never learn if something is a Trap or a real asset.\r\n<b>Hundreds of New Industry Templates </b>\r\nThe DeceptionNet Community now offers hundreds of new industry templates (updated regularly) that are available for your use. In addition, our patented medium interaction traps also include expanded templates for specialized devices based on specific industries. These templates include, ATM and SWIFT assets for financial services, Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more. This allows you to determine if attackers are targeting your specialized devices that are often vulnerable to attack.\r\n<b><ins>FullOS Traps </ins></b>\r\n<b>High Interaction (Full Operating System) Traps </b>\r\nDeceptionGrid enables the provision of full operating system (FullOS) Traps. Our medium interaction Traps automatically extend engaged attackers through our smart deception to our FullOS Traps for the deepest attacker diversion and engagement. FullOS Traps also enable you to clone existing assets – you can completely replicate actual production servers to further deceive attackers.","shortDescription":"The TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement, Advanced Persistent Threats (APTs) and sophisticated cybercriminals","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","keywords":"from, TrapX, DeceptionGrid, breach, attack, platform, intelligence, remediation, protects, assets, malicious insiders, lateral-movement, Advanced Persistent Threats (APTs), sophisticated cybercriminals, Console, Attack Visualization, security operations team, intrusion, Attacker ID, attack identification, human attacker, automated attack tools, security teams, Automated Provisioning, Deception Tokens, Active Traps, Emulated Traps, Medium Interaction Emulated Traps, FullOS Traps, High Interaction (Full Operating System) Traps","description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe","og:title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","og:description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe"},"eventUrl":"","translationId":1723,"dealDetails":{"avgPartnerDiscount":30,"dealProtection":1,"avgDealSize":30000,"dealSizeCurrency":"","avgDealClosing":3},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"It is required to transfer the customer data to the vendor in order to receive a testing version for 30 days","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"}]}},"categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://trapx.com/wp-content/uploads/2017/08/Case_Study_TrapX_Finance_Insurance.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":429,"title":"TrapX DeceptionGrid Platform for National Government","description":"<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); font-weight: bold; \">Multiple Attackers Penetrate National Agency</span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); font-weight: bold; \">Project Background - a Technology Evaluation</span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); \">Our case study focuses on a large national government agency. This agency has hundreds of employees and has multiple facilities disbursed over a large geographic area. This agency wanted to learn more about deception technology as part of their regular evaluation of cyber security vendors.</span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); font-weight: bold; \">Massive Penetration by Attackers Detected in Multiple Areas</span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); \">DeceptionGrid was placed into operation. Starting almost immediately and over the course of several weeks the government security operations command (SOC) team received multiple High Priority Alerts. This was one of the most massive attacks we have ever discovered. We identified multiple attackers in several areas to include over five (5+) attackers using malware servers, over five (5+) attackers linking back data flow to botnet c&c servers and over fifty (50+) remote attackers using TOR anonymous proxy to hide source IP addresses. In some cases the malware was automatically trapped and injected into the sandbox for continued analysis. Multiple attackers had established command and control and had bypassed the complete array of existing intrusion detection, firewall, endpoint and perimeter cyber software defense.</span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); \">Malware found included Cryptowall, P2P Malware, Trojan-Banker, TrojanRansome, Mobogenie.B and WS.Reputation.1. </span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); font-weight: bold; \">Exfiltration of Data Discovered - Broadscale Remediation Required</span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); \">It is clear that multiple attackers have successfully exfiltrated data from this government agency. The attack vectors varied substantially and compromised workstations and servers across multiple departments. Required remediation was done on a broad scale and included reprovisioning of both workstations and servers. The government involved has been forced to either re-provision on a large scale, or, to perform more time intensive memory dump analysis to better understand the extent of the penetration by this varied mix of attackers. Source attacker IP adresses as known are confidential at this time and part of an ongoing criminal investigation.</span>","alias":"trapx-deceptiongrid-platform-for-national-government","roi":0,"seo":{"title":"TrapX DeceptionGrid Platform for National Government","keywords":"","description":"<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); font-weight: bold; \">Multiple Attackers Penetrate National Agency</span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); font-weight: bol","og:title":"TrapX DeceptionGrid Platform for National Government","og:description":"<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); font-weight: bold; \">Multiple Attackers Penetrate National Agency</span>\r\n<span style=\"font-size: 12px; font-family: Verdana, sans-serif; color: rgb(0, 0, 0); font-weight: bol"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""},"vendors":[{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""}],"products":[{"id":1724,"logo":false,"scheme":false,"title":"TrapX DeceptionGrid platform","vendorVerified":0,"rating":"3.30","implementationsCount":5,"presenterCode":"https://slides.roi4presenter.com/presentation/0f7b0859d2a2a6d267c6c39d1887edbf","suppliersCount":0,"alias":"trapx-deceptiongrid-platform","companyTypes":[],"description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defeat Advanced Cyber Attackers. </b>\r\nDeceptionGrid, named the Best Deception Technology of 2018, deploys a shifting minefield of Traps (decoys) and Deception Tokens (lures) that appear identical to your real IT & IoT assets that no attacker can avoid.\r\n<b>Actionable Intelligence </b>\r\nJust one touch of a Trap by an attacker sets off a high-confidence alert. DeceptionGrid integrates with key elements of the network and security ecosystem to contain attacks and enable a return to normal operations.\r\n<b>The Deception Product of Choice </b>\r\nDeceptionGrid analyzes your network and automatically provisions hundreds-to-thousands of Traps and Lures. Each Trap is tailor-made to be identical to your native environment. Attackers can never tell what’s real and what’s fake because each Trap is designed to look and behave exactly like your real assets. In addition, Traps can also be camouflaged as any specialized IoT and OT devices.\r\n<b>Gain Access to a Powerful Community </b>\r\nFor the first time, defenders can collaborate and share deceptive counter-measures with each other. The DeceptionNet Community enables cyber-security teams to deceive cyber attackers by sharing deception strategies, new types of Traps, third-party connectors, best practices and more.\r\n<b>Deception Tokens </b>\r\nDeception Tokens (lures) appear as ordinary files, scripts and configurations, are embedded within real IT assets to bait and divert attackers away from real high value assets and into the traps.\r\n<b>Active Traps </b>\r\nActive Traps create a stream of false network traffic between deployed Traps to confuse and divert attackers that monitor the network traffic.\r\n<b><ins>Emulated Traps </ins></b>\r\n<b>Medium Interaction Emulated Traps </b>\r\nOur patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and Traps tailor-made to your organization’s native environment. After a Trap is interacted with and the cyber-attack is thwarted, the Trap will change its shape and location, so the attacker will never learn if something is a Trap or a real asset.\r\n<b>Hundreds of New Industry Templates </b>\r\nThe DeceptionNet Community now offers hundreds of new industry templates (updated regularly) that are available for your use. In addition, our patented medium interaction traps also include expanded templates for specialized devices based on specific industries. These templates include, ATM and SWIFT assets for financial services, Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more. This allows you to determine if attackers are targeting your specialized devices that are often vulnerable to attack.\r\n<b><ins>FullOS Traps </ins></b>\r\n<b>High Interaction (Full Operating System) Traps </b>\r\nDeceptionGrid enables the provision of full operating system (FullOS) Traps. Our medium interaction Traps automatically extend engaged attackers through our smart deception to our FullOS Traps for the deepest attacker diversion and engagement. FullOS Traps also enable you to clone existing assets – you can completely replicate actual production servers to further deceive attackers.","shortDescription":"The TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement, Advanced Persistent Threats (APTs) and sophisticated cybercriminals","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","keywords":"from, TrapX, DeceptionGrid, breach, attack, platform, intelligence, remediation, protects, assets, malicious insiders, lateral-movement, Advanced Persistent Threats (APTs), sophisticated cybercriminals, Console, Attack Visualization, security operations team, intrusion, Attacker ID, attack identification, human attacker, automated attack tools, security teams, Automated Provisioning, Deception Tokens, Active Traps, Emulated Traps, Medium Interaction Emulated Traps, FullOS Traps, High Interaction (Full Operating System) Traps","description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe","og:title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","og:description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe"},"eventUrl":"","translationId":1723,"dealDetails":{"avgPartnerDiscount":30,"dealProtection":1,"avgDealSize":30000,"dealSizeCurrency":"","avgDealClosing":3},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"It is required to transfer the customer data to the vendor in order to receive a testing version for 30 days","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"}]}},"categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://trapx.com/wp-content/uploads/2017/08/Case_Study_TrapX_NationalGovernment.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":430,"title":"TrapX DeceptionGrid Platform for Software Vendor","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Attackers Target Software Company</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Project Background - a Technology Evaluation</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Our case study focuses on a leading software vendor that provides software through cloud services to their customers in healthcare. This customer's information technology team invested very substantially in defense-in-depth cyber defense software. Their security operations center regularly detected malware and was able to routinely remediate all of these known incidents.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The customer had a strong industry suite of cyber defense products which included firewalls, anti virus suites, intrusion detection software, endpoint security and other software. Our initial installation included over ten (10) vLANS.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">DeceptionGrid was placed into operation. Almost immediately the customer information technology staff received multiple High Priority Alerts. These included identified suspicious activity and led to the discovery of several network misconfigurations. Several internal internet addresses were exposed to the internet and open to a variety of high risk protocols. Inbound connections from attackers were operational via SSH, Telnet and Remote Desktop. A TOR (anonymous proxy) obfuscated web crawler had mapped all of the exposed hosts.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Some of the malware was automatically trapped and injected into the sandbox by DeceptionGrid for continued analysis. The attackers had multiple command and control points and had bypassed the complete array of existing security.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Multiple Concurrent Attackers Detected and Remediated</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">A full investigation continued as DeceptionGrid continued to monitor and capture malware movement. Multiple command and control point in six (6) workstations were linked to attackers in Beijing China, Moldava, and the multiple locations within Ukraine. Dozens of workstations had to be reprovisioned to eliminate access. Manual memory dump and analysis was required across many information technology assets to identify the full scope of the extensive and previously undetected attacker activity. Scope of Data Theft Remains Indeterminate Multiple attackers accessed this technology company's networks workstations and servers. The scope of intellectual property data exfiltration and theft is unknown but under continued investigation. </span>","alias":"trapx-deceptiongrid-platform-for-software-vendor","roi":0,"seo":{"title":"TrapX DeceptionGrid Platform for Software Vendor","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Attackers Target Software Company</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Project ","og:title":"TrapX DeceptionGrid Platform for Software Vendor","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Attackers Target Software Company</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Project "},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""},"vendors":[{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""}],"products":[{"id":1724,"logo":false,"scheme":false,"title":"TrapX DeceptionGrid platform","vendorVerified":0,"rating":"3.30","implementationsCount":5,"presenterCode":"https://slides.roi4presenter.com/presentation/0f7b0859d2a2a6d267c6c39d1887edbf","suppliersCount":0,"alias":"trapx-deceptiongrid-platform","companyTypes":[],"description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defeat Advanced Cyber Attackers. </b>\r\nDeceptionGrid, named the Best Deception Technology of 2018, deploys a shifting minefield of Traps (decoys) and Deception Tokens (lures) that appear identical to your real IT & IoT assets that no attacker can avoid.\r\n<b>Actionable Intelligence </b>\r\nJust one touch of a Trap by an attacker sets off a high-confidence alert. DeceptionGrid integrates with key elements of the network and security ecosystem to contain attacks and enable a return to normal operations.\r\n<b>The Deception Product of Choice </b>\r\nDeceptionGrid analyzes your network and automatically provisions hundreds-to-thousands of Traps and Lures. Each Trap is tailor-made to be identical to your native environment. Attackers can never tell what’s real and what’s fake because each Trap is designed to look and behave exactly like your real assets. In addition, Traps can also be camouflaged as any specialized IoT and OT devices.\r\n<b>Gain Access to a Powerful Community </b>\r\nFor the first time, defenders can collaborate and share deceptive counter-measures with each other. The DeceptionNet Community enables cyber-security teams to deceive cyber attackers by sharing deception strategies, new types of Traps, third-party connectors, best practices and more.\r\n<b>Deception Tokens </b>\r\nDeception Tokens (lures) appear as ordinary files, scripts and configurations, are embedded within real IT assets to bait and divert attackers away from real high value assets and into the traps.\r\n<b>Active Traps </b>\r\nActive Traps create a stream of false network traffic between deployed Traps to confuse and divert attackers that monitor the network traffic.\r\n<b><ins>Emulated Traps </ins></b>\r\n<b>Medium Interaction Emulated Traps </b>\r\nOur patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and Traps tailor-made to your organization’s native environment. After a Trap is interacted with and the cyber-attack is thwarted, the Trap will change its shape and location, so the attacker will never learn if something is a Trap or a real asset.\r\n<b>Hundreds of New Industry Templates </b>\r\nThe DeceptionNet Community now offers hundreds of new industry templates (updated regularly) that are available for your use. In addition, our patented medium interaction traps also include expanded templates for specialized devices based on specific industries. These templates include, ATM and SWIFT assets for financial services, Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more. This allows you to determine if attackers are targeting your specialized devices that are often vulnerable to attack.\r\n<b><ins>FullOS Traps </ins></b>\r\n<b>High Interaction (Full Operating System) Traps </b>\r\nDeceptionGrid enables the provision of full operating system (FullOS) Traps. Our medium interaction Traps automatically extend engaged attackers through our smart deception to our FullOS Traps for the deepest attacker diversion and engagement. FullOS Traps also enable you to clone existing assets – you can completely replicate actual production servers to further deceive attackers.","shortDescription":"The TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement, Advanced Persistent Threats (APTs) and sophisticated cybercriminals","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","keywords":"from, TrapX, DeceptionGrid, breach, attack, platform, intelligence, remediation, protects, assets, malicious insiders, lateral-movement, Advanced Persistent Threats (APTs), sophisticated cybercriminals, Console, Attack Visualization, security operations team, intrusion, Attacker ID, attack identification, human attacker, automated attack tools, security teams, Automated Provisioning, Deception Tokens, Active Traps, Emulated Traps, Medium Interaction Emulated Traps, FullOS Traps, High Interaction (Full Operating System) Traps","description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe","og:title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","og:description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe"},"eventUrl":"","translationId":1723,"dealDetails":{"avgPartnerDiscount":30,"dealProtection":1,"avgDealSize":30000,"dealSizeCurrency":"","avgDealClosing":3},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"It is required to transfer the customer data to the vendor in order to receive a testing version for 30 days","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"}]}},"categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://trapx.com/wp-content/uploads/2017/08/Case_Study_TrapX_Software.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":431,"title":"TrapX DeceptionGrid Platform for Law Enforcement","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Attackers Target Law Enforcement Data</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Project Background - a Technology Evaluation</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Our case study focuses on a prominent law enforcement agency. This agency has responsibility for many activities which may include highly sensitive investigations into organized crime and terrorist activity. This agency is always interested in improving their cyber defenses and has a large budget dedicated to technology acquisition. Priorities for this agency include the protection of the confidentiality of their ongoing operations, internal processes and their personnel.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">This agency conducted a survey of technology vendors and wanted to learn more about deception technology. They were familiar with legacy honeypot technology and found it to be far to expensive to implement both in terms of resources and financial cost. This agency was very cautious and had partitioned several networks within the enterprise. Some were to be used for highly confidential (classified) data only - others for data of lesser confidentiality.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Advanced Persistent Threat Leverages Lapse in Protocol</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">DeceptionGrid was placed into operation. Within one week the customer security operations (SOC) team received a High Priority Alert indicating the lateral movement of an advanced threat. The malware was automatically trapped and injected into the sandbox for continued analysis. The attackers had established sophisticated command and control and had bypassed the complete array of existing intrusion detection, firewall, endpoint and perimeter cyber software defense.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">A full investigation continued as DeceptionGrid continued to monitor and capture malware movement. The agency's security operations team determined that there was an internal breach in their protocol. A connection, in breach of the agency's operting procedures, was found between their secure network and one of the less secure networks (lower security rating). This breach in protocol enabled the attacker's access .</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Exfiltration of Data Discovered and Halted</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The attacker was found to have moved without detection throughout the law enforcement agency network and servers. There were over ten explicit lateral movements made prior to detection by DeceptionGrid. The attacker found and exfiltrated data including the confidential records of agency personnel, their I.D information, their photographs and other highly confidential data. DeceptionGrid enabled the agency to disrupt the attack and then confidently restore normal security protocols.</span>","alias":"trapx-deceptiongrid-platform-for-law-enforcement","roi":0,"seo":{"title":"TrapX DeceptionGrid Platform for Law Enforcement","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Attackers Target Law Enforcement Data</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Proj","og:title":"TrapX DeceptionGrid Platform for Law Enforcement","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Attackers Target Law Enforcement Data</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Proj"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""},"vendors":[{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""}],"products":[{"id":1724,"logo":false,"scheme":false,"title":"TrapX DeceptionGrid platform","vendorVerified":0,"rating":"3.30","implementationsCount":5,"presenterCode":"https://slides.roi4presenter.com/presentation/0f7b0859d2a2a6d267c6c39d1887edbf","suppliersCount":0,"alias":"trapx-deceptiongrid-platform","companyTypes":[],"description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defeat Advanced Cyber Attackers. </b>\r\nDeceptionGrid, named the Best Deception Technology of 2018, deploys a shifting minefield of Traps (decoys) and Deception Tokens (lures) that appear identical to your real IT & IoT assets that no attacker can avoid.\r\n<b>Actionable Intelligence </b>\r\nJust one touch of a Trap by an attacker sets off a high-confidence alert. DeceptionGrid integrates with key elements of the network and security ecosystem to contain attacks and enable a return to normal operations.\r\n<b>The Deception Product of Choice </b>\r\nDeceptionGrid analyzes your network and automatically provisions hundreds-to-thousands of Traps and Lures. Each Trap is tailor-made to be identical to your native environment. Attackers can never tell what’s real and what’s fake because each Trap is designed to look and behave exactly like your real assets. In addition, Traps can also be camouflaged as any specialized IoT and OT devices.\r\n<b>Gain Access to a Powerful Community </b>\r\nFor the first time, defenders can collaborate and share deceptive counter-measures with each other. The DeceptionNet Community enables cyber-security teams to deceive cyber attackers by sharing deception strategies, new types of Traps, third-party connectors, best practices and more.\r\n<b>Deception Tokens </b>\r\nDeception Tokens (lures) appear as ordinary files, scripts and configurations, are embedded within real IT assets to bait and divert attackers away from real high value assets and into the traps.\r\n<b>Active Traps </b>\r\nActive Traps create a stream of false network traffic between deployed Traps to confuse and divert attackers that monitor the network traffic.\r\n<b><ins>Emulated Traps </ins></b>\r\n<b>Medium Interaction Emulated Traps </b>\r\nOur patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and Traps tailor-made to your organization’s native environment. After a Trap is interacted with and the cyber-attack is thwarted, the Trap will change its shape and location, so the attacker will never learn if something is a Trap or a real asset.\r\n<b>Hundreds of New Industry Templates </b>\r\nThe DeceptionNet Community now offers hundreds of new industry templates (updated regularly) that are available for your use. In addition, our patented medium interaction traps also include expanded templates for specialized devices based on specific industries. These templates include, ATM and SWIFT assets for financial services, Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more. This allows you to determine if attackers are targeting your specialized devices that are often vulnerable to attack.\r\n<b><ins>FullOS Traps </ins></b>\r\n<b>High Interaction (Full Operating System) Traps </b>\r\nDeceptionGrid enables the provision of full operating system (FullOS) Traps. Our medium interaction Traps automatically extend engaged attackers through our smart deception to our FullOS Traps for the deepest attacker diversion and engagement. FullOS Traps also enable you to clone existing assets – you can completely replicate actual production servers to further deceive attackers.","shortDescription":"The TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement, Advanced Persistent Threats (APTs) and sophisticated cybercriminals","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","keywords":"from, TrapX, DeceptionGrid, breach, attack, platform, intelligence, remediation, protects, assets, malicious insiders, lateral-movement, Advanced Persistent Threats (APTs), sophisticated cybercriminals, Console, Attack Visualization, security operations team, intrusion, Attacker ID, attack identification, human attacker, automated attack tools, security teams, Automated Provisioning, Deception Tokens, Active Traps, Emulated Traps, Medium Interaction Emulated Traps, FullOS Traps, High Interaction (Full Operating System) Traps","description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe","og:title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","og:description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe"},"eventUrl":"","translationId":1723,"dealDetails":{"avgPartnerDiscount":30,"dealProtection":1,"avgDealSize":30000,"dealSizeCurrency":"","avgDealClosing":3},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"It is required to transfer the customer data to the vendor in order to receive a testing version for 30 days","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"}]}},"categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://trapx.com/wp-content/uploads/2017/08/Case_Study_TrapX_StateLawEnforcement.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":433,"title":"Barracuda NGFW on AWS for software provider","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Club Automation drives new business growth, safely migrates its health club management application to AWS, protects customer data, and provisions firewalls in 15 minutes instead of several hours by using Barracuda NextGen Firewalls on the AWS Cloud. The organization provides cloud-based enterprise resource planning (ERP) software for health and athletic clubs throughout the United States. Club Automation migrated its applications to AWS and uses Barracuda firewalls provisioned through the AWS Marketplace.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold; \">About Club Automation</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Club Automation a leading cloudbased software provider with a mission of contributing to a healthier and more active world by empowering more-efficient health and fitness club management. Based in Chicago, the company offers a software-as-a-service (SaaS) solution that enables health and fitness clubs to run their facilities effortlessly.</span>\r\n\r\n<span style=\"font-weight: bold; \">The Challenge </span>\r\nNot long ago, Club Automation was a small upstart company in the health club software industry with a big goal: to revolutionize the entire industry with a SaaS enterprise resource planning (ERP) solution that manages all parts of a health club’s business. The company is now experiencing explosive business growth. <span style=\"font-weight: bold; font-style: italic; \">“We came into the club ERP space as an underdog, but we’ve grown extremely fast,” says Max Longin, a founding partner at the company. “About 70 percent of our total revenue as a company has come in the past year.” Even so, Longin considers this a period of “controlled growth.” “We have not really been marketing ourselves—our new customers have been coming to us through word of mouth. Our concern has been that if our systems are not ready to scale to support more growth, we could compromise performance and our customers’ experience.”</span>\r\nTo address that concern, Club Automation sought to move its SaaS application to a new cloud technology provider.<span style=\"font-weight: bold; font-style: italic; \"> “We needed more agility and scalability than we had with our previous hybrid-cloud solution, which included a secure but legacy private-cloud environment,” Longin confirms. “We had to scale ahead of required capacity, which was costly and required a lot of planning. We wanted to be more agile, so we could quickly roll out new apps and features for our customers.”</span>\r\nAs Club Automation considered new cloud technologies, it also needed to ensure strong security for its application workloads. <span style=\"font-weight: bold; font-style: italic; \">“We operate in a cardholder environment, and our solution needs to be PCI compliant and highly secure,” Longin says. “We can’t allow access to our backend systems by anyone other than our developers. We had to eliminate attack surface areas within a cloud environment, and we needed the security to enable our business to move our workloads to the cloud safely.”</span>\r\n<span style=\"font-weight: bold; \">Why Amazon Web Services </span>\r\nClub Automation decided to move its SaaS application to the Amazon Web Services (AWS) cloud, in part because AWS addressed the company’s security and performance challenges. “Previously, we were not set up to support geographic growth, because we only had a few dispersed data centers and we had challenges deploying security quickly and getting solid performance in all areas of the United States,” Longin says. “We looked at Microsoft Azure, but it wasn’t the right solution for our needs,” says Longin. “AWS fit like a glove, and it offers the best services for our business.” Club Automation runs its web servers on Amazon Elastic Compute Cloud (Amazon EC2) instances and runs background jobs on AWS Elastic Beanstalk, a service for deploying and scaling web applications. The company is also using Amazon Aurora, a hosted relational database service, to store and manage customer membership and financial data.\r\nTo safely migrate its SaaS application workloads to AWS, Club Automation chose to work with Barracuda Networks, an AWS Partner Network (APN) Advanced Technology Partner with an AWS Security Competency certification. Barracuda provides firewalls engineered for AWS to help customers deploy a comprehensive security architecture and increase protection against cyberattacks and advanced threats. “I had a previous business relationship with Barracuda and was impressed with the stability of the solutions,” Longin says. Club Automation deployed Barracuda NextGen Firewalls to help secure the company’s AWS environment. The firewalls are installed on an Amazon EC2 instance in the Club Automation Amazon Virtual Private Cloud (Amazon VPC). Each firewall sits in a public subnet, protecting against unauthorized access to the private subnets where the cardholder data environment is located.\r\nClub Automation was able to easily purchase and deploy the Barracuda firewalls through the AWS Marketplace, an online store where customers can find software and services from AWS partners so they can build solutions and run their businesses.\r\n\r\n<span style=\"font-weight: bold;\">The Benefits</span>\r\n By moving its SaaS application to the AWS Cloud, Club Automation has been able to keep up with its rapid rate of growth. “AWS makes it very easy for us to scale and innovate,” says Longin. “We needed the right platform to enable growth, and we have that. Instead of having to carefully control growth because of platform limitations, we can scale on demand to support an increasing number of clubs with our application. We no longer have any restrictions on how large or fast we grow.” The company now has the agility to respond quickly to customer needs and can deploy its solutions 30–40 percent faster. Longin says, “We have to innovate by giving clubs the features they’re looking for. For example, we’re currently rolling out a new mobile app, branded by each club, and we could not have done that without using AWS and Barracuda.”\r\nClub Automation is taking advantage of Barracuda firewalls to help secure its growing number of AWS services. “We are using the Barracuda NextGen Firewalls, provisioned through the AWS Marketplace, to effectively guard our application against web-based attacks and application layer attacks,” says Longin. “The Barracuda solution plugs in seamlessly to our AWS environment, and it is doing its job of minimizing the attack surface area and helping our customers keep club member cardholder data protected.”\r\nClub Automation has also decreased the amount of time the configuration process took with its previous firewall solution. Barracuda offerings on the AWS Marketplace support AWS CloudFormation templates, which allow developers and administrators to deploy applications within a stack of AWS-related resources. <span style=\"font-weight: bold; font-style: italic;\">“The Barracuda firewall is a self-service, cloud-based solution that takes less than 15 minutes to get up and running, as opposed to the hours and sometimes days the previous solution took,” Longin says. “Provisioning new users is much simpler and faster. Instead of opening a support ticket and waiting for it to be addressed, we can just go into AWS and provision new users ourselves. This is a key benefit for us as we keep growing.”</span>\r\nRelying on Barracuda, Club Automation enabled its IT team to securely move its SaaS workloads to AWS. <span style=\"font-weight: bold; font-style: italic;\">“We had considered using a cloud solution a few years ago, but cloud offerings were not what they are today, and security solutions like Barracuda’s were not available,” says Longin. “Our move to AWS would not have been possible without Barracuda firewalls,” remarks Longin. “Using Barracuda helped us safely transition more of our workloads to AWS, and we expect our full production environment to be all-in on AWS by the end of the year.”</span>\r\nIn addition, Club Automation benefited from the ease of deployment from the AWS Marketplace.<span style=\"font-weight: bold; font-style: italic;\"> “It couldn’t have been more simple,” says Longin. “All we had to do was find the solution and then quickly configure and deploy it through the AWS Marketplace. In the software industry, it’s rare when something works as expected, but the AWS Marketplace did just that.” In the near future, Club Automation expects to use the marketplace for the upcoming Barracuda metered billing service. “With metered billing, we will be able to consume Barracuda services in the same way we consume AWS services, which will be very cost-effective for us,” </span>Longin says.\r\nPreviously, Club Automation had been holding back on expansion and had only grown through word of mouth, because it was concerned that its IT staff could not support rapid expansion. Now, using AWS, the company is poised for major growth.<span style=\"font-weight: bold; font-style: italic;\"> “We are ready and able to grow,” says Longin. “We have started hiring inside sales representatives and creating marketing plans, because we have a platform that enables scalability and expansion while also allowing us to maintain our high standards of customer service. To keep growing fast, we need agility and innovation. That’s what fueled our transition to AWS and Barracuda, and it will continue fueling our growth in this industry.”</span>","alias":"barracuda-ngfw-on-aws-for-software-provider","roi":0,"seo":{"title":"Barracuda NGFW on AWS for software provider","keywords":"Barracuda, Automation, Club, Longin, says, solution, with, that","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Club Automation drives new business growth, safely migrates its health club management application to AWS, protects customer data, and provisions firewalls in 15 minutes ins","og:title":"Barracuda NGFW on AWS for software provider","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Club Automation drives new business growth, safely migrates its health club management application to AWS, protects customer data, and provisions firewalls in 15 minutes ins"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":4196,"title":"Club Automation","logoURL":"https://roi4cio.com/uploads/roi/company/Club_Automation.png","alias":"club-automation","address":"","roles":[],"description":"Club Automation is the leading cloud-based club management software provider for the health and athletic club industry.\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Club Automation's mission is to contribute to a healthier and more active world by empowering health and fitness clubs to run their facilities effortlessly.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"> </span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">We started with our own club - now it's your turn</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Club Automation started after club owner Jeff VanDixhorn wanted something to manage all parts of his business - from front desk to back end. He partnered with developer Max Longin and together they built a web-based solution that totally transformed the way his clubs operated. They soon realized that their solution can do much more than just help his own facilities - it can revolutionize the entire industry!</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Today, Club Automation is a leading cloud-based software provider that helps the health and athletic industry to manage their clubs more efficiently. </span>","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":2,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.clubautomation.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Club Automation","keywords":"Club, Automation, club, that, their, more, clubs, industry","description":"<div>Club Automation is the leading cloud-based club management software provider for the health and athletic club industry.\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Club Automation's mission is to contribute to a","og:title":"Club Automation","og:description":"<div>Club Automation is the leading cloud-based club management software provider for the health and athletic club industry.\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Club Automation's mission is to contribute to a","og:image":"https://roi4cio.com/uploads/roi/company/Club_Automation.png"},"eventUrl":""},"vendors":[{"id":176,"title":"Amazon Web Services","logoURL":"https://roi4cio.com/uploads/roi/company/aws_logo.png","alias":"amazon-web-services","address":"","roles":[],"description":" <span lang=\"EN-US\">Amazon Web Services (AWS) is the world's largest cloud service provider. Since 2006, the company has been offering customers various elements of a virtual IT infrastructure in the form of web services. Today AWS offers about 70 cloud services deployed on the basis of more than a hundred of its own data centers located in the United States, Europe, Brazil, Singapore, Japan, and Australia. Services include computing power, secure storage, analytics, mobile applications, databases, IoT solutions, and more. Customers pay only for the services they consume, dynamically expanding or contracting cloud resources as needed.</span> \r\n<span lang=\"EN-US\"> </span>\r\n<span lang=\"EN-US\"><span lang=\"en\">Through</span></span> cloud computing, companies do not need to pre-plan the use of servers and other IT infrastructure and pay for all this for several weeks or months in advance. Instead, they can deploy hundreds or thousands of servers in minutes and achieve results quickly.\r\n<span lang=\"EN-US\"> </span>\r\n<span lang=\"EN-US\">Today, Amazon Web Services provides a highly reliable, scalable, infrastructure platform in the cloud that powers hundreds of thousands of organizations in every industry and government in nearly every country in the world.</span>","companyTypes":[],"products":{},"vendoredProductsCount":36,"suppliedProductsCount":36,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":18,"vendorImplementationsCount":25,"vendorPartnersCount":0,"supplierPartnersCount":7,"b4r":0,"categories":{},"companyUrl":"http://aws.amazon.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Amazon Web Services","keywords":"Amazon, services, known, computing, also, tools, Services, than","description":" <span lang=\"EN-US\">Amazon Web Services (AWS) is the world's largest cloud service provider. Since 2006, the company has been offering customers various elements of a virtual IT infrastructure in the form of web services. Today AWS offers about 70 cloud s","og:title":"Amazon Web Services","og:description":" <span lang=\"EN-US\">Amazon Web Services (AWS) is the world's largest cloud service provider. Since 2006, the company has been offering customers various elements of a virtual IT infrastructure in the form of web services. Today AWS offers about 70 cloud s","og:image":"https://roi4cio.com/uploads/roi/company/aws_logo.png"},"eventUrl":""},{"id":183,"title":"Barracuda Networks","logoURL":"https://roi4cio.com/uploads/roi/company/barracuda_logo.png","alias":"barracuda-networks","address":"","roles":[],"description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and storage based on network devices and cloud services. Security products include solutions to protect against spam, web surfing, hackers and threats from instant messaging services. The platform also successfully combats such threats as spam, spyware, Trojans and other malware. Barracuda solutions provide web traffic filtering, load balancing, message archiving, backup services, data protection, and more.<br /><br />Today, more than 50,000 companies and security organizations around the world use Barracuda Networks solutions. The main product list includes solutions such as Barracuda Spam Firewall, Barracuda Web Filter, Barracuda IM Firewall. <br />","companyTypes":[],"products":{},"vendoredProductsCount":11,"suppliedProductsCount":11,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":15,"vendorPartnersCount":0,"supplierPartnersCount":4,"b4r":1,"categories":{},"companyUrl":"www.barracuda.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Barracuda Networks","keywords":"products, company, Barracuda, include, protection, services, storage, security","description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and stor","og:title":"Barracuda Networks","og:description":"Barracuda Networks, Inc. is the world leader in email and web security. In addition, the company develops solutions for IM security, server load balancing systems and message archiving.<br /><br />The company develops products for security, networking and stor","og:image":"https://roi4cio.com/uploads/roi/company/barracuda_logo.png"},"eventUrl":""}],"products":[{"id":107,"logo":false,"scheme":false,"title":"Amazon EC2","vendorVerified":0,"rating":"2.00","implementationsCount":11,"presenterCode":"","suppliersCount":0,"alias":"amazon-ec2","companyTypes":[],"description":"Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.\r\nAmazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the tools to build failure resilient applications and isolate them from common failure scenarios.<br />\r\n\r\n<span style=\"font-weight: bold;\">BENEFITS</span><br />\r\nELASTIC WEB-SCALE COMPUTING<br />\r\nAmazon EC2 enables you to increase or decrease capacity within minutes, not hours or days. You can commission one, hundreds, or even thousands of server instances simultaneously. You can also use Amazon EC2 Auto Scaling to maintain availability of your EC2 fleet and automatically scale your fleet up and down depending on its needs in order to maximize performance and minimize cost. To scale multiple services, you can use AWS Auto Scaling.<br />\r\nCOMPLETELY CONTROLLED<br />\r\nYou have complete control of your instances including root access and the ability to interact with them as you would any machine. You can stop any instance while retaining the data on the boot partition, and then subsequently restart the same instance using web service APIs. Instances can be rebooted remotely using web service APIs, and you also have access to their console output.<br />\r\nFLEXIBLE CLOUD HOSTING SERVICES<br />\r\nYou have the choice of multiple instance types, operating systems, and software packages. Amazon EC2 allows you to select a configuration of memory, CPU, instance storage, and the boot partition size that is optimal for your choice of operating system and application. For example, choice of operating systems includes numerous Linux distributions and Microsoft Windows Server.<br />\r\nINTEGRATED<br />\r\nAmazon EC2 is integrated with most AWS services such as Amazon Simple Storage Service (Amazon S3), Amazon Relational Database Service (Amazon RDS), and Amazon Virtual Private Cloud (Amazon VPC) to provide a complete, secure solution for computing, query processing, and cloud storage across a wide range of applications.<br />\r\nRELIABLE<br />\r\nAmazon EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned. The service runs within Amazon’s proven network infrastructure and data centers. The Amazon EC2 Service Level Agreement commitment is 99.99% availability for each Amazon EC2 Region.<br />\r\nSECURE<br />\r\nCloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. Amazon EC2 works in conjunction with Amazon VPC to provide security and robust networking functionality for your compute resources.<br />\r\nINEXPENSIVE<br />\r\nAmazon EC2 passes on to you the financial benefits of Amazon’s scale. You pay a very low rate for the compute capacity you actually consume.<br />\r\nEASY TO START<br />\r\nThere are several ways to get started with Amazon EC2. You can use the AWS Management Console, the AWS Command Line Tools (CLI), or AWS SDKs. AWS is free to get started. ","shortDescription":"Amazon EC2 - Virtual Server Hosting\r\nAmazon Elastic Compute Cloud is a web service that provides resizable compute capacity in the cloud.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Amazon EC2","keywords":"Amazon, your, with, instances, computing, capacity, service, have","description":"Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.\r\nAmazon EC2’s simple web service interface allows you to obtain an","og:title":"Amazon EC2","og:description":"Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.\r\nAmazon EC2’s simple web service interface allows you to obtain an"},"eventUrl":"","translationId":108,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":786,"title":"IaaS - computing","alias":"iaas-computing","description":"Cloud computing is the on demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. The term is generally used to describe data centers available to many users over the Internet. Large clouds, predominant today, often have functions distributed over multiple locations from central servers. If the connection to the user is relatively close, it may be designated an edge server.\r\nInfrastructure as a service (IaaS) are online services that provide high-level APIs used to dereference various low-level details of underlying network infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc. A hypervisor, such as Xen, Oracle VirtualBox, Oracle VM, KVM, VMware ESX/ESXi, or Hyper-V, LXD, runs the virtual machines as guests. Pools of hypervisors within the cloud operational system can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements.\r\nTypically IaaS involve the use of a cloud orchestration technology like Open Stack, Apache Cloudstack or Open Nebula. This manages the creation of a virtual machine and decides on which hypervisor (i.e. physical host) to start it, enables VM migration features between hosts, allocates storage volumes and attaches them to VMs, usage information for billing and lots more.\r\nAn alternative to hypervisors are Linux containers, which run in isolated partitions of a single Linux kernel running directly on the physical hardware. Linux cgroups and namespaces are the underlying Linux kernel technologies used to isolate, secure and manage the containers. Containerisation offers higher performance than virtualization, because there is no hypervisor overhead. Also, container capacity auto-scales dynamically with computing load, which eliminates the problem of over-provisioning and enables usage-based billing.\r\nIaaS clouds often offer additional resources such as a virtual-machine disk-image library, raw block storage, file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles.\r\nThe NIST's definition of cloud computing defines Infrastructure as a Service as:\r\n<ul><li>The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.</li><li>The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).</li></ul>\r\nAccording to the Internet Engineering Task Force (IETF), the most basic cloud-service model is that of providers offering IT infrastructure — virtual machines and other resources — as a service to subscribers.\r\nIaaS-cloud providers supply these resources on-demand from their large pools of equipment installed in data centers. For wide-area connectivity, customers can use either the Internet or carrier clouds (dedicated virtual private networks). To deploy their applications, cloud users install operating-system images and their application software on the cloud infrastructure. In this model, the cloud user patches and maintains the operating systems and the application software. Cloud providers typically bill IaaS services on a utility computing basis: cost reflects the amount of resources allocated and consumed.","materialsDescription":" <span style=\"font-weight: bold; \">Cloud Computing Basics</span>\r\nWhether you are running applications that share photos to millions of mobile users or you’re supporting the critical operations of your business, a cloud services platform provides rapid access to flexible and low cost IT resources. With cloud computing, you don’t need to make large upfront investments in hardware and spend a lot of time on the heavy lifting of managing that hardware. Instead, you can provision exactly the right type and size of computing resources you need to power your newest bright idea or operate your IT department. You can access as many resources as you need, almost instantly, and only pay for what you use.\r\n<span style=\"font-weight: bold; \">How Does Cloud Computing Work?</span>\r\nCloud computing provides a simple way to access servers, storage, databases and a broad set of application services over the Internet. A Cloud services platform such as Amazon Web Services owns and maintains the network-connected hardware required for these application services, while you provision and use what you need via a web application.\r\n<span style=\"font-weight: bold; \">Six Advantages and Benefits of Cloud Computing</span>\r\n<span style=\"font-weight: bold; \">Trade capital expense for variable expense</span>\r\nInstead of having to invest heavily in data centers and servers before you know how you’re going to use them, you can only pay when you consume computing resources, and only pay for how much you consume.\r\n<span style=\"font-weight: bold; \">Benefit from massive economies of scale</span>\r\nBy using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers are aggregated in the cloud, providers can achieve higher economies of scale which translates into lower pay as you go prices.\r\n<span style=\"font-weight: bold; \">Stop guessing capacity</span>\r\nEliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to deploying an application, you often either end up sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little as you need, and scale up and down as required with only a few minutes notice.\r\n<span style=\"font-weight: bold; \">Increase speed and agility</span>\r\nIn a cloud computing environment, new IT resources are only ever a click away, which means you reduce the time it takes to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.\r\n<span style=\"font-weight: bold; \">Stop spending money on running and maintaining data centers</span>\r\nFocus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking and powering servers.\r\n<span style=\"font-weight: bold; \">Go global in minutes</span>\r\nEasily deploy your application in multiple regions around the world with just a few clicks. This means you can provide a lower latency and better experience for your customers simply and at minimal cost.\r\n<span style=\"font-weight: bold;\">Types of Cloud Computing</span>\r\nCloud computing has three main types that are commonly referred to as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Selecting the right type of cloud computing for your needs can help you strike the right balance of control and the avoidance of undifferentiated heavy lifting.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_IaaS_computing.png"},{"id":689,"title":"Amazon Web Services","alias":"amazon-web-services","description":"Amazon Web Services (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms to individuals, companies and governments, on a metered pay-as-you-go basis. In aggregate, these cloud computing web services provide a set of primitive, abstract technical infrastructure and distributed computing building blocks and tools. One of these services is Amazon Elastic Compute Cloud, which allows users to have at their disposal a virtual cluster of computers, available all the time, through the Internet. AWS's version of virtual computers emulate most of the attributes of a real computer including hardware (CPU(s) & GPU(s) for processing, local/RAM memory, hard-disk/SSD storage); a choice of operating systems; networking; and pre-loaded application software such as web servers, databases, CRM, etc.\r\nThe AWS technology is implemented at server farms throughout the world, and maintained by the Amazon subsidiary. Fees are based on a combination of usage, the hardware/OS/software/networking features chosen by the subscriber, required availability, redundancy, security, and service options. Subscribers can pay for a single virtual AWS computer, a dedicated physical computer, or clusters of either. As part of the subscription agreement, Amazon provides security for subscribers' system. AWS operates from many global geographical regions including 6 in North America.\r\nIn 2017, AWS comprised more than 90 services spanning a wide range including computing, storage, networking, database, analytics, application services, deployment, management, mobile, developer tools, and tools for the Internet of Things. The most popular include Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3). Most services are not exposed directly to end users, but instead offer functionality through APIs for developers to use in their applications. Amazon Web Services' offerings are accessed over HTTP, using the REST architectural style and SOAP protocol.\r\nAmazon markets AWS to subscribers as a way of obtaining large scale computing capacity more quickly and cheaply than building an actual physical server farm. All services are billed based on usage, but each service measures usage in varying ways. As of 2017, AWS owns a dominant 34% of all cloud (IaaS, PaaS) while the next three competitors Microsoft, Google, and IBM have 11%, 8%, 6% respectively according to Synergy Group.","materialsDescription":"<span style=\"font-weight: bold;\">What is "Amazon Web Services" (AWS)?</span>\r\nWith Amazon Web Services (AWS), organizations can flexibly deploy storage space and computing capacity into Amazon's data centers without having to maintain their own hardware. A big advantage is that the infrastructure covers all dimensions for cloud computing. Whether it's video sharing, high-resolution photos, print data, or text documents, AWS can deliver IT resources on-demand, over the Internet, at a cost-per-use basis. The service exists since 2006 as a wholly owned subsidiary of Amazon Inc. The idea arose from the extensive experience with Amazon.com and the own need for platforms for web services in the cloud.\r\n<span style=\"font-weight: bold;\">What is Cloud Computing?</span>\r\nCloud Computing is a service that gives you access to expert-managed technology resources. The platform in the cloud provides the infrastructure (eg computing power, storage space) that does not have to be installed and configured in contrast to the hardware you have purchased yourself. Cloud computing only pays for the resources that are used. For example, a web shop can increase its computing power in the Christmas business and book less in "weak" months.\r\nAccess is via the Internet or VPN. There are no ongoing investment costs after the initial setup, but resources such as Virtual servers, databases or storage services are charged only after they have been used.\r\n<span style=\"font-weight: bold;\">Where is my data on Amazon AWS?</span>\r\nThere are currently eight Amazon Data Centers (AWS Regions) in different regions of the world. For each Amazon AWS resource, only the customer can decide where to use or store it. German customers typically use the data center in Ireland, which is governed by European law.\r\n<span style=\"font-weight: bold;\">How safe is my data on Amazon AWS?</span>\r\nThe customer data is stored in a highly secure infrastructure. Safety measures include, but are not limited to:\r\n<ul><li>Protection against DDos attacks (Distributed Denial of Service)</li><li>Defense against brute-force attacks on AWS accounts</li><li>Secure access: The access options are made via SSL.</li><li> Firewall: Output and access to the AWS data can be controlled.</li><li>Encrypted Data Storage: Data can be encrypted with Advanced Encryption Standard (AES) 256.</li><li>Certifications: Regular security review by independent certifications that AWS has undergone.</li></ul>\r\nEach Amazon data center (AWS region) consists of at least one Availability Zone. Availability Zones are stand-alone sub-sites that have been designed to be isolated from faults in other Availability Zones (independent power and data supply). Certain AWS resources, such as Database Services (RDS) or Storage Services (S3) automatically replicate your data within the AWS region to the different Availability Zones.\r\nAmazon AWS has appropriate certifications such as ISO27001 and has implemented a comprehensive security concept for the operation of its data center.\r\n<span style=\"font-weight: bold;\">Do I have to worry about hardware on Amazon AWS?</span>\r\nNo, all Amazon AWS resources are virtualized. Only Amazon takes care of the replacement and upgrade of hardware.\r\nNormally, you will not get anything out of defective hardware because defective storage media are exchanged by Amazon and since your data is stored multiple times redundantly, there is usually no problem either.\r\nIncidentally, if your chosen resources do not provide enough performance, you can easily get more CPU power from resources by just a few mouse clicks. You do not have to install anything new, just reboot your virtual machine or virtual database instance.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Amazon_Web_Services.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1243,"logo":false,"scheme":false,"title":"Amazon Virtual Private Cloud (VPC)","vendorVerified":0,"rating":"2.00","implementationsCount":7,"presenterCode":"","suppliersCount":0,"alias":"amazon-virtual-private-cloud-vpc","companyTypes":[],"description":"Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.\r\nYou can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.\r\nAdditionally, you can create a Hardware Virtual Private Network (VPN) connection between your corporate data center and your VPC and leverage the AWS Cloud as an extension of your corporate data center.\r\n \r\n\r\n<span style=\"font-weight: bold;\">FEATURES</span>\r\nMULTIPLE CONNECTIVITY OPTIONS\r\nA variety of connectivity options exist for your Amazon VPC. You can connect your VPC to the Internet, to your data center, or other VPCs, based on the AWS resources that you want to expose publicly and those that you want to keep private.\r\n<ul><li>Connect directly to the Internet (public subnets)– You can launch instances into a publicly accessible subnet where they can send and receive traffic from the Internet.</li><li>Connect to the Internet using Network Address Translation (private subnets) – Private subnets can be used for instances that you do not want to be directly addressable from the Internet. Instances in a private subnet can access the Internet without exposing their private IP address by routing their traffic through a Network Address Translation (NAT) gateway in a public subnet.</li><li>Connect securely to your corporate datacenter– All traffic to and from instances in your VPC can be routed to your corporate datacenter over an industry standard, encrypted IPsec hardware VPN connection.</li><li>Connect privately to other VPCs- Peer VPCs together to share resources across multiple virtual networks owned by your or other AWS accounts.</li><li>Privately connect to AWS Services without using an Internet gateway, NAT or firewall proxy through a VPC Endpoint. Available AWS services include S3, DynamoDB, Kinesis Streams, Service Catalog, EC2 Systems Manager (SSM), Elastic Load Balancing (ELB) API, and Amazon Elastic Compute Cloud (EC2) API.</li><li>Privately connect to SaaS solutions supported by AWS PrivateLink.</li><li>Privately connect your internal services across different accounts and VPCs within your own organizations, significantly simplifying your internal network architecture.</li></ul>\r\nSECURE\r\nAmazon VPC provides advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance level and subnet level. In addition, you can store data in Amazon S3 and restrict access so that it’s only accessible from instances in your VPC. Optionally, you can also choose to launch Dedicated Instances which run on hardware dedicated to a single customer for additional isolation.\r\nSIMPLE\r\nYou can create a VPC quickly and easily using the AWS Management Console. You can select one of the common network setups that best match your needs and press "Start VPC Wizard." Subnets, IP ranges, route tables, and security groups are automatically created for you so you can concentrate on creating the applications to run in your VPC.\r\nALL THE SCALABILITY AND RELIABILITY OF AWS\r\nAmazon VPC provides all of the same benefits as the rest of the AWS platform. You can instantly scale your resources up or down, select Amazon EC2 instances types and sizes that are right for your applications, and pay only for the resources you use - all within Amazon’s proven infrastructure.","shortDescription":"Amazon Virtual Private Cloud - Provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":20,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Amazon Virtual Private Cloud (VPC)","keywords":"your, Amazon, Internet, that, access, network, subnet, instances","description":"Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including se","og:title":"Amazon Virtual Private Cloud (VPC)","og:description":"Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including se"},"eventUrl":"","translationId":1244,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":2,"title":"Virtual machine and cloud system software","alias":"virtual-machine-and-cloud-system-software","description":" A virtual machine (VM) is a software-based computer that exists within another computer’s operating system, often used for the purposes of testing, backing up data, or running SaaS applications. To fully grasp how VMs work, it’s important to first understand how computer software and hardware are typically integrated by an operating system.\r\n"The cloud" refers to servers that are accessed over the Internet, and the software and databases that run on those servers. Cloud servers are located in data centers all over the world. By using cloud computing, users and companies don't have to manage physical servers themselves or run software applications on their own machines.\r\nThe cloud enables users to access the same files and applications from almost any device, because the computing and storage take place on servers in a data center, instead of locally on the user device. This is why a user can log into their Instagram account on a new phone after their old phone breaks and still find their old account in place, with all their photos, videos, and conversation history. It works the same way with cloud email providers like Gmail or Microsoft Office 365, and with cloud storage providers like Dropbox or Google Drive.\r\nFor businesses, switching to cloud computing removes some IT costs and overhead: for instance, they no longer need to update and maintain their own servers, as the cloud vendor they are using will do that. This especially makes an impact on small businesses that may not have been able to afford their own internal infrastructure but can outsource their infrastructure needs affordably via the cloud. The cloud can also make it easier for companies to operate internationally because employees and customers can access the same files and applications from any location.\r\nSeveral cloud providers offer virtual machines to their customers. These virtual machines typically live on powerful servers that can act as a host to multiple VMs and can be used for a variety of reasons that wouldn’t be practical with a locally-hosted VM. These include:\r\n<ul><li>Running SaaS applications - Software-as-a-Service, or SaaS for short, is a cloud-based method of providing software to users. SaaS users subscribe to an application rather than purchasing it once and installing it. These applications are generally served to the user over the Internet. Often, it is virtual machines in the cloud that are doing the computation for SaaS applications as well as delivering them to users. If the cloud provider has a geographically distributed network edge, then the application will run closer to the user, resulting in faster performance.</li><li>Backing up data - Cloud-based VM services are very popular for backing up data because the data can be accessed from anywhere. Plus, cloud VMs provide better redundancy, require less maintenance, and generally scale better than physical data centers. (For example, it’s generally fairly easy to buy an extra gigabyte of storage space from a cloud VM provider, but much more difficult to build a new local data server for that extra gigabyte of data.)</li><li>Hosting services like email and access management - Hosting these services on cloud VMs is generally faster and more cost-effective, and helps minimize maintenance and offload security concerns as well.</li></ul>","materialsDescription":"What is an operating system?\r\nTraditional computers are built out of physical hardware, including hard disk drives, processor chips, RAM, etc. In order to utilize this hardware, computers rely on a type of software known as an operating system (OS). Some common examples of OSes are Mac OSX, Microsoft Windows, Linux, and Android.\r\nThe OS is what manages the computer’s hardware in ways that are useful to the user. For example, if the user wants to access the Internet, the OS directs the network interface card to make the connection. If the user wants to download a file, the OS will partition space on the hard drive for that file. The OS also runs and manages other pieces of software. For example, it can run a web browser and provide the browser with enough random access memory (RAM) to operate smoothly. Typically, operating systems exist within a physical computer at a one-to-one ratio; for each machine, there is a single OS managing its physical resources.\r\n<span style=\"font-weight: bold;\">Can you have two or more operating systems on one computer?</span>\r\nSome users want to be able to run multiple operating systems simultaneously on one computer, either for testing or one of the other reasons listed in the section below. This can be achieved through a process called virtualization. In virtualization, a piece of software behaves as if it were an independent computer. This piece of software is called a virtual machine, also known as a ‘guest’ computer. (The computer on which the VM is running is called the ‘host’.) The guest has an OS as well as its own virtual hardware.\r\n‘Virtual hardware’ may sound like a bit of an oxymoron, but it works by mapping to real hardware on the host computer. For example, the VM’s ‘hard drive’ is really just a file on the host computer’s hard drive. When the VM wants to save a new file, it actually has to communicate with the host OS, which will write this file to the host hard drive. Because virtual hardware must perform this added step of negotiating with the host to access hardware resources, virtual machines can’t run quite as fast as their host computers.\r\nWith virtualization, one computer can run two or more operating systems. The number of VMs that can run on one host is limited only by the host’s available resources. The user can run the OS of a VM in a window like any other program, or they can run it in fullscreen so that it looks and feels like a genuine host OS.\r\n <span style=\"font-weight: bold; \">What are virtual machines used for?</span>\r\nSome of the most popular reasons people run virtual machines include:\r\n<span style=\"font-weight: bold; \">Testing</span> - Oftentimes software developers want to be able to test their applications in different environments. They can use virtual machines to run their applications in various OSes on one computer. This is simpler and more cost-effective than having to test on several different physical machines.\r\n<span style=\"font-weight: bold; \">Running software designed for other OSes</span> - Although certain software applications are only available for a single platform, a VM can run software designed for a different OS. For example, a Mac user who wants to run software designed for Windows can run a Windows VM on their Mac host.\r\n<span style=\"font-weight: bold; \">Running outdated software</span> - Some pieces of older software can’t be run in modern OSes. Users who want to run these applications can run an old OS on a virtual machine.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Virtual_machine_and_cloud_system_software.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1399,"logo":false,"scheme":false,"title":"Barracuda NextGen Firewall (NGFW)","vendorVerified":0,"rating":"3.00","implementationsCount":4,"presenterCode":"","suppliersCount":0,"alias":"barracuda-nextgen-firewall-ngfw","companyTypes":[],"description":"<span style=\"font-weight: bold;\">Next-Generation Firewalls for the Cloud Era</span>\r\nIn the cloud era, network firewalls must do more than secure your network. They must also ensure you have uninterrupted network availability and robust access to cloud-hosted applications. The Barracuda NextGen Firewall F-Series is a family of hardware, virtual, and cloud-based appliances that protect and enhance your dispersed network infrastructure. They deliver advanced security by tightly integrating a comprehensive set of next-generation firewall technologies, including Layer 7 application profiling, intrusion prevention, web filtering, malware and advanced threat protection, antispam protection, and network access control. In addition, the F-Series combines highly resilient VPN technology with intelligent traffic management and WAN optimization capabilities. This lets you reduce line costs, increase overall network availability, improve site-to-site connectivity, and ensure uninterrupted access to applications hosted in the cloud. Scalable centralized management helps you reduce administrative overhead while defining and enforcing granular policies across your entire dispersed network. The F-Series cloud-ready firewalls are ideal for multi-site enterprises, managed service providers, and other organizations with complex, dispersed network infrastructures.\r\n<span style=\"font-weight: bold;\">Security for the Cloud Era</span>\r\nSecurity paradigms are shifting—and securing your network perimeter is no longer good enough. In the cloud era, workloads happen everywhere, users are increasingly mobile, and potential attack surfaces are multiplying. Barracuda NextGen Firewall F-Series is purpose-built to deal with the challenges of securing widely distributed networks.\r\n<span style=\"font-weight: bold;\">Advanced Threat Protection</span>\r\nIn today's constantly evolving threat landscape, your organization faces zero-hour malware exploits and advanced persistent threats that routinely bypass traditional, signature-based IPS and antivirus engines. Barracuda Advanced Threat Protection gives your security infrastructure the ability to identify and block new, sophisticated threats-without affecting network performance and throughput.\r\n<span style=\"font-weight: bold;\">Secure SD-WAN..</span>\r\nBarracuda Cloud Era Firewalls include full next gen Security paired with all network optimization and management functionality today known as Secure SD-WAN. This includes true zero touch deployment (ZTD), dynamic bandwidth measurement, performance based transport selection, application specific routing and even data duplication and WAN optimization technology. VPN tunnels between sites can make use of multiple uplinks simultaneously and dynamically assign the best path for the application.\r\n<span style=\"font-weight: bold;\">This enables:</span>\r\n\r\n<ul> <li>Balancing of Internet traffic across multiple uplinks to minimize downtime and improve performance</li> <li>VPN across multiple broadband connections and MPLs replacement</li> <li>Up to 24 physical uplinks to create highly redundant VPN tunnels</li> <li>Replacing network backhauling central policy enforcement architectures with direct internet break outs</li> <li>Faster access to cloud applications like office365 by dynamically prioritizing them over non-critical traffic</li> <li>Guaranteed users' access to critical applications through granular policy controls</li> <li>Increased available bandwidth with built-in traffic compression and data deduplication</li> <li>Auto creation of VPN tunnels between spokes in a hub-and-spoke architecture to enhance connection quality for latency-sensitive traffic</li> </ul>\r\n<span style=\"font-weight: bold;\">Why Barracuda NextGen Firewall?</span> When selecting security technology, it is critical that your products are supported by people who take your data security as seriously as you do. The Barracuda NextGen Firewall is supported by our award-winning 24x7 technical support staffed by in-house security engineers with no phone trees. Help is always a phone call away. Hundreds of thousands of organizations around the globe rely on Barracuda to protect their applications, networks, and data. The Barracuda NextGen Firewall is part of a comprehensive line of data protection, network firewall, and security products and services designed for organizations seeking robust yet affordable protection from ever-increasing cyber threats.\r\n<span style=\"font-style: italic;\">Source: https://www.barracuda.com/products/nextgenfirewall_f</span>","shortDescription":"Barracuda's Next Generation Firewalls redefine the role of the Firewall from a perimeter security solution to a distributed network optimization solution that scales across any number of locations.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":5,"seo":{"title":"Barracuda NextGen Firewall (NGFW)","keywords":"","description":"<span style=\"font-weight: bold;\">Next-Generation Firewalls for the Cloud Era</span>\r\nIn the cloud era, network firewalls must do more than secure your network. They must also ensure you have uninterrupted network availability and robust access to cloud-hosted ","og:title":"Barracuda NextGen Firewall (NGFW)","og:description":"<span style=\"font-weight: bold;\">Next-Generation Firewalls for the Cloud Era</span>\r\nIn the cloud era, network firewalls must do more than secure your network. They must also ensure you have uninterrupted network availability and robust access to cloud-hosted "},"eventUrl":"","translationId":1400,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_NGFW.png"},{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-1","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular "allow/deny" rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_NGFW.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":281,"title":"No IT security guidelines"},{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":336,"title":"Risk or Leaks of confidential information"}]}},"categories":[{"id":786,"title":"IaaS - computing","alias":"iaas-computing","description":"Cloud computing is the on demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. The term is generally used to describe data centers available to many users over the Internet. Large clouds, predominant today, often have functions distributed over multiple locations from central servers. If the connection to the user is relatively close, it may be designated an edge server.\r\nInfrastructure as a service (IaaS) are online services that provide high-level APIs used to dereference various low-level details of underlying network infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc. A hypervisor, such as Xen, Oracle VirtualBox, Oracle VM, KVM, VMware ESX/ESXi, or Hyper-V, LXD, runs the virtual machines as guests. Pools of hypervisors within the cloud operational system can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements.\r\nTypically IaaS involve the use of a cloud orchestration technology like Open Stack, Apache Cloudstack or Open Nebula. This manages the creation of a virtual machine and decides on which hypervisor (i.e. physical host) to start it, enables VM migration features between hosts, allocates storage volumes and attaches them to VMs, usage information for billing and lots more.\r\nAn alternative to hypervisors are Linux containers, which run in isolated partitions of a single Linux kernel running directly on the physical hardware. Linux cgroups and namespaces are the underlying Linux kernel technologies used to isolate, secure and manage the containers. Containerisation offers higher performance than virtualization, because there is no hypervisor overhead. Also, container capacity auto-scales dynamically with computing load, which eliminates the problem of over-provisioning and enables usage-based billing.\r\nIaaS clouds often offer additional resources such as a virtual-machine disk-image library, raw block storage, file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles.\r\nThe NIST's definition of cloud computing defines Infrastructure as a Service as:\r\n<ul><li>The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.</li><li>The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).</li></ul>\r\nAccording to the Internet Engineering Task Force (IETF), the most basic cloud-service model is that of providers offering IT infrastructure — virtual machines and other resources — as a service to subscribers.\r\nIaaS-cloud providers supply these resources on-demand from their large pools of equipment installed in data centers. For wide-area connectivity, customers can use either the Internet or carrier clouds (dedicated virtual private networks). To deploy their applications, cloud users install operating-system images and their application software on the cloud infrastructure. In this model, the cloud user patches and maintains the operating systems and the application software. Cloud providers typically bill IaaS services on a utility computing basis: cost reflects the amount of resources allocated and consumed.","materialsDescription":" <span style=\"font-weight: bold; \">Cloud Computing Basics</span>\r\nWhether you are running applications that share photos to millions of mobile users or you’re supporting the critical operations of your business, a cloud services platform provides rapid access to flexible and low cost IT resources. With cloud computing, you don’t need to make large upfront investments in hardware and spend a lot of time on the heavy lifting of managing that hardware. Instead, you can provision exactly the right type and size of computing resources you need to power your newest bright idea or operate your IT department. You can access as many resources as you need, almost instantly, and only pay for what you use.\r\n<span style=\"font-weight: bold; \">How Does Cloud Computing Work?</span>\r\nCloud computing provides a simple way to access servers, storage, databases and a broad set of application services over the Internet. A Cloud services platform such as Amazon Web Services owns and maintains the network-connected hardware required for these application services, while you provision and use what you need via a web application.\r\n<span style=\"font-weight: bold; \">Six Advantages and Benefits of Cloud Computing</span>\r\n<span style=\"font-weight: bold; \">Trade capital expense for variable expense</span>\r\nInstead of having to invest heavily in data centers and servers before you know how you’re going to use them, you can only pay when you consume computing resources, and only pay for how much you consume.\r\n<span style=\"font-weight: bold; \">Benefit from massive economies of scale</span>\r\nBy using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers are aggregated in the cloud, providers can achieve higher economies of scale which translates into lower pay as you go prices.\r\n<span style=\"font-weight: bold; \">Stop guessing capacity</span>\r\nEliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to deploying an application, you often either end up sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little as you need, and scale up and down as required with only a few minutes notice.\r\n<span style=\"font-weight: bold; \">Increase speed and agility</span>\r\nIn a cloud computing environment, new IT resources are only ever a click away, which means you reduce the time it takes to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.\r\n<span style=\"font-weight: bold; \">Stop spending money on running and maintaining data centers</span>\r\nFocus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking and powering servers.\r\n<span style=\"font-weight: bold; \">Go global in minutes</span>\r\nEasily deploy your application in multiple regions around the world with just a few clicks. This means you can provide a lower latency and better experience for your customers simply and at minimal cost.\r\n<span style=\"font-weight: bold;\">Types of Cloud Computing</span>\r\nCloud computing has three main types that are commonly referred to as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Selecting the right type of cloud computing for your needs can help you strike the right balance of control and the avoidance of undifferentiated heavy lifting.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_IaaS_computing.png"},{"id":689,"title":"Amazon Web Services","alias":"amazon-web-services","description":"Amazon Web Services (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms to individuals, companies and governments, on a metered pay-as-you-go basis. In aggregate, these cloud computing web services provide a set of primitive, abstract technical infrastructure and distributed computing building blocks and tools. One of these services is Amazon Elastic Compute Cloud, which allows users to have at their disposal a virtual cluster of computers, available all the time, through the Internet. AWS's version of virtual computers emulate most of the attributes of a real computer including hardware (CPU(s) & GPU(s) for processing, local/RAM memory, hard-disk/SSD storage); a choice of operating systems; networking; and pre-loaded application software such as web servers, databases, CRM, etc.\r\nThe AWS technology is implemented at server farms throughout the world, and maintained by the Amazon subsidiary. Fees are based on a combination of usage, the hardware/OS/software/networking features chosen by the subscriber, required availability, redundancy, security, and service options. Subscribers can pay for a single virtual AWS computer, a dedicated physical computer, or clusters of either. As part of the subscription agreement, Amazon provides security for subscribers' system. AWS operates from many global geographical regions including 6 in North America.\r\nIn 2017, AWS comprised more than 90 services spanning a wide range including computing, storage, networking, database, analytics, application services, deployment, management, mobile, developer tools, and tools for the Internet of Things. The most popular include Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3). Most services are not exposed directly to end users, but instead offer functionality through APIs for developers to use in their applications. Amazon Web Services' offerings are accessed over HTTP, using the REST architectural style and SOAP protocol.\r\nAmazon markets AWS to subscribers as a way of obtaining large scale computing capacity more quickly and cheaply than building an actual physical server farm. All services are billed based on usage, but each service measures usage in varying ways. As of 2017, AWS owns a dominant 34% of all cloud (IaaS, PaaS) while the next three competitors Microsoft, Google, and IBM have 11%, 8%, 6% respectively according to Synergy Group.","materialsDescription":"<span style=\"font-weight: bold;\">What is "Amazon Web Services" (AWS)?</span>\r\nWith Amazon Web Services (AWS), organizations can flexibly deploy storage space and computing capacity into Amazon's data centers without having to maintain their own hardware. A big advantage is that the infrastructure covers all dimensions for cloud computing. Whether it's video sharing, high-resolution photos, print data, or text documents, AWS can deliver IT resources on-demand, over the Internet, at a cost-per-use basis. The service exists since 2006 as a wholly owned subsidiary of Amazon Inc. The idea arose from the extensive experience with Amazon.com and the own need for platforms for web services in the cloud.\r\n<span style=\"font-weight: bold;\">What is Cloud Computing?</span>\r\nCloud Computing is a service that gives you access to expert-managed technology resources. The platform in the cloud provides the infrastructure (eg computing power, storage space) that does not have to be installed and configured in contrast to the hardware you have purchased yourself. Cloud computing only pays for the resources that are used. For example, a web shop can increase its computing power in the Christmas business and book less in "weak" months.\r\nAccess is via the Internet or VPN. There are no ongoing investment costs after the initial setup, but resources such as Virtual servers, databases or storage services are charged only after they have been used.\r\n<span style=\"font-weight: bold;\">Where is my data on Amazon AWS?</span>\r\nThere are currently eight Amazon Data Centers (AWS Regions) in different regions of the world. For each Amazon AWS resource, only the customer can decide where to use or store it. German customers typically use the data center in Ireland, which is governed by European law.\r\n<span style=\"font-weight: bold;\">How safe is my data on Amazon AWS?</span>\r\nThe customer data is stored in a highly secure infrastructure. Safety measures include, but are not limited to:\r\n<ul><li>Protection against DDos attacks (Distributed Denial of Service)</li><li>Defense against brute-force attacks on AWS accounts</li><li>Secure access: The access options are made via SSL.</li><li> Firewall: Output and access to the AWS data can be controlled.</li><li>Encrypted Data Storage: Data can be encrypted with Advanced Encryption Standard (AES) 256.</li><li>Certifications: Regular security review by independent certifications that AWS has undergone.</li></ul>\r\nEach Amazon data center (AWS region) consists of at least one Availability Zone. Availability Zones are stand-alone sub-sites that have been designed to be isolated from faults in other Availability Zones (independent power and data supply). Certain AWS resources, such as Database Services (RDS) or Storage Services (S3) automatically replicate your data within the AWS region to the different Availability Zones.\r\nAmazon AWS has appropriate certifications such as ISO27001 and has implemented a comprehensive security concept for the operation of its data center.\r\n<span style=\"font-weight: bold;\">Do I have to worry about hardware on Amazon AWS?</span>\r\nNo, all Amazon AWS resources are virtualized. Only Amazon takes care of the replacement and upgrade of hardware.\r\nNormally, you will not get anything out of defective hardware because defective storage media are exchanged by Amazon and since your data is stored multiple times redundantly, there is usually no problem either.\r\nIncidentally, if your chosen resources do not provide enough performance, you can easily get more CPU power from resources by just a few mouse clicks. You do not have to install anything new, just reboot your virtual machine or virtual database instance.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Amazon_Web_Services.png"},{"id":2,"title":"Virtual machine and cloud system software","alias":"virtual-machine-and-cloud-system-software","description":" A virtual machine (VM) is a software-based computer that exists within another computer’s operating system, often used for the purposes of testing, backing up data, or running SaaS applications. To fully grasp how VMs work, it’s important to first understand how computer software and hardware are typically integrated by an operating system.\r\n"The cloud" refers to servers that are accessed over the Internet, and the software and databases that run on those servers. Cloud servers are located in data centers all over the world. By using cloud computing, users and companies don't have to manage physical servers themselves or run software applications on their own machines.\r\nThe cloud enables users to access the same files and applications from almost any device, because the computing and storage take place on servers in a data center, instead of locally on the user device. This is why a user can log into their Instagram account on a new phone after their old phone breaks and still find their old account in place, with all their photos, videos, and conversation history. It works the same way with cloud email providers like Gmail or Microsoft Office 365, and with cloud storage providers like Dropbox or Google Drive.\r\nFor businesses, switching to cloud computing removes some IT costs and overhead: for instance, they no longer need to update and maintain their own servers, as the cloud vendor they are using will do that. This especially makes an impact on small businesses that may not have been able to afford their own internal infrastructure but can outsource their infrastructure needs affordably via the cloud. The cloud can also make it easier for companies to operate internationally because employees and customers can access the same files and applications from any location.\r\nSeveral cloud providers offer virtual machines to their customers. These virtual machines typically live on powerful servers that can act as a host to multiple VMs and can be used for a variety of reasons that wouldn’t be practical with a locally-hosted VM. These include:\r\n<ul><li>Running SaaS applications - Software-as-a-Service, or SaaS for short, is a cloud-based method of providing software to users. SaaS users subscribe to an application rather than purchasing it once and installing it. These applications are generally served to the user over the Internet. Often, it is virtual machines in the cloud that are doing the computation for SaaS applications as well as delivering them to users. If the cloud provider has a geographically distributed network edge, then the application will run closer to the user, resulting in faster performance.</li><li>Backing up data - Cloud-based VM services are very popular for backing up data because the data can be accessed from anywhere. Plus, cloud VMs provide better redundancy, require less maintenance, and generally scale better than physical data centers. (For example, it’s generally fairly easy to buy an extra gigabyte of storage space from a cloud VM provider, but much more difficult to build a new local data server for that extra gigabyte of data.)</li><li>Hosting services like email and access management - Hosting these services on cloud VMs is generally faster and more cost-effective, and helps minimize maintenance and offload security concerns as well.</li></ul>","materialsDescription":"What is an operating system?\r\nTraditional computers are built out of physical hardware, including hard disk drives, processor chips, RAM, etc. In order to utilize this hardware, computers rely on a type of software known as an operating system (OS). Some common examples of OSes are Mac OSX, Microsoft Windows, Linux, and Android.\r\nThe OS is what manages the computer’s hardware in ways that are useful to the user. For example, if the user wants to access the Internet, the OS directs the network interface card to make the connection. If the user wants to download a file, the OS will partition space on the hard drive for that file. The OS also runs and manages other pieces of software. For example, it can run a web browser and provide the browser with enough random access memory (RAM) to operate smoothly. Typically, operating systems exist within a physical computer at a one-to-one ratio; for each machine, there is a single OS managing its physical resources.\r\n<span style=\"font-weight: bold;\">Can you have two or more operating systems on one computer?</span>\r\nSome users want to be able to run multiple operating systems simultaneously on one computer, either for testing or one of the other reasons listed in the section below. This can be achieved through a process called virtualization. In virtualization, a piece of software behaves as if it were an independent computer. This piece of software is called a virtual machine, also known as a ‘guest’ computer. (The computer on which the VM is running is called the ‘host’.) The guest has an OS as well as its own virtual hardware.\r\n‘Virtual hardware’ may sound like a bit of an oxymoron, but it works by mapping to real hardware on the host computer. For example, the VM’s ‘hard drive’ is really just a file on the host computer’s hard drive. When the VM wants to save a new file, it actually has to communicate with the host OS, which will write this file to the host hard drive. Because virtual hardware must perform this added step of negotiating with the host to access hardware resources, virtual machines can’t run quite as fast as their host computers.\r\nWith virtualization, one computer can run two or more operating systems. The number of VMs that can run on one host is limited only by the host’s available resources. The user can run the OS of a VM in a window like any other program, or they can run it in fullscreen so that it looks and feels like a genuine host OS.\r\n <span style=\"font-weight: bold; \">What are virtual machines used for?</span>\r\nSome of the most popular reasons people run virtual machines include:\r\n<span style=\"font-weight: bold; \">Testing</span> - Oftentimes software developers want to be able to test their applications in different environments. They can use virtual machines to run their applications in various OSes on one computer. This is simpler and more cost-effective than having to test on several different physical machines.\r\n<span style=\"font-weight: bold; \">Running software designed for other OSes</span> - Although certain software applications are only available for a single platform, a VM can run software designed for a different OS. For example, a Mac user who wants to run software designed for Windows can run a Windows VM on their Mac host.\r\n<span style=\"font-weight: bold; \">Running outdated software</span> - Some pieces of older software can’t be run in modern OSes. Users who want to run these applications can run an old OS on a virtual machine.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Virtual_machine_and_cloud_system_software.png"},{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_NGFW.png"},{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-1","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular "allow/deny" rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_NGFW.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.barracuda.com/resources/Barracuda_Next_Gen_Firewall_AWS_CS_Club_Automation_US#top","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":438,"title":"Cisco ASA NGFW for Rio Summer Olympics 2016","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">All roads to the Olympics start with a dream. For the over 15,000 Olympic and Paralympic athletes from 205 countries who congregated in Rio de Janeiro in 2016, it’s the dream of competing at the highest level possible. It’s also about standing on the podium wearing a gold medal while their country’s flag rises and the national anthem plays. For Cisco, as a proud supporter of the 2016 Olympic and Paralympic Games in Rio, it also starts with a dream: that when we securely connect everything,</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">anything is possible.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Supporting a global event of this size is a monumental task that demands a network like no other. The Rio 2016 Games required connectivity, bandwidth, security, and support for:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• 37 competition venues</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• More than 100 support venues</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• 15,000 athletes</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• 70,000 volunteers</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• 9 million ticketholders</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• 25,000 media personnel</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• 123 network broadcasters from around the world</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">All this while delivering 170,000 hours of video content and providing infrastructure for 5 billion TV viewers – up from 4 billion viewers for the London Olympics in 2012.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">In short, if this network were competing in the Olympics, it would break world records.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">However, simply providing the infrastructure wasn’t enough. Cisco also had to provide effective security.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-style: italic;\">“The challenge we faced at Rio 2016 was making memorable Games, and one crucial aspect was to provide uninterrupted connectivity to our athletes, guests, media, and critical systems, all while keeping everything secure,” said Marcelo</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-style: italic;\">Souza, Technology Systems General Manager of the Rio 2016 Organizing Committee for the Olympic Games. “We needed a vendor that could handle the traffic demands in a complex environment and deliver the security needed for such a monumental event.”</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Comparisons don’t come easy when we talk about a world stage event such as the Olympic Games. Securely connecting the Games required 60 tons of equipment and more than 60,000 hours of work. As the official networking and enterprise server supporter and supplier, Cisco deployed over 5,000 access points (a 400 percent increase from the London 2012 Games) and over 113,000 local area network (LAN) ports. Cisco also supplied 440 Cisco Unified Computing System™ (Cisco UCS®) servers, 480 vehicle routers, and 177 security devices. IIn addition, the Cisco network protected core activities such as accreditation, volunteers, sports entries and qualifications, and workforce management.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The network connected 183,044 unique devices of which 168,158 were wireless (92 percent of all devices). Cisco Identity Services Engine (ISE) and Cisco TrustSec technology were used to identify devices and segment accordingly. Any unrecognized device would connect to the guest network. Network traffic was extremely heavy – 2.144 petabytes of traffic over the course of the Games. To put that into perspective, it’s equivalent to 950,000 hours of HD video, which would take more than 110 years of nonstop streaming to watch.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">As a highly visible target for sophisticated threats from around the world, the Rio 2016 Games demanded a security architecture that is fundamentally integrated into the network. Cisco Talos, an industry-leading threat intelligence organization, reviewed the sheer number of threats mitigated on the network. During the first two weeks of the Games, there were 674 times the number of Trojans detected on the network compared to a typical large retail corporate environment during the same time.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-style: italic;\">“The network had to handle a substantially larger number of BYOD (Bring Your Own Device) technology than you would commonly see in a corporate environment. A larger percentage of these devices were infected with Trojans and various other malware families. This goes to show how important it is to have proper checks in place for corporate devices from both an external and internal network perspective,” said JJ Cummings of Cisco Talos.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">As the first line of defense, Cisco Umbrella (formerly OpenDNS) was deployed to prevent access to malicious sites. Umbrella found and blocked hundreds of Olympic-related fake domains. Over the course of the Rio 2016 Games, it protected on average 22 million DNS requests and blocked 23,000 suspicious sites daily.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">At the network edge, Cisco Firepower Next- Generation Firewall and NextGeneration Intrusion Prevention System appliances prevented close to 7 million security events during the Games. On the network, millions of devices were monitored for anomalous activity through Cisco Stealthwatch, and potentially vulnerable endpoints were identified and automatically segmented away from the rest of the network using Cisco ISE and Cisco TrustSec technology.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-style: italic;\">“The result was an amazing experience for everyone in Rio. Cisco provided us with the connectivity and security that allowed Rio 2016 to connect with the world,” remarked Souza.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">In a span of just 40 days, Cisco successfully secured and connected key networks that made the Olympic and Paralympic Games a resounding success. From London to Rio, to Tokyo and beyond, there has never been a better time to build an Olympic legacy.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Products and Services</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco ASA 5500-X with FirePOWER Services</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco FirePOWER Services in use:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• Cisco Advanced Malware Protection (AMP) for Networks</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• URL filtering</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• Application Visibility and Control (AVC)</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">• Next-Generation IPS</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco FirePOWER Next-Generation Intrusion Prevention System</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco Security Manager</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco Identity Services Engine</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco TrustSec Technology</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco Secure Access Control System</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco Stealthwatch</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco Umbrella</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Cisco Prime Network Registrar</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">At the Rio 2016 Olympic Games, Cisco:</span>\r\n<ul><li>Blocked an average of 23,000 suspicious sites daily using Cisco Umbrella</li><li>Delivered a secure network that handled over 2.144 PB of traffic</li><li>Provided secure access for attendees, staff, media, and athletes across 37 competition venues</li></ul>\r\n","alias":"cisco-asa-ngfw-for-rio-summer-olympics-2016","roi":0,"seo":{"title":"Cisco ASA NGFW for Rio Summer Olympics 2016","keywords":"Cisco, network, Games, 2016, that, from, were, Olympic","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">All roads to the Olympics start with a dream. For the over 15,000 Olympic and Paralympic athletes from 205 countries who congregated in Rio de Janeiro in 2016, it’s the drea","og:title":"Cisco ASA NGFW for Rio Summer Olympics 2016","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">All roads to the Olympics start with a dream. For the over 15,000 Olympic and Paralympic athletes from 205 countries who congregated in Rio de Janeiro in 2016, it’s the drea"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":170,"title":"Cisco","logoURL":"https://roi4cio.com/uploads/roi/company/cisco_logo.png","alias":"cisco","address":"","roles":[],"description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, Cisco dominates the Internet Protocol (IP) -based network equipment segment, and also manufactures cybersecurity, video conferencing systems, and other network equipment and software. In addition, Cisco offers a number of cloud services. Cisco's primary customers are large enterprises and telecommunications service providers, but the company also sells products aimed at small businesses and the public sector. </span>\r\n\r\n<span lang=\"en\">Cisco offers products and services in four categories. The company's infrastructure platforms generate more than half of its revenue. This includes switching devices, routing devices, wireless communications, and data processing solutions. Applications that account for over 10% of revenue are primarily software related to networking and data processing platforms. </span>\r\n\r\n<span lang=\"en\">Applications include collaboration tools (unified communications, Cisco TelePresence video conferencing) as well as AppDynamics and Internet of Things software. The cybersecurity product category generates more than 5% of the company's revenue and includes network security, email security, identity and access, advanced threat protection, and unified exposure management products. In addition, Cisco offers consulting services. </span>\r\n\r\n<span lang=\"en\">Cisco's total revenue in fiscal 2020 was nearly $ 50 billion. The company is expanding its research and development (R&D) investments in areas such as the cloud platform, remote collaboration platform, analytics and telecommunications technologies.</span>","companyTypes":[],"products":{},"vendoredProductsCount":31,"suppliedProductsCount":31,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":7,"vendorImplementationsCount":42,"vendorPartnersCount":0,"supplierPartnersCount":282,"b4r":0,"categories":{},"companyUrl":"www.cisco.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Cisco","keywords":"Index, networking, Cisco, company, Russell, 1000, June, Average","description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:title":"Cisco","og:description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:image":"https://roi4cio.com/uploads/roi/company/cisco_logo.png"},"eventUrl":""},"vendors":[{"id":170,"title":"Cisco","logoURL":"https://roi4cio.com/uploads/roi/company/cisco_logo.png","alias":"cisco","address":"","roles":[],"description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, Cisco dominates the Internet Protocol (IP) -based network equipment segment, and also manufactures cybersecurity, video conferencing systems, and other network equipment and software. In addition, Cisco offers a number of cloud services. Cisco's primary customers are large enterprises and telecommunications service providers, but the company also sells products aimed at small businesses and the public sector. </span>\r\n\r\n<span lang=\"en\">Cisco offers products and services in four categories. The company's infrastructure platforms generate more than half of its revenue. This includes switching devices, routing devices, wireless communications, and data processing solutions. Applications that account for over 10% of revenue are primarily software related to networking and data processing platforms. </span>\r\n\r\n<span lang=\"en\">Applications include collaboration tools (unified communications, Cisco TelePresence video conferencing) as well as AppDynamics and Internet of Things software. The cybersecurity product category generates more than 5% of the company's revenue and includes network security, email security, identity and access, advanced threat protection, and unified exposure management products. In addition, Cisco offers consulting services. </span>\r\n\r\n<span lang=\"en\">Cisco's total revenue in fiscal 2020 was nearly $ 50 billion. The company is expanding its research and development (R&D) investments in areas such as the cloud platform, remote collaboration platform, analytics and telecommunications technologies.</span>","companyTypes":[],"products":{},"vendoredProductsCount":31,"suppliedProductsCount":31,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":7,"vendorImplementationsCount":42,"vendorPartnersCount":0,"supplierPartnersCount":282,"b4r":0,"categories":{},"companyUrl":"www.cisco.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Cisco","keywords":"Index, networking, Cisco, company, Russell, 1000, June, Average","description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:title":"Cisco","og:description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:image":"https://roi4cio.com/uploads/roi/company/cisco_logo.png"},"eventUrl":""}],"products":[{"id":1439,"logo":false,"scheme":false,"title":"Cisco ASA NGFW (Adaptive Security Appliance Software)","vendorVerified":0,"rating":"2.00","implementationsCount":5,"presenterCode":"","suppliersCount":0,"alias":"cisco-asa-ngfw-adaptive-security-appliance-software","companyTypes":[],"description":"<span style=\"font-weight: bold;\">Features and Capabilities</span>\r\nCisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors - standalone appliances, blades, and virtual appliances - for any distributed network environment. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs.\r\n<span style=\"font-weight: bold;\">Among its benefits, Cisco ASA Software:</span>\r\n<ul>\r\n<li>Offers integrated IPS, VPN, and Unified Communications capabilities</li>\r\n<li>Helps organizations increase capacity and improve performance through high-performance, multi-site, multi-node clustering</li>\r\n<li>Delivers high availability for high resiliency applications</li>\r\n<li>Provides collaboration between physical and virtual devices</li>\r\n<li>Meets the unique needs of both the network and the data center</li>\r\n<li>Provides context awareness with Cisco TrustSec security group tags and identity-based firewall technology</li>\r\n<li>Facilitates dynamic routing and site-to-site VPN on a per-context basis</li>\r\n</ul>\r\nCisco ASA software also supports next-generation encryption standards, including the Suite B set of cryptographic algorithms. It also integrates with the Cisco Cloud Web Security solution to provide world-class, web-based threat protection.","shortDescription":"The Cisco ASA Family of security devices protects corporate networks and data centers of all sizes. It provides users with highly secure access to data and network resources.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cisco ASA NGFW (Adaptive Security Appliance Software)","keywords":"","description":"<span style=\"font-weight: bold;\">Features and Capabilities</span>\r\nCisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form fa","og:title":"Cisco ASA NGFW (Adaptive Security Appliance Software)","og:description":"<span style=\"font-weight: bold;\">Features and Capabilities</span>\r\nCisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form fa"},"eventUrl":"","translationId":1440,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_NGFW.png"},{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-1","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular "allow/deny" rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_NGFW.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":4,"title":"Reduce Costs"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":384,"title":"Risk of attacks by hackers"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":384,"title":"Risk of attacks by hackers"}]}},"categories":[{"id":782,"title":"NGFW - next-generation firewall","alias":"ngfw-next-generation-firewall","description":"A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.\r\nNGFWs typically feature advanced functions including:\r\n<ul><li>application awareness;</li><li>integrated intrusion prevention systems (IPS);</li><li>identity awareness -- user and group control;</li><li>bridged and routed modes;</li><li> the ability to use external intelligence sources.</li></ul>\r\nOf these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.\r\nLike the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.\r\nThe different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.\r\nNGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a next-generation firewall (NGFW)?</span>\r\nA NGFW contains all the normal defenses that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other additional security features. NGFWs are also capable of deep packet inspection, which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by a blacklist (programs in the filter are blocked) or by a whitelist (programs not in the filter are blocked).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_NGFW.png"},{"id":784,"title":"NGFW - next-generation firewall - Appliance","alias":"ngfw-next-generation-firewall-1","description":" A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).\r\nNGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.\r\nNGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.\r\nImproved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.\r\nStateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.\r\nProtection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.\r\nNGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular "allow/deny" rules for controlling use of websites and applications in the network. ","materialsDescription":"<span style=\"font-weight: bold;\"> What is a next-generation firewall (NGFW)?</span>\r\nAn NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.\r\nIntrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.\r\nApplication control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_NGFW.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.cisco.com/c/dam/en/us/products/collateral/security/rio-case-study.pdf","title":"-"}},"comments":[],"referencesCount":0},{"id":535,"title":"TrapX Deception Grid for manufacturer of steel products","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The manufacturing case study focuses on one of the largest </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">manufacturers of steel products to include tubing, pipe and sheet. Assets </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">included a very large network for industrial control systems (ICS) and </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">the necessary supervisory control and data acquisition (SCADA) </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">components which run their manufacturing processes end to end. Prior </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">to our involvement, this manufacturer had routinely removed routine </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">threats but were unaware of sophisticated malware infection or advanced </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">persistent threats. The customer had a large industry suite of cyber </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">defense products which included a firewall, anti-virus suites, multiple </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">intrusion detection software products, endpoint security and other </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">software.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Immediately upon installation, the TrapX DeceptionGrid generated </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">ALERTS and identified malicious activity in two key locations. Both of </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">these were on SCADA processors which were central to the </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">manufacturing process. An attack in this area could severely disrupt </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">ongoing manufacturing processes causing both a shut-down and millions </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">of dollars in potential loss. Our analysis it was determined that both of </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">these malicious processes were communicating through TOR to their </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">attackers. In one case the malicious process was attempting to establish </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">a new command and control connection through TOR. In the other case </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">command and control was established and many types of malware were </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">resident on the station.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Broad Scale Attack Deployed Through One Entry Point</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">TrapX found several types of malware deployed in this SCADA processor. </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">TR-Dropper.Gen2.trojan allowed full access and control of the infected </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">end-point. It allows for the collection and exfiltration of confidential </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">data. Additionally we found Packed.Win32.Katusha.e malware stealing </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">passwords which was communicating back to attacker IP addresses </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">through TOR.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Over several additional weeks, DeceptionGrid detected lateral movement </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">by attackers that identified two additional command and control sites. </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">The customer coordinated with TrapX and SCADA component vendors to </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">determine the impact of the attack, to eliminate it and then to reprovision </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">the software in all of the effected components.</span>\r\n","alias":"trapx-deception-grid-for-manufacturer-of-steel-products","roi":0,"seo":{"title":"TrapX Deception Grid for manufacturer of steel products","keywords":"control, TrapX, malware, were, which, SCADA, products, this","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The manufacturing case study focuses on one of the largest </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">manufacturers of","og:title":"TrapX Deception Grid for manufacturer of steel products","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The manufacturing case study focuses on one of the largest </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">manufacturers of"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""},"vendors":[{"id":3890,"title":"TrapX","logoURL":"https://roi4cio.com/uploads/roi/company/TrapX.png","alias":"trapx","address":"","roles":[],"description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of traps can be deployed with little effort, creating a virtual mine field for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":5,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://trapx.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"TrapX","keywords":"with, TrapX, field, that, traps, little, creating, deployed","description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:title":"TrapX","og:description":"TrapX has created a new generation of deception technology that provides real-time breach detection and prevention. Our field proven solution deceives would-be attackers with turn-key decoys (traps) that “imitate” your true assets. Hundreds or thousands of tra","og:image":"https://roi4cio.com/uploads/roi/company/TrapX.png"},"eventUrl":""}],"products":[{"id":1724,"logo":false,"scheme":false,"title":"TrapX DeceptionGrid platform","vendorVerified":0,"rating":"3.30","implementationsCount":5,"presenterCode":"https://slides.roi4presenter.com/presentation/0f7b0859d2a2a6d267c6c39d1887edbf","suppliersCount":0,"alias":"trapx-deceptiongrid-platform","companyTypes":[],"description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defeat Advanced Cyber Attackers. </b>\r\nDeceptionGrid, named the Best Deception Technology of 2018, deploys a shifting minefield of Traps (decoys) and Deception Tokens (lures) that appear identical to your real IT & IoT assets that no attacker can avoid.\r\n<b>Actionable Intelligence </b>\r\nJust one touch of a Trap by an attacker sets off a high-confidence alert. DeceptionGrid integrates with key elements of the network and security ecosystem to contain attacks and enable a return to normal operations.\r\n<b>The Deception Product of Choice </b>\r\nDeceptionGrid analyzes your network and automatically provisions hundreds-to-thousands of Traps and Lures. Each Trap is tailor-made to be identical to your native environment. Attackers can never tell what’s real and what’s fake because each Trap is designed to look and behave exactly like your real assets. In addition, Traps can also be camouflaged as any specialized IoT and OT devices.\r\n<b>Gain Access to a Powerful Community </b>\r\nFor the first time, defenders can collaborate and share deceptive counter-measures with each other. The DeceptionNet Community enables cyber-security teams to deceive cyber attackers by sharing deception strategies, new types of Traps, third-party connectors, best practices and more.\r\n<b>Deception Tokens </b>\r\nDeception Tokens (lures) appear as ordinary files, scripts and configurations, are embedded within real IT assets to bait and divert attackers away from real high value assets and into the traps.\r\n<b>Active Traps </b>\r\nActive Traps create a stream of false network traffic between deployed Traps to confuse and divert attackers that monitor the network traffic.\r\n<b><ins>Emulated Traps </ins></b>\r\n<b>Medium Interaction Emulated Traps </b>\r\nOur patented emulated traps can be deployed at the largest enterprise scale through automation. You can select from a wide variety of servers, databases, workstations, switches, routers and Traps tailor-made to your organization’s native environment. After a Trap is interacted with and the cyber-attack is thwarted, the Trap will change its shape and location, so the attacker will never learn if something is a Trap or a real asset.\r\n<b>Hundreds of New Industry Templates </b>\r\nThe DeceptionNet Community now offers hundreds of new industry templates (updated regularly) that are available for your use. In addition, our patented medium interaction traps also include expanded templates for specialized devices based on specific industries. These templates include, ATM and SWIFT assets for financial services, Point of Sale (PoS) devices for retail, as well as devices for medical, manufacturing and many more. This allows you to determine if attackers are targeting your specialized devices that are often vulnerable to attack.\r\n<b><ins>FullOS Traps </ins></b>\r\n<b>High Interaction (Full Operating System) Traps </b>\r\nDeceptionGrid enables the provision of full operating system (FullOS) Traps. Our medium interaction Traps automatically extend engaged attackers through our smart deception to our FullOS Traps for the deepest attacker diversion and engagement. FullOS Traps also enable you to clone existing assets – you can completely replicate actual production servers to further deceive attackers.","shortDescription":"The TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement, Advanced Persistent Threats (APTs) and sophisticated cybercriminals","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","keywords":"from, TrapX, DeceptionGrid, breach, attack, platform, intelligence, remediation, protects, assets, malicious insiders, lateral-movement, Advanced Persistent Threats (APTs), sophisticated cybercriminals, Console, Attack Visualization, security operations team, intrusion, Attacker ID, attack identification, human attacker, automated attack tools, security teams, Automated Provisioning, Deception Tokens, Active Traps, Emulated Traps, Medium Interaction Emulated Traps, FullOS Traps, High Interaction (Full Operating System) Traps","description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe","og:title":"DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders, lateral-movement","og:description":"<div style=\"text-align: center;\"><b>DeceptionGrid</b>\r\n<div style=\"text-align: center;\">TrapX DeceptionGrid protects your valuable assets against a multitude of attacks including malicious insiders and sophisticated cybercriminals.\r\n<b>Deceive, Detect and Defe"},"eventUrl":"","translationId":1723,"dealDetails":{"avgPartnerDiscount":30,"dealProtection":1,"avgDealSize":30000,"dealSizeCurrency":"","avgDealClosing":3},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"It is required to transfer the customer data to the vendor in order to receive a testing version for 30 days","categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"}]}},"categories":[{"id":199,"title":"Deception Techniques and Honeypots","alias":"deception-techniques-and-honeypots","description":"Deception technology is an emerging category of cyber security defense. Deception technology products can detect, analyze and defend against zero-day and advanced attacks, often in real time. They are automated, accurate and provide insight into malicious activity within internal networks, which may be unseen by other types of cyber defense. Deception technology enables a more proactive security posture by seeking to deceive the attackers, detect them and then defeat them, allowing the enterprise to return to normal operations.\r\nDeception technology automates the creation of traps (decoys) and/or lures, which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices.\r\nTraps (decoys) which use emulations can also imitate medical devices, automated teller machines (ATMs), retail point of sale systems, switches, routers and much more. Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets.\r\nUpon penetrating the network, attackers seek to establish a backdoor and then use this to identify and exfiltrate data and intellectual property. They begin moving laterally through the internal VLANs and almost immediately will "look at" one of the traps (decoys). Interacting with one of these "decoys" will trigger an alert. These alerts are very high probability and almost always coincide to an ongoing attack. The deception is designed to lure the attacker in – the attacker may consider this a worthy asset and continue by injecting malware. Deception technology generally allows for automated static and dynamic analysis of this injected malware and provides these reports through automation to the security operations personnel. Deception technology may also identify, through indicators of compromise (IOC), suspect end-points that are part of the compromise cycle. Automation also allows for an automated memory analysis of the suspect end-point, and then automatically isolates the suspect end-point. Many partner integrations allow for a variety of implementation paths for existing enterprise and government customers.\r\nInternet of things (IoT) devices are not usually scanned by legacy defense in depth cyber defense and remain prime targets for attackers within the network. Deception technology can identify attackers moving laterally into the network from within these devices.\r\nIntegrated turnkey devices that utilize embedded operating systems, but do not allow these operating systems to be scanned or closely protected by embedded end-point or intrusion detection software are also well protected by a deception technology deployment in the same network. Examples include process control systems (SCADA) used in many manufacturing applications on a global basis. Deception technology has been associated with the discovery of Zombie Zero, an attack vector wherein deception technology identified an attacker utilizing malware embedded in barcode readers which were manufactured overseas.\r\nMedical devices are particular vulnerable to cyber attacks within the healthcare networks. As FDA-certified devices they are closed systems and not accessible to standard cyber defense software. Deception technology can surround and protect these devices and identify attackers using these for backdoor placement and data exfiltration. Recently documented cyber attacks on medical devices include x-ray machines, CT scanners, MRI scanners, blood gas analyzers, PACS systems and many more. Networks utilizing these devices can be protected by deception technology. This attack vector, called medical device hijack or medjack, is estimated to have penetrated many hospitals worldwide.\r\nSpecialized deception technology products are now capable of addressing the rise in ransomware. Select products can deceive ransomware into engaging in an attack on a decoy resource, while isolating the infection points and alerting the cyber defense software team.","materialsDescription":"<span style=\"font-weight: bold;\">Why Use Deception Technology?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Early Post-Breach Detection</span></span>\r\nNo security solution can stop all attacks from occurring on a network, but deception technology helps to give attackers a false sense of security by making them believe they have gained a foothold in your network. From here you can monitor and record their behavior, secure in the knowledge that they can do no damage to your decoy systems. The information you record about attacker behavior and techniques can be used to further secure your network from attack.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Reduced False Positives and Risk</span></span>\r\nDead ends, false positives and alert fatigue can all hamper security efforts and put a drain on resources, if they are even analyzed at all. Too much noise can result in IT teams becoming complacent and ignoring what could potentially be a legitimate threat. Deception technology reduces the noise with fewer false positives and high fidelity alerts packed full of useful data.\r\nDeception technology is also a low risk as it has no risk to data or impact on resources or operations. When a hacker accesses or attempts to use part of the deception layer, a real and accurate alert is generated that tells admins they need to take action.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Scale and Automate at Will</span></span>\r\nWhile the threat to corporate networks and data is a daily growing concern, security teams rarely get an increase in their budget to handle the deluge of new threats. For this reason, deception technology can be a very welcome solution. Automated alerts eliminate the need for manual effort and intervention while the design of the technology allows it to be scaled easily as the organization and threat level grows.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From Legacy to IoT</span></span>\r\nDeception technology can be used to provide breadcrumbs for a vast range of different devices, including legacy environments, industry-specific environments and even IoT devices.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/Deception_Techniques_and_Honeypots.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://share.trapx.com/dl/s1mqPwZmMA","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":542,"title":"McAfee Endpoint Security for global software company","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">security platform widens the scope of threat detection to include unmanaged devices</span>\r\n<span style=\"font-weight: bold; \">Multinational Software Company</span>\r\n<ul><li>Large global software company</li><li>Industry: Technology</li><li>Environment: Fluid environment with up to 150,000 endpoints at any given time, many of them virtual, across 20 countries</li></ul>\r\n<span style=\"font-weight: bold; \">Challenges</span>\r\n<ul><li>Protect against zero-day threats across extended global enterprise</li><li>Shrink detection to remediation gap</li></ul>\r\n<span style=\"font-weight: bold; \">McAfee solution</span>\r\n<ul><li>McAfee® Advanced Threat Defense</li><li>McAfee® Complete Endpoint Threat Protection</li><li>McAfee® ePolicy Orchestrator®</li><li>McAfee® Threat Intelligence Exchange</li></ul>\r\n<span style=\"font-weight: bold; \">Results</span>\r\n<ul><li>Accelerates time to protection, thanks to automation</li><li>Augments threat reputation information shared across</li><li>McAfee ePO softwaremanaged devices with information gleaned from incidents involving unmanaged devices</li><li>Facilitates endpoint incident forensics and accelerates response</li><li>Saves security operations time and hassle</li></ul>\r\nAutomated submission of threat information to McAfee Advanced Threat Defense and automated sharing of that information across the enterprise improves protection while saving security operations time and hassle.\r\nThis large global software company with more than 20,000 employees in 20 countries has implemented an IT infrastructure that is highly virtual and fluid. Systems come and go daily on the company’s network. For instance, in a recent week, 45,000 systems, including virtual machines, connected to the corporate network. However, during peak periods, up to 150,000 endpoints can be connected. For the company’s senior manager of security engineering, who oversees the team responsible for deployment of all security tools across the global enterprise, this environment poses distinct challenges.\r\n<span style=\"font-weight: bold; \">Challenge: Close Gaps to Block Zero-Day Attacks</span>\r\nAlthough the company employs the McAfee Complete Endpoint Threat Protection suite on all its high-risk physical and virtual endpoints, it also has many virtual endpoints connecting to its network that do not have a McAfee agent installed and are therefore not updated with the latest threat protection via the McAfee ePolicy Orchestrator (McAfee® ePO™) management console. The company’s more important virtual machines host a McAfee agent but many “low-risk” systems do not. Until recently, if one of these unmanaged endpoints downloaded a malicious file, the McAfee ePO softwaremanaged endpoints would be at risk because they had no way of knowing of the existence of that threat within the environment.\r\n<span style=\"font-style: italic; \">“Zero-day threats are our biggest concern,” remarks the senior manager of security engineering. “If any of our endpoints—managed or unmanaged—downloads a zero-day threat, we want our whole environment to know about it, and we want to be able to react appropriately as fast as possible.”</span>\r\nIn addition, if a managed endpoint became infected, security analysts would receive an alert, but, because of the fluidity of systems coming on and off the network, by the time an analyst has logged in and has attempted to find the suspicious payload, the system could easily have moved offline, essentially removing the information needed to understand what had transpired. As a result, security operations center (SOC) engineers found that they had to spend extra time tracking down infected systems and remediating them.\r\n<span style=\"font-weight: bold; \">Hunting and Blocking Zero-Day Threats with McAfee Advanced Threat Defense</span>\r\nAlong with McAfee Complete Endpoint Threat Protection, the company had implemented the Data Exchange Layer (DXL) communication fabric and McAfee Threat Intelligence Exchange. DXL connects and optimizes security actions across multiple vendor products, as well as internally developed and open source solutions, and McAfee Threat Intelligence Exchange leverages DXL to bi-directionally share threat information across all DXL-connected systems. To this automated threat reputation-sharing framework, the company added McAfee Advanced Threat Defense for “zero-day hunting,” as the senior manager of security engineering describes the appliance’s main role. \r\n<span style=\"font-style: italic;\">“If an unknown or suspicious file comes across one of</span><span style=\"font-style: italic;\">our endpoints protected by McAfee Endpoint Security, </span><span style=\"font-style: italic;\">the file is automatically sent to McAfee Advanced Threat</span><span style=\"font-style: italic;\">Defense for sophisticated static and dynamic behavioral</span><span style=\"font-style: italic;\">analysis,” explains the senior manager of security</span><span style=\"font-style: italic;\">engineering. “If McAfee Advanced Threat Defense</span><span style=\"font-style: italic;\">deems the file to be malicious, its reputation is then</span><span style=\"font-style: italic;\">automatically broadcast via McAfee Threat Intelligence</span><span style=\"font-style: italic;\">Exchange to all the endpoints connected to DXL. This</span><span style=\"font-style: italic;\">automatic distribution of threat reputation information</span><span style=\"font-style: italic;\">helps us block zero-day threats before they can harm</span><span style=\"font-style: italic;\">our environment.”</span>\r\n<span style=\"font-weight: bold;\">Enhancing Intrusion Detection with Bro</span>\r\nBut what about threats entering the environment through the company’s many unmanaged endpoints? To extend detection to these systems, the company turned to the open-source Bro network security monitoring platform. Bro ingests the company’s network traffic off a span or inline tap and converts the traffic data into logs and metadata in binary format. In a typical week, Bro submits approximately 6,000 files to McAfee Advanced Threat Defense for analysis. Of those, approximately 10% to 20% end up in the McAfee Threat Intelligence Exchange threat reputation database and are subsequently shared throughout the enterprise.\r\n<span style=\"font-style: italic;\">“Bro gives us the ability to retain network traffic in a searchable format, which is extremely useful,” the senior manager of security engineering explains. “For instance, using Bro, we can search for source or distributed IP so we can easily conduct lightweight investigations— discover who or what connected to a specific IP address, what the payload looks like, determine the packet size, and so on.”</span>\r\nThe information captured by Bro supplements the threat information delivered via the McAfee Global Threat Intelligence cloud and disseminated via McAfee Threat Intelligence Exchange. With the Bro script and advice provided by McAfee (now available as a deployment kit), the senior manager of security engineering’s team integrated Bro with McAfee Advanced Threat Defense so that the Bro traffic data is automatically submitted to McAfee Advanced Threat Defense, just as suspicious files from McAfee Endpoint Security are automatically submitted through McAfee Threat Intelligence Exchange.\r\nSince the team was already very familiar with Bro, the integration was straightforward. \r\n<span style=\"font-weight: bold;\">Automatic Immunization Against Threats that Hit Unmanaged Endpoints</span>\r\n<span style=\"font-style: italic;\">“If one of our unmanaged endpoints downloads a malicious file, Bro will capture that event among the </span><span style=\"font-style: italic;\">network traffic and submit it to McAfee Advanced</span><span style=\"font-style: italic;\">Threat Defense for analysis,” notes the senior manager</span><span style=\"font-style: italic;\">of security engineering. “If McAfee Advanced Threat</span><span style=\"font-style: italic;\">Defense determines the file is malicious, then that</span><span style=\"font-style: italic;\">malicious reputation will be shared automatically with</span><span style=\"font-style: italic;\">every McAfee ePO software-managed system in our</span><span style=\"font-style: italic;\">entire enterprise—in other words, with all the systems</span><span style=\"font-style: italic;\">we care about. Put another way, if one of our unmanaged</span><span style=\"font-style: italic;\">virtual machines downloads a malicious file, all of our</span><span style=\"font-style: italic;\">managed devices automatically receive an immune shot.”</span>\r\n<span style=\"font-weight: bold;\">Facilitating and Accelerating Incident Response</span>\r\nWith the McAfee Advanced Threat Defense/Bro integration and threat reputation information automatically disseminated across endpoints via McAfee Threat Intelligence Exchange, inoculation of endpoints happens much faster than it did before. Consequently, there is a much greater likelihood that a system will “receive the immune shot” before it goes offline. In addition, because the actual event and surrounding intelligence is captured by Bro, even if the system goes offline, McAfee Advanced Threat Defense, as well as security analysts, have a great deal more information to help determine appropriate action, and, if necessary, to remediate more quickly.\r\n<span style=\"font-style: italic;\">“With the McAfee automated threat framework and supporting intelligence from the Bro integration, plus automated remediation that we have also set up, our SOC very rarely needs to pay attention to endpoint incidents,” points out the senior manager of security engineering. “The Bro integration and all that automation save a ton of time.”</span>\r\nTo fortify its defenses further, the company continues to build upon its DXL-based integrated security framework. For instance, the company is currently in the process of adding McAfee DLP Monitor to gather, track, and report on data in motion across its entire network and augment its McAfee DLP Endpoint host-based data protection.\r\n<span style=\"font-style: italic;\">“The more we can integrate our systems and automate </span><span style=\"font-style: italic;\">responses, the safer we will be,” says the senior manager</span><span style=\"font-style: italic;\">of security engineering.</span>","alias":"mcafee-endpoint-security-for-global-software-company","roi":0,"seo":{"title":"McAfee Endpoint Security for global software company","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; ","og:title":"McAfee Endpoint Security for global software company","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Integrating McAfee® Advanced Threat Defense and the Bro open-source network </span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; "},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":184,"title":"McAfee","logoURL":"https://roi4cio.com/uploads/roi/company/McAfee.png","alias":"mcafee","address":"","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994.<br /></span>\r\n<span style=\"color: rgb(97, 97, 97); \">As a leading-edge cybersecurity company, McAfee provides advanced security solutions to consumers, small and large businesses, enterprises, and governments. Security technologies from McAfee use a unique, predictive capability that is powered by McAfee Global Threat Intelligence, which enables home users and businesses to stay one step ahead of the next wave of fileless attacks, viruses, malware, and other online threats.</span>\r\nMcAfee is:\r\n■ 622 million total endpoints<br />■ 97 million enterprise endpoints<br />■ 525 million consumer endpoints<br />■ 69,000 enterprise customers<br />■ 7,000 employees<br />■ 189 countries<br />■ 151 Security Innovation Alliance partners<br />■ 80% of Fortune 100 firms<br />■ 75% of Fortune 500 firms<br />■ 64% of Global 2000 firms<br />■ 87% of world’s largest banks<br />■ 54% of Top 50 retailers<br />■ 1,550+ security patents worldwide ","companyTypes":[],"products":{},"vendoredProductsCount":17,"suppliedProductsCount":17,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":13,"vendorPartnersCount":0,"supplierPartnersCount":270,"b4r":0,"categories":{},"companyUrl":"https://www.mcafee.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"McAfee","keywords":"Intel, Security, company, Capital, McAfee, security, with, between","description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:title":"McAfee","og:description":"<span style=\"color: rgb(97, 97, 97); \">McAfee is a global organization with a 30-year history and a brand known the world over for innovation, collaboration and trust. The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who","og:image":"https://roi4cio.com/uploads/roi/company/McAfee.png"},"eventUrl":""}],"products":[{"id":429,"logo":false,"scheme":false,"title":"McAfee ePolicy Orchestrator (McAfee ePO)","vendorVerified":1,"rating":"2.70","implementationsCount":7,"presenterCode":"","suppliersCount":0,"alias":"mcafee-epolicy-orchestrator-mcafee-epo","companyTypes":[],"description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks.  \r\nSimplify security operations with streamlined workflows for proven efficiencies.\r\nFlexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.\r\nLeverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.\r\n\r\nQuick deployment for maximum efficiency\r\nDeploy quickly and easily\r\nEnsure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly.\r\n\r\nGain efficiencies\r\nStreamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy.\r\n\r\nFuture-proof your security infrastructure\r\nProtect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.","shortDescription":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee ePolicy Orchestrator (McAfee ePO)","keywords":"security, your, management, McAfee, with, from, infrastructure, threat","description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, ","og:title":"McAfee ePolicy Orchestrator (McAfee ePO)","og:description":"McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. \r\nGet a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, "},"eventUrl":"","translationId":430,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>  Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>  Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>  Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_SIEM.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":538,"logo":false,"scheme":false,"title":"McAfee Complete Endpoint Threat Protection","vendorVerified":1,"rating":"2.00","implementationsCount":3,"presenterCode":"","suppliersCount":0,"alias":"mcafee-complete-endpoint-threat-protection","companyTypes":[],"description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.</p>\r\n<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.</p>","shortDescription":"McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":20,"sellingCount":14,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Complete Endpoint Threat Protection","keywords":"McAfee, Complete, defenses, your, Threat, Endpoint, Protection, zero-day","description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that ","og:title":"McAfee Complete Endpoint Threat Protection","og:description":"<p style=\"margin: 0px 10px 15px 0px; padding: 0px; border: 0px; outline: 0px; color: #53565a; font-family: intel_clear_wregular, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px;\">McAfee Complete Endpoint Threat Protection provides advanced defenses that "},"eventUrl":"","translationId":595,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).  The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices  </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":1732,"logo":false,"scheme":false,"title":"McAfee Endpoint Security","vendorVerified":1,"rating":"2.80","implementationsCount":5,"presenterCode":"https://slides.roi4presenter.com/presentation/9ccbf2894e6bd191c2ffc3a95ecd6c6a","suppliersCount":0,"alias":"mcafee-endpoint-security","companyTypes":[],"description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click.\r\n<span style=\"font-weight: bold;\">Product features</span>\r\n<ul><li>Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.</li><li>Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.</li><li>Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.</li><li>Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.</li><li>Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.</li><li>Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.</li></ul>","shortDescription":"McAfee Endpoint Security is an integrated, centrally managed, advanced defenses","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":11,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Endpoint Security","keywords":"","description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit","og:title":"McAfee Endpoint Security","og:description":"Advanced, consolidated endpoint defense <span style=\"font-weight: bold;\">McAfee Endpoint Security</span> delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit"},"eventUrl":"","translationId":1733,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).  The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":2160,"logo":false,"scheme":false,"title":"McAfee Advanced Threat Defense","vendorVerified":1,"rating":"2.00","implementationsCount":5,"presenterCode":"","suppliersCount":0,"alias":"mcafee-advanced-threat-defense","companyTypes":[],"description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.\r\nMcAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.\r\nAdvanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:\r\n<ul> <li>Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.</li> <li>User interactive mode: Enables analysts to interact directly with malware samples.</li> <li>Extensive unpacking capabilities: Reduces investigation time from days to minutes.</li> <li>Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.</li> <li>Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.</li> <li>Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.</li> <li>Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.</li> </ul>\r\nFlexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.","shortDescription":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"McAfee Advanced Threat Defense","keywords":"","description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an","og:title":"McAfee Advanced Threat Defense","og:description":"McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection an"},"eventUrl":"","translationId":2161,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":397,"title":"Insufficient risk management"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"}]}},"categories":[{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>  Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>  Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>  Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":25,"title":"Web filtering","alias":"web-filtering","description":" <span style=\"font-weight: bold; \">Web filtering</span> is a technology that stops users from viewing certain URLs or websites by preventing their browsers from loading pages from these sites. Web filters are made in different ways and deliver various solutions for individual, family, institutional or enterprise use.\r\nIn general, Web filters work in two distinct ways. They can <span style=\"font-weight: bold; \">block content</span> as determined by quality of the site, by consulting known lists which document and categorize popular pages across all genres of content. Or, they can <span style=\"font-weight: bold; \">evaluate the content</span> of the page live and block it accordingly. Many Web filter tools work off of a constantly updated URL database that shows which websites and domains are associated with hosting malware, phishing, viruses or other tools for harmful activities.\r\n<span style=\"font-weight: bold;\">Web Filtering Types.</span> <span style=\"font-style: italic;\">Blacklist & Whitelist Filters:</span>when using blacklists, an administrator (which might be a parent) manually enters all websites that are deemed inappropriate into the program, and those sites are subsequently blocked. Whitelists are used in exactly the same way, only in reverse – i.e. URLs are manually entered onto a whitelist, and all other websites are then off-limits.\r\n<span style=\"font-style: italic; \">Keyword And Content Filters: </span>this type of filtering is in many ways similar to black and whitelist filtering, though with a slightly broader scope. Keyword and content filters will filter out websites that contain specific keywords or predefined content (such as pornography, for example).\r\nSome website filtering software also provides reporting so that the installer can see what kind of traffic is being filtered and who has requested it. Some products provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. \r\n<span style=\"font-weight: bold; \">Web Filtering Software for Business.</span> Most organizations have moved to cloud based-applications, making browsers a tool that employees use on a daily basis to access work. Browsers have become a conduit to not only the cloud, but also to immeasurable malware and distractions hosted on the web. In order to ensure that browsers do not bring in malicious traffic, web filtering software becomes necessary.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">What is Enterprise Web Filtering Software?</h1>\r\nAntivirus and antimalware software are required to detect malicious programs that has been downloaded, but it is now important for enterprise web filtering software to be installed. Content filtering software is an invaluable protection against a wide range of web-borne threats. Rather than allowing malware and ransomware to be downloaded, it prevents end users from visiting websites that contain these malicious threats.\r\nInternet filtering software is also one of the most effective ways to neutralize the threat from phishing. Phishing is a technique used by cybercriminals to gain access to sensitive user information. Phishers trick end users into revealing login credentials or downloading malicious software onto their computers.\r\nPhishing involves sophisticated social engineering techniques to fool end users into visiting malicious websites. If employees can be convinced to reveal sensitive information or download ransomware or malware, cybercriminals can easily bypass even the most sophisticated of cybersecurity defenses.\r\n<h1 class=\"align-center\">What is URL Filtering?</h1>\r\nURL filtering is a type of network filtering software that helps businesses control their users’ and guests’ ability to access certain content on the web. If you’ve ever gotten a “block” page while surfing the internet at the office, then your company is using web filtering.\r\nSome employers may only be concerned about blocking access to websites that are known to spread malware or steal information. Other businesses may block content they find inappropriate, such as adult websites or sites that promote violence, or content that violates compliance regulations. They may also choose to activate web protection software to block social media or video streaming sites to minimize drains on productivity and network bandwidth.\r\nTypically, URL filtering software is provided by a cybersecurity service, firewall, or router. Each of these may use a variety of threat intelligence sources to determine which websites fit into their chosen acceptable and unacceptable categories. That’s where highly reliable web reputation services are most valuable. Sources that have extensive web histories and real-time active crawling services will provide the most accurate content determinations.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Web_filtering.png"},{"id":40,"title":"Endpoint security","alias":"endpoint-security","description":"In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.\r\nUsually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices).  The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).\r\nEndpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What are endpoint devices?</span>\r\nAny device that can connect to the central business network is considered an endpoint. Endpoint devices are potential entry points for cybersecurity threats and need strong protection because they are often the weakest link in network security.\r\n<span style=\"font-weight: bold;\">What is endpoint security management?</span>\r\nA set of rules defining the level of security that each device connected to the business network must comply with. These rules may include using an approved operating system (OS), installing a virtual private network (VPN), or running up-to-date antivirus software. If the device connecting to the network does not have the desired level of protection, it may have to connect via a guest network and have limited network access.\r\n<span style=\"font-weight: bold;\">What is endpoint security software?</span>\r\nPrograms that make sure your devices are protected. Endpoint protection software may be cloud-based and work as SaaS (Software as a Service). Endpoint security software can also be installed on each device separately as a standalone application.\r\n<span style=\"font-weight: bold;\">What is endpoint detection and response (EDR)?</span>\r\nEndpoint detection and response (EDR) solutions analyze files and programs, and report on any threats found. EDR solutions monitor continuously for advanced threats, helping to identify attacks at an early stage and respond rapidly to a range of threats.<br /><br />","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Endpoint_security.png"},{"id":41,"title":"Antispam","alias":"antispam","description":"In each system, which involves the communication of users, there is always the problem of spam, or the mass mailing of unsolicited emails, which is solved using the antispam system. An antispam system is installed to catch and filter spam at different levels. Spam monitoring and identification are relevant on corporate servers that support corporate email, here the antispam system filters spam on the server before it reaches the mailbox. There are many programs that help to cope with this task, but not all of them are equally useful. The main objective of such programs is to stop sending unsolicited letters, however, the methods of assessing and suppressing such actions can be not only beneficial but also detrimental to your organization. So, depending on the rules and policies of mail servers, your server, or even a domain, may be blacklisted and the transfer of letters will be limited through it, and you may not even be warned about it.\r\nThe main types of installation and use of anti-spam systems:\r\n<ul><li>installation of specialized equipment, a gateway that filters mail before it reaches the server;</li><li>use of external antispam systems for analyzing emails and content;</li><li>setting up an antispam system with the ability to learn on the mail server itself;</li><li>installation of spam filtering software on the client’s computer.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Anti-spam technologies:</span>\r\n<span style=\"font-weight: bold;\">Heuristic analysis</span>\r\nExtremely complex, highly intelligent technology for empirical analysis of all parts of a message: header fields, message bodies, etc. Not only the message itself is analyzed. The heuristic analyzer is constantly being improved, new rules are continuously added to it. It works “ahead of the curve” and makes it possible to recognize still unknown varieties of spam of a new generation before the release of available updates.\r\n<span style=\"font-weight: bold;\">Filtering counteraction</span>\r\nThis is one of the most advanced and effective anti-spam technologies. It is to recognize the tricks resorted to by spammers to bypass anti-spam filters.\r\n<span style=\"font-weight: bold;\">HTML based analysis</span>\r\nHTML code comparable to samples of HTML signatures in antispam. Such a comparison, using the available data on the size of typical spam images, protects users from spam messages using HTML-code, which are often included in the online image.\r\n<span style=\"font-weight: bold;\">Spam detection technology for message envelopes</span>\r\nDetection of fakes in the "stamps" of SMTP-servers and in other elements of the e-mail header is the newest direction in the development of anti-spam methods. Email addresses can not be trusted. Fake emails contain more than just spam. For example, anonymous and even threats. Technologies of various anti-spam systems allow you to send such messages. Thus, it provides not only the economic movement, but also the protection of employees.\r\n<span style=\"font-weight: bold;\">Semantic analysis</span>\r\nMeaning in words and phrases is compared with typical spam vocabulary. Comparison of provisions for a special dictionary, for expression and symbols.\r\n<span style=\"font-weight: bold;\">Anti-camming technology</span>\r\nScamming is probably the most dangerous type of spam. All of them have the so-called "Nigerian letters", reports of winnings in the lottery, casino, fake letters and credit services.\r\n<span style=\"font-weight: bold;\">Technical spam filtering</span>\r\nAutomatic notification of e-mail - bounce-messages - to inform users about the malfunction of the postal system (for example, non-delivery of address letters). Attackers can use similar messages. Under the guise of a technical notification, computer service or ordinary spam can penetrate the computer.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Antispam.png"},{"id":42,"title":"UTM - Unified threat management","alias":"utm-unified-threat-management","description":"<span style=\"font-weight: bold; \">UTM (Unified Threat Management)</span> system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.\r\nUnified threat management <span style=\"font-weight: bold; \">devices  </span>are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.\r\nUTM <span style=\"font-weight: bold; \">cloud services</span> and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defense in depth. While UTM systems and <span style=\"font-weight: bold; \">next-generation firewalls (NGFWs)</span> are sometimes comparable, unified threat management device includes added security features that NGFWs don't offer.\r\nOriginally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.\r\nUnified threat management appliance has gained traction in the industry due to the emergence of blended threats, which are combinations of different types of malware and attacks that target separate parts of the network simultaneously. By creating a single point of defense and providing a single console, unified security management make dealing with varied threats much easier.\r\nUnified threat management products provide increased protection and visibility, as well as control over network security, reducing complexity. Unified threat management system typically does this via inspection methods that address different types of threats. These methods include:\r\n<ul><li><span style=\"font-weight: bold; \">Flow-based inspection,</span> also known as stream-based inspection, samples data that enters a UTM device, and then uses pattern matching to determine whether there is malicious content in the data flow.</li><li> <span style=\"font-weight: bold; \">Proxy-based inspection</span> acts as a proxy to reconstruct the content entering a UTM device, and then executes a full inspection of the content to search for potential security threats. If the content is clean, the device sends the content to the user. However, if a virus or other security threat is detected, the device removes the questionable content, and then sends the file or webpage to the user.</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> How UTM is deployed?</h1>\r\nBusinesses can implement UTM as a UTM appliance that connects to a company's network, as a software program running on an existing network server, or as a service that works in a cloud environment.\r\nUTMs are particularly useful in organizations that have many branches or retail outlets that have traditionally used dedicated WAN, but are increasingly using public internet connections to the headquarters/data center. Using a UTM in these cases gives the business more insight and better control over the security of those branch or retail outlets.\r\nBusinesses can choose from one or more methods to deploy UTM to the appropriate platforms, but they may also find it most suitable to select a combination of platforms. Some of the options include installing unified threat management software on the company's servers in a data center; using software-based UTM products on cloud-based servers; using traditional UTM hardware appliances that come with preintegrated hardware and software; or using virtual appliances, which are integrated software suites that can be deployed in virtual environments.\r\n<h1 class=\"align-center\">Benefits of Using a Unified Threat Management Solution</h1>\r\nUTM solutions offer unique benefits to small and medium businesses that are looking to enhance their security programs. Because the capabilities of multiple specialized programs are contained in a single appliance, UTM threat management reduces the complexity of a company’s security system. Similarly, having one program that controls security reduces the amount of training that employees receive when being hired or migrating to a new system and allows for easy management in the future. This can also save money in the long run as opposed to having to buy multiple devices.\r\nSome UTM solutions provide additional benefits for companies in strictly regulated industries. Appliances that use identity-based security to report on user activity while enabling policy creation based on user identity meet the requirements of regulatory compliance such as HIPPA, CIPA, and GLBA that require access controls and auditing that meet control data leakage.\r\nUTM solutions also help to protect networks against combined threats. These threats consist of different types of malware and attacks that target separate parts of the network simultaneously. When using separate appliances for each security wall, preventing these combined attacks can be difficult. This is because each security wall has to be managed individually in order to remain up-to-date with the changing security threats. Because it is a single point of defense, UTM’s make dealing with combined threats easier.\r\n\r\n","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_UTM.jpg"},{"id":826,"title":"Sandbox","alias":"sandbox","description":" In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.\r\nIn the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.","materialsDescription":" <span style=\"font-weight: bold;\">What is the sandbox?</span>\r\nThe sandbox is like a ''virtual machine'', which runs on the device. It is a section of the device, for which a user account has been set in the system. In this section, programs can be started, data can be collected and services can be provided, which are not available within the system of the router. Inside the sandbox, the environment is like it is inside a Linux PC. The sandbox is an area separate from the router part of the system, which ensures that the router can fulfill its task without interference from the sandbox.\r\n<span style=\"font-weight: bold;\">What is the use of the sandbox?</span>\r\nBesides its actual tasks, the device can fulfill additional tasks via sandbox. Without the sandbox, these tasks would have to be carried out by an additional industrial computer.\r\nNot having to install and run the computer saves space inside the switching cabinet, money, as additional hardware is not required, and energy, which also reduces industrial waste heat. The device establishes the connection into the internet or to the control center. The programs in the sandbox use this connection. The configuration of the connection to the internet or to the control center can be set comfortably via the web interface.\r\n<span style=\"font-weight: bold;\">Which things can you NOT do with the sandbox?</span>\r\nAll the things that do require root permissions on the device.\r\nIt is not possible to execute commands or programs, which require root rights. Examples for such commands or programs are the raw connections (like ICMP - "ping"). This ensures that the device doesn't interfere with its tasks.\r\n<span style=\"font-weight: bold;\">Which hardware interfaces are available in the sandbox?</span>\r\nSerial interface, Ethernet of the LAN connection (4-port-switch), WAN connection depending on the make of the device (LAN, GPRS, EDGE, UMTS, PSTN and ISDN).\r\nVia the web interface, you can assign the serial interface to be used by applications in the sandbox. If assigned to the sandbox, the serial interface is not available for the device. In this case, neither serial-Ethernet-gateway nor the connection of a further, redundant communication device will be possible. The LAN, as well as the WAN connection, can be used in the way they are configured for the device. Network settings can be configured via the web interface and not via the sandbox. Depending on the configuration and the type of the device also the sandbox can communicate in various ways via LAN, GPRS, EDGE, UMTS, PSTN or ISDN.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon-sandbox.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.mcafee.com/enterprise/en-us/assets/case-studies/cs-multinational-software-company.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":553,"title":"Cisco Email Security for Insurance company","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">This case study of a small business insurance company is based on a June 2018 survey of Cisco Email Security customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-style: italic;\">“Cisco Email Security allows us to get insight and control spam/malicious email. It also allows us to better track all email.”</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Challenges</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Evaluated the following vendors prior to choosing Cisco Email Security:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">None. Our 3rd party vendor offered no alternatives.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Use Case</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">The key features and functionalities of Cisco Email Security that the surveyed company uses:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<ul><li>Purchased Advanced Malware Protection (AMP) after purchasing Cisco Email Security.</li><li>Using the following Cisco products in addition to Cisco Email Security:</li><li>Identity Services Engine (ISE)</li></ul>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Results</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The surveyed company achieved the following results with Cisco Email Security:</span>\r\n<ul><li>Protected users from threats in incoming email to prevent breaches</li><li>Act as a Spam and Graymail filter</li></ul>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Company Profile</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The company featured in this case study asked to have its name publicly blinded because publicly endorsing vendors is against their policies.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">TechValidate stands behind the authenticity of this data.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Company Size:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Small Business</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Industry:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Insurance</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">About Cisco Email Security</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Defend against ransomware, business email compromise, spoofing, phishing, and spam while protecting sensitive data with data loss prevention (DLP) and encryption.</span>","alias":"cisco-email-security-for-insurance-company","roi":0,"seo":{"title":"Cisco Email Security for Insurance company","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">This case study of a small business insurance company is based on a June 2018 survey of Cisco Email Security customers by TechValidate, a 3rd-party research service. The pro","og:title":"Cisco Email Security for Insurance company","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">This case study of a small business insurance company is based on a June 2018 survey of Cisco Email Security customers by TechValidate, a 3rd-party research service. The pro"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":170,"title":"Cisco","logoURL":"https://roi4cio.com/uploads/roi/company/cisco_logo.png","alias":"cisco","address":"","roles":[],"description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, Cisco dominates the Internet Protocol (IP) -based network equipment segment, and also manufactures cybersecurity, video conferencing systems, and other network equipment and software. In addition, Cisco offers a number of cloud services. Cisco's primary customers are large enterprises and telecommunications service providers, but the company also sells products aimed at small businesses and the public sector. </span>\r\n\r\n<span lang=\"en\">Cisco offers products and services in four categories. The company's infrastructure platforms generate more than half of its revenue. This includes switching devices, routing devices, wireless communications, and data processing solutions. Applications that account for over 10% of revenue are primarily software related to networking and data processing platforms. </span>\r\n\r\n<span lang=\"en\">Applications include collaboration tools (unified communications, Cisco TelePresence video conferencing) as well as AppDynamics and Internet of Things software. The cybersecurity product category generates more than 5% of the company's revenue and includes network security, email security, identity and access, advanced threat protection, and unified exposure management products. In addition, Cisco offers consulting services. </span>\r\n\r\n<span lang=\"en\">Cisco's total revenue in fiscal 2020 was nearly $ 50 billion. The company is expanding its research and development (R&D) investments in areas such as the cloud platform, remote collaboration platform, analytics and telecommunications technologies.</span>","companyTypes":[],"products":{},"vendoredProductsCount":31,"suppliedProductsCount":31,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":7,"vendorImplementationsCount":42,"vendorPartnersCount":0,"supplierPartnersCount":282,"b4r":0,"categories":{},"companyUrl":"www.cisco.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Cisco","keywords":"Index, networking, Cisco, company, Russell, 1000, June, Average","description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:title":"Cisco","og:description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:image":"https://roi4cio.com/uploads/roi/company/cisco_logo.png"},"eventUrl":""},"vendors":[{"id":170,"title":"Cisco","logoURL":"https://roi4cio.com/uploads/roi/company/cisco_logo.png","alias":"cisco","address":"","roles":[],"description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, Cisco dominates the Internet Protocol (IP) -based network equipment segment, and also manufactures cybersecurity, video conferencing systems, and other network equipment and software. In addition, Cisco offers a number of cloud services. Cisco's primary customers are large enterprises and telecommunications service providers, but the company also sells products aimed at small businesses and the public sector. </span>\r\n\r\n<span lang=\"en\">Cisco offers products and services in four categories. The company's infrastructure platforms generate more than half of its revenue. This includes switching devices, routing devices, wireless communications, and data processing solutions. Applications that account for over 10% of revenue are primarily software related to networking and data processing platforms. </span>\r\n\r\n<span lang=\"en\">Applications include collaboration tools (unified communications, Cisco TelePresence video conferencing) as well as AppDynamics and Internet of Things software. The cybersecurity product category generates more than 5% of the company's revenue and includes network security, email security, identity and access, advanced threat protection, and unified exposure management products. In addition, Cisco offers consulting services. </span>\r\n\r\n<span lang=\"en\">Cisco's total revenue in fiscal 2020 was nearly $ 50 billion. The company is expanding its research and development (R&D) investments in areas such as the cloud platform, remote collaboration platform, analytics and telecommunications technologies.</span>","companyTypes":[],"products":{},"vendoredProductsCount":31,"suppliedProductsCount":31,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":7,"vendorImplementationsCount":42,"vendorPartnersCount":0,"supplierPartnersCount":282,"b4r":0,"categories":{},"companyUrl":"www.cisco.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Cisco","keywords":"Index, networking, Cisco, company, Russell, 1000, June, Average","description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:title":"Cisco","og:description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:image":"https://roi4cio.com/uploads/roi/company/cisco_logo.png"},"eventUrl":""}],"products":[{"id":1741,"logo":false,"scheme":false,"title":"Cisco Email Security","vendorVerified":0,"rating":"2.00","implementationsCount":2,"presenterCode":"","suppliersCount":0,"alias":"cisco-email-security","companyTypes":[],"description":"<span style=\"font-weight: bold;\">New capabilities to protect your users and brand</span>\r\nTwo new capabilities help block phishing emails from reaching your users and safeguard your company’s domain. Gain additional layers of protection against business email compromise (BEC).\r\n<span style=\"font-weight: bold;\">Cisco Advanced Phishing Protection</span>\r\n<span style=\"font-weight: bold;\">Benefits:</span>\r\n• Gain a real-time understanding of senders, learn and authenticate email identities and behavioral relationships to protect against BEC attacks\r\n• Remove malicious emails from users’ inboxes to prevent wire fraud or other advanced attacks\r\n• Get detailed visibility into email attack activity, including total messages secured and attacks prevented\r\n• Augment phishing and BEC detection and blocking capabilities offered in Cisco Email Security\r\n<span style=\"font-weight: bold;\">Cisco Domain Protection</span>\r\n<span style=\"font-weight: bold;\">Benefits:</span>\r\n• Prevent brand abuse through impersonation of your company domain\r\n• Gain visibility into your internal and third-party senders who use your domain to send email on your behalf\r\n• Automate the Domain-based Message Authentication, Reporting, and Conformance (DMARC) authentication and enforcement process to identify illegitimate senders\r\n• Block unauthorized senders and set up DMARC protection to reduce illegitimate emails from your domain\r\n• Increase outbound email marketing effectiveness\r\n<span style=\"font-weight: bold;\">Advanced email security protection</span>\r\nAttackers rely primarily on email to distribute spam, malware, and other threats. To prevent breaches, you need a powerful email security solution. Cisco Email Security is your defense against phishing, business email compromise, and ransomware. Get threat intelligence updates every three to five minutes through Cisco Talos for the most up-to-date protection. Cisco Advanced Malware Protection protects against stealthy malware in attachments, and industry-leading URL intelligence combats malicious links. Cisco Email Security also enhances Office 365 email security.  Protecting outgoing email is important too. Cisco Email Security has robust data loss prevention and content encryption capabilities to safeguard sensitive information. This helps you comply with government and industry regulations.","shortDescription":"Cisco Email Security is an Secure E-mail Gateway. Stops phishing, business email compromise, ransomware, spam, and enhances Office 365 email security. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":6,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cisco Email Security","keywords":"","description":"<span style=\"font-weight: bold;\">New capabilities to protect your users and brand</span>\r\nTwo new capabilities help block phishing emails from reaching your users and safeguard your company’s domain. Gain additional layers of protection against business ","og:title":"Cisco Email Security","og:description":"<span style=\"font-weight: bold;\">New capabilities to protect your users and brand</span>\r\nTwo new capabilities help block phishing emails from reaching your users and safeguard your company’s domain. Gain additional layers of protection against business "},"eventUrl":"","translationId":1742,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"},{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":336,"title":"Risk or Leaks of confidential information"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":400,"title":"High costs"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":385,"title":"Risk of data loss or damage"}]}},"categories":[{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"},{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.techvalidate.com/product-research/cisco-email-security/case-studies/B13-D2B-381","title":"Media"}},"comments":[],"referencesCount":0},{"id":554,"title":"Cisco Email Security for Computer Software company","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Large Enterprise Computer Software Company</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">This case study of a large enterprise computer software company is based on a May 2018 survey of Cisco Email Security customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-style: italic;\">“We have been able to make extensive use of Cisco Email Security’s ability to create custom content filters. We have relied on those to better protect against BEC emails, W2 and payroll fraud, and other phishing emails.”</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-style: italic;\"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-style: italic;\">“I appreciate the ability to customize the way the platform works, specifically with regards to the content filters – they can be powerful.”</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Challenges</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The business challenges that led the profiled company to evaluate and ultimately select Cisco Email Security:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Chose Cisco Email Security to protect their Office 365 email because Cisco has:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Stronger protection from advanced email threats (business email compromise (BEC), advanced malware and/or phishing)</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Protects sensitive information in outgoing emails with:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Microsoft Office 365 built-in tools</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Evaluated the following vendors prior to choosing Cisco Email Security:</span>\r\n<ul><li>Proofpoint</li><li>Symantec</li><li>Mimecast</li></ul>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Use Case</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The key features and functionalities of Cisco Email Security that the surveyed company uses:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Purchased Advanced Malware Protection (AMP) and Cisco Email Security at the same time.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Using the following Cisco products in addition to Cisco Email Security:</span>\r\n<ul><li>AMP for Endpoints or AMP on another product</li><li>AnyConnect</li><li>Identity Services Engine (ISE)</li><li>Next-Generation Intrusion Prevention System</li><li>Umbrella</li><li>Cisco Web Security (CWS)</li></ul>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Results</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The surveyed company achieved the following results with Cisco Email Security:</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Protecting users from threats in incoming email to prevent breaches</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; font-weight: bold;\">Company Profile</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">The company featured in this case study asked to have its name publicly blinded because publicly endorsing vendors is against their policies.</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">TechValidate stands behind the authenticity of this data.</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Company Size:</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">Large Enterprise</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \"><br /></span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Industry:</span><span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px;\">Computer Software</span>\r\n\r\n","alias":"cisco-email-security-for-computer-software-company","roi":0,"seo":{"title":"Cisco Email Security for Computer Software company","keywords":"","description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Large Enterprise Computer Software Company</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">This case study of a large enterpri","og:title":"Cisco Email Security for Computer Software company","og:description":"<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">Large Enterprise Computer Software Company</span>\r\n<span style=\"color: rgb(0, 0, 0); font-family: Verdana, sans-serif; font-size: 12px; \">This case study of a large enterpri"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":170,"title":"Cisco","logoURL":"https://roi4cio.com/uploads/roi/company/cisco_logo.png","alias":"cisco","address":"","roles":[],"description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, Cisco dominates the Internet Protocol (IP) -based network equipment segment, and also manufactures cybersecurity, video conferencing systems, and other network equipment and software. In addition, Cisco offers a number of cloud services. Cisco's primary customers are large enterprises and telecommunications service providers, but the company also sells products aimed at small businesses and the public sector. </span>\r\n\r\n<span lang=\"en\">Cisco offers products and services in four categories. The company's infrastructure platforms generate more than half of its revenue. This includes switching devices, routing devices, wireless communications, and data processing solutions. Applications that account for over 10% of revenue are primarily software related to networking and data processing platforms. </span>\r\n\r\n<span lang=\"en\">Applications include collaboration tools (unified communications, Cisco TelePresence video conferencing) as well as AppDynamics and Internet of Things software. The cybersecurity product category generates more than 5% of the company's revenue and includes network security, email security, identity and access, advanced threat protection, and unified exposure management products. In addition, Cisco offers consulting services. </span>\r\n\r\n<span lang=\"en\">Cisco's total revenue in fiscal 2020 was nearly $ 50 billion. The company is expanding its research and development (R&D) investments in areas such as the cloud platform, remote collaboration platform, analytics and telecommunications technologies.</span>","companyTypes":[],"products":{},"vendoredProductsCount":31,"suppliedProductsCount":31,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":7,"vendorImplementationsCount":42,"vendorPartnersCount":0,"supplierPartnersCount":282,"b4r":0,"categories":{},"companyUrl":"www.cisco.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Cisco","keywords":"Index, networking, Cisco, company, Russell, 1000, June, Average","description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:title":"Cisco","og:description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:image":"https://roi4cio.com/uploads/roi/company/cisco_logo.png"},"eventUrl":""},"vendors":[{"id":170,"title":"Cisco","logoURL":"https://roi4cio.com/uploads/roi/company/cisco_logo.png","alias":"cisco","address":"","roles":[],"description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, Cisco dominates the Internet Protocol (IP) -based network equipment segment, and also manufactures cybersecurity, video conferencing systems, and other network equipment and software. In addition, Cisco offers a number of cloud services. Cisco's primary customers are large enterprises and telecommunications service providers, but the company also sells products aimed at small businesses and the public sector. </span>\r\n\r\n<span lang=\"en\">Cisco offers products and services in four categories. The company's infrastructure platforms generate more than half of its revenue. This includes switching devices, routing devices, wireless communications, and data processing solutions. Applications that account for over 10% of revenue are primarily software related to networking and data processing platforms. </span>\r\n\r\n<span lang=\"en\">Applications include collaboration tools (unified communications, Cisco TelePresence video conferencing) as well as AppDynamics and Internet of Things software. The cybersecurity product category generates more than 5% of the company's revenue and includes network security, email security, identity and access, advanced threat protection, and unified exposure management products. In addition, Cisco offers consulting services. </span>\r\n\r\n<span lang=\"en\">Cisco's total revenue in fiscal 2020 was nearly $ 50 billion. The company is expanding its research and development (R&D) investments in areas such as the cloud platform, remote collaboration platform, analytics and telecommunications technologies.</span>","companyTypes":[],"products":{},"vendoredProductsCount":31,"suppliedProductsCount":31,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":7,"vendorImplementationsCount":42,"vendorPartnersCount":0,"supplierPartnersCount":282,"b4r":0,"categories":{},"companyUrl":"www.cisco.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Cisco","keywords":"Index, networking, Cisco, company, Russell, 1000, June, Average","description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:title":"Cisco","og:description":"<span lang=\"en\">Cisco Systems is a global manufacturer of network equipment: routers, switches and servers, as well as software for data transmission on the Internet and corporate networks. The company was founded in 1984 in San Jose (California, USA). Today, ","og:image":"https://roi4cio.com/uploads/roi/company/cisco_logo.png"},"eventUrl":""}],"products":[{"id":1741,"logo":false,"scheme":false,"title":"Cisco Email Security","vendorVerified":0,"rating":"2.00","implementationsCount":2,"presenterCode":"","suppliersCount":0,"alias":"cisco-email-security","companyTypes":[],"description":"<span style=\"font-weight: bold;\">New capabilities to protect your users and brand</span>\r\nTwo new capabilities help block phishing emails from reaching your users and safeguard your company’s domain. Gain additional layers of protection against business email compromise (BEC).\r\n<span style=\"font-weight: bold;\">Cisco Advanced Phishing Protection</span>\r\n<span style=\"font-weight: bold;\">Benefits:</span>\r\n• Gain a real-time understanding of senders, learn and authenticate email identities and behavioral relationships to protect against BEC attacks\r\n• Remove malicious emails from users’ inboxes to prevent wire fraud or other advanced attacks\r\n• Get detailed visibility into email attack activity, including total messages secured and attacks prevented\r\n• Augment phishing and BEC detection and blocking capabilities offered in Cisco Email Security\r\n<span style=\"font-weight: bold;\">Cisco Domain Protection</span>\r\n<span style=\"font-weight: bold;\">Benefits:</span>\r\n• Prevent brand abuse through impersonation of your company domain\r\n• Gain visibility into your internal and third-party senders who use your domain to send email on your behalf\r\n• Automate the Domain-based Message Authentication, Reporting, and Conformance (DMARC) authentication and enforcement process to identify illegitimate senders\r\n• Block unauthorized senders and set up DMARC protection to reduce illegitimate emails from your domain\r\n• Increase outbound email marketing effectiveness\r\n<span style=\"font-weight: bold;\">Advanced email security protection</span>\r\nAttackers rely primarily on email to distribute spam, malware, and other threats. To prevent breaches, you need a powerful email security solution. Cisco Email Security is your defense against phishing, business email compromise, and ransomware. Get threat intelligence updates every three to five minutes through Cisco Talos for the most up-to-date protection. Cisco Advanced Malware Protection protects against stealthy malware in attachments, and industry-leading URL intelligence combats malicious links. Cisco Email Security also enhances Office 365 email security.  Protecting outgoing email is important too. Cisco Email Security has robust data loss prevention and content encryption capabilities to safeguard sensitive information. This helps you comply with government and industry regulations.","shortDescription":"Cisco Email Security is an Secure E-mail Gateway. Stops phishing, business email compromise, ransomware, spam, and enhances Office 365 email security. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":6,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cisco Email Security","keywords":"","description":"<span style=\"font-weight: bold;\">New capabilities to protect your users and brand</span>\r\nTwo new capabilities help block phishing emails from reaching your users and safeguard your company’s domain. Gain additional layers of protection against business ","og:title":"Cisco Email Security","og:description":"<span style=\"font-weight: bold;\">New capabilities to protect your users and brand</span>\r\nTwo new capabilities help block phishing emails from reaching your users and safeguard your company’s domain. Gain additional layers of protection against business "},"eventUrl":"","translationId":1742,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"},{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":336,"title":"Risk or Leaks of confidential information"},{"id":344,"title":"Malware infection via Internet, email, storage devices"},{"id":400,"title":"High costs"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":385,"title":"Risk of data loss or damage"}]}},"categories":[{"id":469,"title":"Secure E-mail Gateway","alias":"secure-e-mail-gateway","description":" According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and Next-Gen Anti-Phishing and Anti-Spam</li><li>Additional Security Features</li><li>Customization of the Solution’s Management Features</li><li>Low False Positive and False Negative Percentages</li><li>External Processes and Storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, SEGs can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":" <span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against these email-borne threats. It is effectively a firewall for your email and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan every email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a certain period of time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway.jpg"},{"id":558,"title":"Secure E-mail Gateway - Appliance","alias":"secure-e-mail-gateway-appliance","description":"According to technology research firm Gartner, secure email gateways “provide basic message transfer agent functions; inbound filtering of spam, phishing, malicious and marketing emails; and outbound data loss prevention (DLP) and email encryption.”\r\nTo put that in simpler language, a secure email gateway (also called an email security gateway) is a cybersecurity solution that monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Secure email gateways can be deployed via an email server, public cloud, on-premises software, or in a hybrid system. According to cybersecurity experts, none of these deployment options are inherently superior; each one has its own strengths and weaknesses that must be assessed by the individual enterprise.\r\nGartner defines the secure email gateway market as mature, with the key capabilities clearly defined by market demands and customer satisfaction. These capabilities include:\r\n<ul><li>Basic and next-gen anti-phishing and anti-spam</li><li>Additional security features</li><li>Customization of the solution’s management features</li><li>Low false positive and false negative percentages</li><li>External processes and storage</li></ul>\r\nSecure email gateways are designed to surpass the traditional detection capabilities of legacy antivirus and anti-phishing solutions. To do so, they offer more sophisticated detection and prevention capabilities; secure email gateways can make use of threat intelligence to stay up-to-date with the latest threats.\r\nAdditionally, secure email gateways can sandbox suspicious emails, observing their behavior in a safe, enclosed environment that resembles the legitimate network. Security experts can then determine if it is a legitimate threat or a false positive.\r\nSecure email gateway solutions will often offer data loss prevention and email encryption capabilities to protect outgoing communications from prying and unscrupulous eyes.\r\nMuch like SIEM or endpoint detection and response (EDR), secure email gateways can produce false positives and false negatives, although they do tend to be far less than rates found in SIEM and EDR alerts.","materialsDescription":"<span style=\"font-weight: bold;\">How Does a Secure Email Gateway Work?</span>\r\nA secure email gateway offers a robust framework of technologies that protect against email-borne threats. It is effectively a firewall for your email, and scans both outbound and inbound email for any malicious content. At a minimum, most secure gateways offer a minimum of four security features: virus and malware blocking, spam filtering, content filtering and email archiving. Let's take a look at these features in more detail:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Virus and Malware Blocking</span></span>\r\nEmails infected with viruses or malware can make up approximately 1% of all email received by an organization. For a secure email gateway to effectively prevent these emails from reaching their intended recipients and delivering their payload, it must scan each email and be constantly kept up-to-date with the latest threat patterns and characteristics.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Spam Filtering</span></span>\r\nBelieve it or not, spam filtering is where the majority of a secure email gateway's processing power is focused. Spam is blocked in a number of different ways. Basic spam filtering usually involves a prefiltering technology that blocks or quarantines any emails received from known spammers. Spam filtering can also detect patterns commonly found in spam emails, such as preferred keywords used by spammers and the inclusion of links that could take the email recipient to a malicious site if clicked. Many email clients also allow users to flag spam messages that arrive in their mailbox and to block senders.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Content Filtering</span></span>\r\nContent filtering is typically applied to an outbound email sent by users within the company. For example, you can configure your secure email gateway to prevent specific sensitive documents from being sent to an external recipient, or put a block on image files or specific keywords within them being sent through the email system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Email Archiving</span></span>\r\nEmail services, whether they are in the cloud or on-premise, need to be managed efficiently. Storage has been a problem for email administrators for many years, and while you may have almost infinite cloud storage available, email archiving can help to manage both user mailboxes and the efficiency of your systems. Compliance is also a major concern for many companies and email archiving is a must if you need to keep emails for a specific period of time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Secure_Email_Gateway_Appliance.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.techvalidate.com/product-research/cisco-email-security/case-studies/57C-583-FB1","title":"Media"}},"comments":[],"referencesCount":0},{"id":611,"title":"Portnox Clear for bank","description":"<span style=\"font-weight: 700; \">The Objective and the Challenge</span>\r\n<span style=\"font-weight: 700; \"><br /></span>\r\n<ul><li>Preserving their customer’s trust by protecting their privacy on the network</li><li>Providing customers required and expected access while maintaining full compliance</li><li>Immediate awareness and control the instant devices attempt to access the network regardless of entry port, access point or VPN.</li><li>Management, visibility and control from HQ for all branches and other bank offices.</li><li>Assurance that customer wireless or other access is limited to specific established and appropriate VLAN(s)</li></ul>\r\n<span style=\"font-weight: 700; \">The Solution:</span>\r\n<span style=\"font-weight: 700; \"><br /></span>\r\nThe Bank selected and deployed Portnox for its ability to deliver constant and real-time control of all devices actively connected to any part of the network from a single centrally deployed location.  In addition, with limited availability of IT staff at remote branch locations, Portnox was able to provide remote branch networks access and use of HQ guest network, quarantine and other VLANs with no local configuration or IT resources.","alias":"portnox-clear-for-bank","roi":0,"seo":{"title":"Portnox Clear for bank","keywords":"","description":"<span style=\"font-weight: 700; \">The Objective and the Challenge</span>\r\n<span style=\"font-weight: 700; \"><br /></span>\r\n<ul><li>Preserving their customer’s trust by protecting their privacy on the network</li><li>Providing customers required and expected acce","og:title":"Portnox Clear for bank","og:description":"<span style=\"font-weight: 700; \">The Objective and the Challenge</span>\r\n<span style=\"font-weight: 700; \"><br /></span>\r\n<ul><li>Preserving their customer’s trust by protecting their privacy on the network</li><li>Providing customers required and expected acce"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":2818,"title":"Portnox","logoURL":"https://roi4cio.com/uploads/roi/company/Portnox.png","alias":"portnox","address":"","roles":[],"description":"Founded in 2007, Portnox is a market leader for network access control and management solutions that scale from small to medium businesses through to large-scale government and enterprise organizations. By spanning the diversity of network technologies and devices in-use today, Portnox platforms allow companies to grow, optimize and evolve their infrastructure while ensuring security and compliance.\r\n\r\nProducts include Portnox NAC, an on premises solution that scales to accommodate an increasing number and variety of devices, locations and environments; Portnox CLEAR, a SaaS cloud platform that delivers continuous, off and on premises risk monitoring of all of enterprise endpoints.\r\n\r\nSource: linkedin","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":2,"vendorImplementationsCount":2,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.portnox.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Portnox","keywords":"Portnox, that, network, devices, premises, enterprise, solution, scales","description":"Founded in 2007, Portnox is a market leader for network access control and management solutions that scale from small to medium businesses through to large-scale government and enterprise organizations. By spanning the diversity of network technologies and dev","og:title":"Portnox","og:description":"Founded in 2007, Portnox is a market leader for network access control and management solutions that scale from small to medium businesses through to large-scale government and enterprise organizations. By spanning the diversity of network technologies and dev","og:image":"https://roi4cio.com/uploads/roi/company/Portnox.png"},"eventUrl":""},"vendors":[{"id":2818,"title":"Portnox","logoURL":"https://roi4cio.com/uploads/roi/company/Portnox.png","alias":"portnox","address":"","roles":[],"description":"Founded in 2007, Portnox is a market leader for network access control and management solutions that scale from small to medium businesses through to large-scale government and enterprise organizations. By spanning the diversity of network technologies and devices in-use today, Portnox platforms allow companies to grow, optimize and evolve their infrastructure while ensuring security and compliance.\r\n\r\nProducts include Portnox NAC, an on premises solution that scales to accommodate an increasing number and variety of devices, locations and environments; Portnox CLEAR, a SaaS cloud platform that delivers continuous, off and on premises risk monitoring of all of enterprise endpoints.\r\n\r\nSource: linkedin","companyTypes":[],"products":{},"vendoredProductsCount":2,"suppliedProductsCount":2,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":2,"vendorImplementationsCount":2,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.portnox.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Portnox","keywords":"Portnox, that, network, devices, premises, enterprise, solution, scales","description":"Founded in 2007, Portnox is a market leader for network access control and management solutions that scale from small to medium businesses through to large-scale government and enterprise organizations. By spanning the diversity of network technologies and dev","og:title":"Portnox","og:description":"Founded in 2007, Portnox is a market leader for network access control and management solutions that scale from small to medium businesses through to large-scale government and enterprise organizations. By spanning the diversity of network technologies and dev","og:image":"https://roi4cio.com/uploads/roi/company/Portnox.png"},"eventUrl":""}],"products":[{"id":1395,"logo":false,"scheme":false,"title":"Portnox CLEAR","vendorVerified":0,"rating":"1.00","implementationsCount":1,"presenterCode":"","suppliersCount":0,"alias":"portnox-clear","companyTypes":[],"description":"With a flexible pay-as-you-go pricing model, CLEAR delivers continuous, off and on premises risk monitoring of all network endpoints across wired, wireless and virtual networks. CLEAR’s goal is to bring accessible and easy to implement Network Access Control and Management (NAC/NAM) capabilities to every enterprise and mid-market organization, no matter their budget or size. The solution provides complete visibility and control into the state of the network and grants access based on a device’s risk profile – generated from information about the device itself, the network connection and the user’s identity. \r\n<span style=\"font-weight: bold;\">FEATURES AND BENEFITS</span>\r\n<ul> <li>Single-pane-of-glass visibility for endpoints in use in all locations and at all times</li> <li>Protects the network from vulnerabilities arising from the mobile workforce, BYOD, IoT</li> <li>Easy to deploy, with a pre-set infrastructure that requires no prior training</li> <li>Cloud-based and fully scalable, requiring absolutely no hardware</li> <li>Flexible subscription-based pay-as-you-go model to fit the needs of the growing enterprise</li> <li>Secure of all access layers–wired, wireless, and virtual</li> <li>Multi-factor authentication over the VPN based on user identity and device risk score</li> <li>Continuous risk monitoring that identifies vulnerable end points and takes automated actions</li> </ul>\r\nSource: https://www.portnox.com/portnox-clear/","shortDescription":"Portnox CLEAR is cloud-based network access control solution that simplifies the management of emerging cyber risks in enterprise.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":19,"sellingCount":13,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Portnox CLEAR","keywords":"","description":"With a flexible pay-as-you-go pricing model, CLEAR delivers continuous, off and on premises risk monitoring of all network endpoints across wired, wireless and virtual networks. CLEAR’s goal is to bring accessible and easy to implement Network Access Control a","og:title":"Portnox CLEAR","og:description":"With a flexible pay-as-you-go pricing model, CLEAR delivers continuous, off and on premises risk monitoring of all network endpoints across wired, wireless and virtual networks. CLEAR’s goal is to bring accessible and easy to implement Network Access Control a"},"eventUrl":"","translationId":1396,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":205,"title":"NAC - Network Access Control","alias":"nac-network-access-control","description":"<span style=\"font-weight: bold; \">Network Access Control (NAC)</span> is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement. NAC solutions have become an extremely valuable tool in recent years, as mobile devices and the Internet of Things (IoT) have surged to prominence in various industries across the world. These new pieces of emerging technology come with their own set of vulnerabilities, which poses a challenge to IT security experts. \r\nNAC systems are put into place to make sure that anyone who enters the system, both in terms of users and devices, is authorized. After being routed the efforts at connection, the network access control system confirms privileges using an identity and access management (IAM, a program that checks users for appropriate permissions to access data materials, as indicated by internal policies). With the information from the IAM, along with a pre-established list of rules, the NAC software is able to smartly accept or deny access requests.\r\nFortunately, NAC products are designed to handle large enterprise networks that have a range of device types trying to connect at all times. Without a NAC in place, companies take on a huge amount of risk by adopting a bring-your-own-device (BYOD) policy, which allows employees and vendors to use their own smartphones and tablets on the local network. Network access control software and hardware require an upfront investment but prove their worth in the long run.","materialsDescription":"<h1 class=\"align-center\"> How a NAC solution works?</h1>\r\nWhen you adopt a network access control solution, the first thing it will do is find all devices currently accessing the system; identify what kind of device they are; and determine whether to validate them and how to treat them using preestablished protocols designed by the company’s security personnel. A network access control system has rules related to a wide spectrum of devices, along with finely grained settings to help you determine permissions. A unified administrative system houses these rules and applies them as needed.\r\nMany companies will utilize NAC as their staff grows and they have an increasing number of devices to manage. These solutions are also helpful for achieving data protection across a variety of different branch locations. The difficulty of securing an organization and managing access has become especially overwhelming in an era when widespread incorporation of IOT devices is becoming more common throughout business; NAC is the fix. The general issue with bring your own device (BYOD), though, is what drew many businesses to this service.\r\n<h1 class=\"align-center\">How to Choose a Network Access Control Solution</h1>\r\nTo help narrow down your search for NAC products, you should first focus on tools that offer native integration with your enterprise’s existing software. You don’t want to have to change your infrastructure or network design in order to bring the NAC solution online. If you are heavily dependent on a cloud architecture, then look for solutions that are fully supported by your hosting provider.\r\nNext, think about what kind of proactive tools come included with the NAC suite. Some vendors offer all-in-one packages that feature a full virus scanning utility and firewall mechanism alongside everything else in the NAC. If your IT security strategy is not very mature, this kind of suite may be very helpful.\r\nOf course, one key factor when looking at NAC options is the price point. Some vendors will sell their products at a flat rate, while others are quickly going the route of Software as a Service (SaaS) subscription, an increasingly-popular business model that requires a monthly payment and ongoing contract. Think about the state of your IT budget while remembering that the upfront investment could save you lots of money down the road.","iconURL":"https://roi4cio.com/fileadmin/user_upload/NAC_-_Network_Access_Control__1_.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":178,"title":"No control over data access"},{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":386,"title":"Risk of lost access to data and IT systems"}]}},"categories":[{"id":205,"title":"NAC - Network Access Control","alias":"nac-network-access-control","description":"<span style=\"font-weight: bold; \">Network Access Control (NAC)</span> is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement. NAC solutions have become an extremely valuable tool in recent years, as mobile devices and the Internet of Things (IoT) have surged to prominence in various industries across the world. These new pieces of emerging technology come with their own set of vulnerabilities, which poses a challenge to IT security experts. \r\nNAC systems are put into place to make sure that anyone who enters the system, both in terms of users and devices, is authorized. After being routed the efforts at connection, the network access control system confirms privileges using an identity and access management (IAM, a program that checks users for appropriate permissions to access data materials, as indicated by internal policies). With the information from the IAM, along with a pre-established list of rules, the NAC software is able to smartly accept or deny access requests.\r\nFortunately, NAC products are designed to handle large enterprise networks that have a range of device types trying to connect at all times. Without a NAC in place, companies take on a huge amount of risk by adopting a bring-your-own-device (BYOD) policy, which allows employees and vendors to use their own smartphones and tablets on the local network. Network access control software and hardware require an upfront investment but prove their worth in the long run.","materialsDescription":"<h1 class=\"align-center\"> How a NAC solution works?</h1>\r\nWhen you adopt a network access control solution, the first thing it will do is find all devices currently accessing the system; identify what kind of device they are; and determine whether to validate them and how to treat them using preestablished protocols designed by the company’s security personnel. A network access control system has rules related to a wide spectrum of devices, along with finely grained settings to help you determine permissions. A unified administrative system houses these rules and applies them as needed.\r\nMany companies will utilize NAC as their staff grows and they have an increasing number of devices to manage. These solutions are also helpful for achieving data protection across a variety of different branch locations. The difficulty of securing an organization and managing access has become especially overwhelming in an era when widespread incorporation of IOT devices is becoming more common throughout business; NAC is the fix. The general issue with bring your own device (BYOD), though, is what drew many businesses to this service.\r\n<h1 class=\"align-center\">How to Choose a Network Access Control Solution</h1>\r\nTo help narrow down your search for NAC products, you should first focus on tools that offer native integration with your enterprise’s existing software. You don’t want to have to change your infrastructure or network design in order to bring the NAC solution online. If you are heavily dependent on a cloud architecture, then look for solutions that are fully supported by your hosting provider.\r\nNext, think about what kind of proactive tools come included with the NAC suite. Some vendors offer all-in-one packages that feature a full virus scanning utility and firewall mechanism alongside everything else in the NAC. If your IT security strategy is not very mature, this kind of suite may be very helpful.\r\nOf course, one key factor when looking at NAC options is the price point. Some vendors will sell their products at a flat rate, while others are quickly going the route of Software as a Service (SaaS) subscription, an increasingly-popular business model that requires a monthly payment and ongoing contract. Think about the state of your IT budget while remembering that the upfront investment could save you lots of money down the road.","iconURL":"https://roi4cio.com/fileadmin/user_upload/NAC_-_Network_Access_Control__1_.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.portnox.com/resources/case-studies/bank-luxembourg/","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":622,"title":"Rapid7 Metasploit for retail chain","description":"The retailer in question uses Rapid7 Nexpose and Rapid7 Metasploit Pro to secure their environment. Like many organizations in this industry, compliance is the primary driver for having a strong vulnerability management program in place: new PCI DSS requirements for penetration testing were what spurred their initial Rapid7 purchase. Up until that point, the security team had reviewed machines manually to see what patches were missing and what other vulnerabilities needed to be remediated. \r\n<blockquote>“We got to a point where doing it manually was out of the question, given the time frame,” Steve, the company’s Information Security Manager, recalls. “Even a team triple our size couldn’t have gotten it done.”</blockquote>\r\nThat’s not to say that Steve considers the organization secure as long as they’re compliant – history has shown that compliant companies can still fall victim to cyberattacks. \r\n<blockquote>“Compliance is certainly a key driver for our vulnerability management program, but just because I can pass a test doesn’t mean I’m secure. We need to take things a step further in order to truly secure the network.”</blockquote>\r\nBoth Nexpose and Metasploit can help complete the PCI-required vulnerability scans and penetration tests, but it was the combination of both Nexpose and Metasploit together that caught Steve’s eye. The two products, working in tandem, provide the capabilities he and his team need to go beyond baseline compliance assessments and get actionable security information – discovering assets and threats, assessing the organization’s security posture, and helping patch or implement mitigating controls. \r\n<blockquote>“You get more bang for your buck with both of them” Steve concurs, “It’s what ultimately made me decide to go with Rapid7.” </blockquote>","alias":"rapid7-metasploit-for-retail-chain","roi":0,"seo":{"title":"Rapid7 Metasploit for retail chain","keywords":"","description":"The retailer in question uses Rapid7 Nexpose and Rapid7 Metasploit Pro to secure their environment. Like many organizations in this industry, compliance is the primary driver for having a strong vulnerability management program in place: new PCI DSS requiremen","og:title":"Rapid7 Metasploit for retail chain","og:description":"The retailer in question uses Rapid7 Nexpose and Rapid7 Metasploit Pro to secure their environment. Like many organizations in this industry, compliance is the primary driver for having a strong vulnerability management program in place: new PCI DSS requiremen"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":210,"title":"Rapid7","logoURL":"https://roi4cio.com/uploads/roi/company/Rapid7Logo.png","alias":"rapid7","address":"Rapid7","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">Rapid7 specializes in developing solutions for vulnerability management and penetration testing, helping to gain a complete understanding of the security of information infrastructure.<br /><br />Rapid7 was founded in 2000. Its founders set themselves the goal of developing the most simple, innovative and comprehensive solutions for assessing the level of cybersecurity of corporate IT infrastructures and searching for vulnerabilities of the entire information ecosystem of the company. The most famous products of the company are Metasploit and NeXpose, they are trusted by thousands<br />users in almost a hundred countries.<br /><br />The cloud-based Rapid7 Insight solution collects data from all of the customer's IT assets, making it easier for security teams to manage vulnerabilities, track malicious behavior, and investigate and stop attacks. Through automation and orchestration, Rapid7 Insight frees up resources for IT security professionals to focus on strategic priorities, confident that most cyber threats are identified and stopped in the background. Accordingly, team members can concentrate their efforts only on the most complex attacks and the most critical areas of defense.</span>","companyTypes":[],"products":{},"vendoredProductsCount":8,"suppliedProductsCount":8,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":4,"vendorPartnersCount":0,"supplierPartnersCount":2,"b4r":0,"categories":{},"companyUrl":"www.rapid7.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Rapid7","keywords":"they, 2016, Rapid7, found, Cybersecurity, Policy, Coalition, product","description":"<span style=\"color: rgb(97, 97, 97); \">Rapid7 specializes in developing solutions for vulnerability management and penetration testing, helping to gain a complete understanding of the security of information infrastructure.<br /><br />Rapid7 was founded in 200","og:title":"Rapid7","og:description":"<span style=\"color: rgb(97, 97, 97); \">Rapid7 specializes in developing solutions for vulnerability management and penetration testing, helping to gain a complete understanding of the security of information infrastructure.<br /><br />Rapid7 was founded in 200","og:image":"https://roi4cio.com/uploads/roi/company/Rapid7Logo.png"},"eventUrl":""},"vendors":[{"id":210,"title":"Rapid7","logoURL":"https://roi4cio.com/uploads/roi/company/Rapid7Logo.png","alias":"rapid7","address":"Rapid7","roles":[],"description":"<span style=\"color: rgb(97, 97, 97); \">Rapid7 specializes in developing solutions for vulnerability management and penetration testing, helping to gain a complete understanding of the security of information infrastructure.<br /><br />Rapid7 was founded in 2000. Its founders set themselves the goal of developing the most simple, innovative and comprehensive solutions for assessing the level of cybersecurity of corporate IT infrastructures and searching for vulnerabilities of the entire information ecosystem of the company. The most famous products of the company are Metasploit and NeXpose, they are trusted by thousands<br />users in almost a hundred countries.<br /><br />The cloud-based Rapid7 Insight solution collects data from all of the customer's IT assets, making it easier for security teams to manage vulnerabilities, track malicious behavior, and investigate and stop attacks. Through automation and orchestration, Rapid7 Insight frees up resources for IT security professionals to focus on strategic priorities, confident that most cyber threats are identified and stopped in the background. Accordingly, team members can concentrate their efforts only on the most complex attacks and the most critical areas of defense.</span>","companyTypes":[],"products":{},"vendoredProductsCount":8,"suppliedProductsCount":8,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":4,"vendorPartnersCount":0,"supplierPartnersCount":2,"b4r":0,"categories":{},"companyUrl":"www.rapid7.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Rapid7","keywords":"they, 2016, Rapid7, found, Cybersecurity, Policy, Coalition, product","description":"<span style=\"color: rgb(97, 97, 97); \">Rapid7 specializes in developing solutions for vulnerability management and penetration testing, helping to gain a complete understanding of the security of information infrastructure.<br /><br />Rapid7 was founded in 200","og:title":"Rapid7","og:description":"<span style=\"color: rgb(97, 97, 97); \">Rapid7 specializes in developing solutions for vulnerability management and penetration testing, helping to gain a complete understanding of the security of information infrastructure.<br /><br />Rapid7 was founded in 200","og:image":"https://roi4cio.com/uploads/roi/company/Rapid7Logo.png"},"eventUrl":""}],"products":[{"id":21,"logo":false,"scheme":false,"title":"Rapid7 Metasploit","vendorVerified":0,"rating":"1.70","implementationsCount":1,"presenterCode":"","suppliersCount":0,"alias":"rapid7-metasploit","companyTypes":[],"description":"<span style=\"font-weight: bold;\">Know Your Weak Points</span>\r\nIt’s vital to find your vulnerabilities before a malicious attacker does.\r\n\r\n<span style=\"font-weight: bold;\">Utilize world's largest exploit database</span>\r\nLeading the Metasploit project gives Rapid7 unique insights into the latest attacker methods and mindset. Rapid7 works with the community to add an average of 1 new exploit per day, currently counting more than 1,300 exploits and more than 2,000 modules.\r\n<span style=\"font-weight: bold;\">Simulate real-world attacks against your defenses</span>\r\nMetasploit evades leading anti-virus solutions 90% of the time and enables you to completely take over a machine you have compromised from over 200 modules. Pivot throughout your network to find out just how far an attacker can get.\r\n<span style=\"font-weight: bold;\">Uncover weak and reused credentials</span>\r\nTest your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit Pro can run brute–force attacks against over 20 account types, including databases, web servers, and remote administration solutions. In addition, it can utilize specialized tools designed to expose credentials' scope and effectively gauge impact of an exposed credential.\r\n<span style=\"font-weight: bold;\">Prioritize What Matters Most</span>\r\nFinding your weak points is only half the battle. As a penetration tester, it is your job to perform a thorough assessment and communicate what needs to be done to reduce the risk of a breach.\r\nPinpoint weak links in the attack chain\r\nAttacks are more sophisticated today; the adversary is using multiple techniques combined to breach your systems faster than ever. With Metasploit Pro, you can simulate attacks like the adversary and easily report the biggest security risks.\r\n<span style=\"font-weight: bold;\">Closed-loop integration with Nexpose for remediation</span>\r\nWhen other departments question the validity of scan results, demonstrate that a vulnerability puts systems and data at risk of compromise. You'll get quick buy–in for remediation measures and build credibility with stakeholders. Metasploit and Nexpose provide the only closed-loop validation solution from a single vendor that simplifies vulnerability prioritization and remediation reporting.\r\n<span style=\"font-weight: bold;\">Drive Better Security Program Development</span>\r\nTime is of the essence. Automation, proactive user education, and advanced reporting will enhance your team’s efficiency, productivity, and success.\r\n<span style=\"font-weight: bold;\">Run penetration projects at scale</span>\r\nConducting an assessment and managing data in networks with over 100 hosts can be challenging. Metasploit Pro scales to support thousands of hosts per project on engagements and multiple penetration testers. Automate penetration testing steps with Task Chains and MetaModules to improve productivity.\r\n<span style=\"font-weight: bold;\">Reduce user risk using phishing campaigns and education</span>\r\nSend and track emails to thousands of users with Metasploit Pro's scalable phishing campaigns. Clone web application login pages with one click to harvest credentials. Measure conversion rates at each step in the phishing campaign funnel. When users take a dangerous action, they can be redirected to a training site on the spot. With InsightUBA, any users who have been phished will also be automatically added to the InsightUBA watch list.\r\n<span style=\"font-weight: bold;\">Complete compliance programs faster</span>\r\nGenerate reports to show your findings and sort them by regulations such as PCI DSS and FISMA. Verify that remediations or compensating controls implemented to protect systems are operational and effective. Create vulnerability exceptions based on hard evidence that easily pass your next audit. Automatically record actions and findings from your network and application–layer assessment to save valuable time otherwise spent on cutting and pasting.","shortDescription":"Metasploit, backed by a community of 200,000 users and contributors, gives you that insight. It's the most impactful penetration testing solution on the planet. With it, uncover weaknesses in your defenses, focus on the highest risks, and improve your security outcomes.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":14,"sellingCount":17,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Rapid7 Metasploit","keywords":"your, Metasploit, with, over, weak, that, penetration, attacker","description":"<span style=\"font-weight: bold;\">Know Your Weak Points</span>\r\nIt’s vital to find your vulnerabilities before a malicious attacker does.\r\n\r\n<span style=\"font-weight: bold;\">Utilize world's largest exploit database</span>\r\nLeading the Metasploit project gives R","og:title":"Rapid7 Metasploit","og:description":"<span style=\"font-weight: bold;\">Know Your Weak Points</span>\r\nIt’s vital to find your vulnerabilities before a malicious attacker does.\r\n\r\n<span style=\"font-weight: bold;\">Utilize world's largest exploit database</span>\r\nLeading the Metasploit project gives R"},"eventUrl":"","translationId":22,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":445,"title":"Penetration Testing","alias":"penetration-testing","description":" A <span style=\"font-weight: bold; \">penetration test</span>, colloquially known as a pen test, <span style=\"font-weight: bold; \">pentest </span>or <span style=\"font-weight: bold; \">ethical hacking</span>, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.\r\nStandard penetration test is performed to identify both weaknesses (also referred to as <span style=\"font-weight: bold; \">vulnerabilities</span>), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed. \r\nThe main objective of system penetration testing is to identify security weaknesses. Vulnerability testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.\r\nTypically,<span style=\"font-size:11pt; font-family:Arial; font-style:normal; \">professional penetration testing</span>provides information about security weaknesses that are identified or exploited through pen testing is aggregated and provided to the organization's IT and network system managers, enabling them to make strategic decisions and prioritize remediation efforts. \r\nA wide variety of <span style=\"font-weight: bold; \">software security testing tools </span>are available to assist with penetration testing, including free-of-charge, free software, and commercial software. Penetration tools scan code in order to identity malicious code in applications that could result in a security breach. Pen testing tools examine data encryption techniques and can identify hard-coded values, such as usernames and passwords, to verify security vulnerabilities in the system.\r\n Important aspect of any penetration testing program is defining the scope within which the pen testers must operate. Usually, the scope defines what systems, locations, techniques and tools can be used in a penetration test. Limiting the scope of the penetration test helps focus team members - and defenders - on the systems over which the organization has control.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Here are several of the main vulnerability penetration testing approaches:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Targeted testing</span> is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights turned on" approach because everyone can see the test being carried out.</li><li><span style=\"font-weight: bold;\">External testing</span> targets a company's externally visible servers or devices including domain name servers, email servers, web servers or firewalls. The<span style=\"font-size:11pt; font-family:Arial; font-style:normal; \">objective of penetration testing</span>is to find out if an outside attacker can get in and how far they can get in once they've gained access.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Internal testing</span> mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Blind testing simulates</span> the actions and procedures of a real attacker by severely limiting the information given to the person or team performing the test beforehand. Typically, the pen testers may only be given the name of the company.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Double-blind testing</span> takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Black box</span> testing is basically the same as blind testing, but the tester receives no information before the test takes place. Rather, the pen testers must find their own way into the system.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">White box</span> testing provides the penetration testers information about the target network before they start their work. This information can include such details as IP addresses, network infrastructure schematics and the protocols used plus the source code.</li></ul>","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal;\">What Is Penetration Testing?</span></h1>\r\nThere is a considerable amount of confusion in the industry regarding the differences between vulnerability assessment and penetration testing tool,as the two phrases are commonly interchanged. However, their meaning and implications are very different. A <span style=\"font-weight: bold; \">vulnerability assessment </span>simply identifies and reports noted vulnerabilities, whereas a pentest attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.<span style=\"font-weight: bold; \"> Penetration testing</span> typically includes network penetration testing and web application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is a pentesting tool ?</span></h1>\r\n<p class=\"align-left\">Penetration tools are used as part testing to automate certain tasks, improve testing efficiency and discover issues that might be difficult to find using manual analysis techniques alone. Two common penetration testing tools are <span style=\"font-weight: bold; \">static analysis </span>tools and <span style=\"font-weight: bold; \">dynamic analysis</span> tools. Tools for attack include software designed to produce <span style=\"font-weight: bold; \">brute-force attacks</span> or <span style=\"font-weight: bold; \">SQL injections</span>. There is also hardware specifically designed for pen testing, such as small inconspicuous boxes that can be plugged into a computer on the network to provide the hacker with remote access to that network. In addition, an ethical hacker may use social engineering techniques to find vulnerabilities. For example, sending phishing emails to company employees, or even disguising themselves as delivery people to gain physical access to the building.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the benefits of penetration testing?</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Manage the Risk Properly. </span>For many organizations, one of the most popular benefits of pen testing services is that they will give you a baseline to work upon to cure the risk in a structured and optimal way. It will show you the list of vulnerabilities in the target environment and the risks associated with it.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Increase Business Continuity.</span> Business continuity is the prime concern for any successful organization. A break in the business continuity can happen for many reasons. Lack of security loopholes is one of them. Insecure systems suffer more breaches in their availability than the secured ones. Today attackers are hired by other organizations to stop the continuity of business by exploiting the vulnerabilities to gain the access and to produce a denial of service condition which usually crashes the vulnerable service and breaks the server availability.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Protect Clients, Partners, and Third Parties.</span> A security breach can affect not only the target organization but also their associated clients, partners and third parties working with it. However, if company schedules a penetration test regularly and takes necessary actions towards security, it will help professionals build trust and confidence in the organization.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Helps to Evaluate Security Investment. </span> The pen test results will give us an independent view of the effectiveness of existing security processes, ensuring that configuration management practices have been followed correctly. This is an ideal opportunity to review the efficiency of the current security investment. What needs to be improved and what is working and what is not working and how much investment needed to build the more secure environment in the organization.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Help Protect Public Relationships and Guard the reputation of your company.</span>A good public relationship and company reputation are built up after taking many years struggle and hard work and with a huge amount of investment. This can be suddenly changed due to a single security breach.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Protection from Financial Damage.</span> A simple breach of the security system may cause millions of dollars of damage. Penetration testing can protect your organization from such damages.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Helps to tests cyber-defense capability.</span> During a penetration test, the target company’s security team should be able to detect multiple attacks and respond accordingly on time. Furthermore, if an intrusion is detected, the security and forensic teams should start investigations, and the penetration testers should be blocked and their tools removed. The effectiveness of your protection devices like IDS, IPS or WAF can also be tested during a penetration test.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Client-side Attacks. </span>Pen tests are an effective way of ensuring that successful highly targeted client-side attacks against key members of your staff. Security should be treated with a holistic approach. Companies only assessing the security of their servers run the risk of being targeted with client-side attacks exploiting vulnerabilities in software like web browsers, pdf readers, etc. It is important to ensure that the patch management processes are working properly updating the operating system and third-party applications.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Penetration_Testing.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":25,"logo":false,"scheme":false,"title":"Rapid7 Nexpose","vendorVerified":0,"rating":"1.70","implementationsCount":6,"presenterCode":"","suppliersCount":0,"alias":"rapid7-nexpose","companyTypes":[],"description":"Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Nexpose gives you the confidence you need to understand your attack surface, focus on what matters, and create better security outcomes.\r\nYou can’t reduce risk if you can’t find, validate, and contextualize it. Nexpose dynamically discovers your complete attack surface and finds vulnerabilities you are missing today. Understand your threat exposure by determining if your vulnerabilities can be exploited and if your compensating controls are deployed successfully. Contextualize the risks to get a true picture of them as they align to your modern digital business.","shortDescription":"Rapid7’s on-premise vulnerability management solution, Nexpose, helps you reduce your threat exposure by enabling you to assess and respond to changes in your environment real time","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":9,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Rapid7 Nexpose","keywords":"","description":"Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Nexpose gives you the confidence you need to un","og:title":"Rapid7 Nexpose","og:description":"Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Nexpose gives you the confidence you need to un"},"eventUrl":"","translationId":3109,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":25,"logo":false,"scheme":false,"title":"Rapid7 Nexpose","vendorVerified":0,"rating":"1.70","implementationsCount":6,"presenterCode":"","suppliersCount":0,"alias":"rapid7-nexpose","companyTypes":[],"description":"Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Nexpose gives you the confidence you need to understand your attack surface, focus on what matters, and create better security outcomes.\r\nYou can’t reduce risk if you can’t find, validate, and contextualize it. Nexpose dynamically discovers your complete attack surface and finds vulnerabilities you are missing today. Understand your threat exposure by determining if your vulnerabilities can be exploited and if your compensating controls are deployed successfully. Contextualize the risks to get a true picture of them as they align to your modern digital business.","shortDescription":"Rapid7’s on-premise vulnerability management solution, Nexpose, helps you reduce your threat exposure by enabling you to assess and respond to changes in your environment real time","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":9,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Rapid7 Nexpose","keywords":"","description":"Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Nexpose gives you the confidence you need to un","og:title":"Rapid7 Nexpose","og:description":"Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Nexpose gives you the confidence you need to un"},"eventUrl":"","translationId":3109,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":10,"title":"Ensure Compliance"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":393,"title":"Complex and non-transparent business processes"},{"id":394,"title":"Shortage of information for decision making"}]}},"categories":[{"id":445,"title":"Penetration Testing","alias":"penetration-testing","description":" A <span style=\"font-weight: bold; \">penetration test</span>, colloquially known as a pen test, <span style=\"font-weight: bold; \">pentest </span>or <span style=\"font-weight: bold; \">ethical hacking</span>, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.\r\nStandard penetration test is performed to identify both weaknesses (also referred to as <span style=\"font-weight: bold; \">vulnerabilities</span>), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed. \r\nThe main objective of system penetration testing is to identify security weaknesses. Vulnerability testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.\r\nTypically,<span style=\"font-size:11pt; font-family:Arial; font-style:normal; \">professional penetration testing</span>provides information about security weaknesses that are identified or exploited through pen testing is aggregated and provided to the organization's IT and network system managers, enabling them to make strategic decisions and prioritize remediation efforts. \r\nA wide variety of <span style=\"font-weight: bold; \">software security testing tools </span>are available to assist with penetration testing, including free-of-charge, free software, and commercial software. Penetration tools scan code in order to identity malicious code in applications that could result in a security breach. Pen testing tools examine data encryption techniques and can identify hard-coded values, such as usernames and passwords, to verify security vulnerabilities in the system.\r\n Important aspect of any penetration testing program is defining the scope within which the pen testers must operate. Usually, the scope defines what systems, locations, techniques and tools can be used in a penetration test. Limiting the scope of the penetration test helps focus team members - and defenders - on the systems over which the organization has control.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Here are several of the main vulnerability penetration testing approaches:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Targeted testing</span> is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights turned on" approach because everyone can see the test being carried out.</li><li><span style=\"font-weight: bold;\">External testing</span> targets a company's externally visible servers or devices including domain name servers, email servers, web servers or firewalls. The<span style=\"font-size:11pt; font-family:Arial; font-style:normal; \">objective of penetration testing</span>is to find out if an outside attacker can get in and how far they can get in once they've gained access.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Internal testing</span> mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Blind testing simulates</span> the actions and procedures of a real attacker by severely limiting the information given to the person or team performing the test beforehand. Typically, the pen testers may only be given the name of the company.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Double-blind testing</span> takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Black box</span> testing is basically the same as blind testing, but the tester receives no information before the test takes place. Rather, the pen testers must find their own way into the system.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">White box</span> testing provides the penetration testers information about the target network before they start their work. This information can include such details as IP addresses, network infrastructure schematics and the protocols used plus the source code.</li></ul>","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal;\">What Is Penetration Testing?</span></h1>\r\nThere is a considerable amount of confusion in the industry regarding the differences between vulnerability assessment and penetration testing tool,as the two phrases are commonly interchanged. However, their meaning and implications are very different. A <span style=\"font-weight: bold; \">vulnerability assessment </span>simply identifies and reports noted vulnerabilities, whereas a pentest attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.<span style=\"font-weight: bold; \"> Penetration testing</span> typically includes network penetration testing and web application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is a pentesting tool ?</span></h1>\r\n<p class=\"align-left\">Penetration tools are used as part testing to automate certain tasks, improve testing efficiency and discover issues that might be difficult to find using manual analysis techniques alone. Two common penetration testing tools are <span style=\"font-weight: bold; \">static analysis </span>tools and <span style=\"font-weight: bold; \">dynamic analysis</span> tools. Tools for attack include software designed to produce <span style=\"font-weight: bold; \">brute-force attacks</span> or <span style=\"font-weight: bold; \">SQL injections</span>. There is also hardware specifically designed for pen testing, such as small inconspicuous boxes that can be plugged into a computer on the network to provide the hacker with remote access to that network. In addition, an ethical hacker may use social engineering techniques to find vulnerabilities. For example, sending phishing emails to company employees, or even disguising themselves as delivery people to gain physical access to the building.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the benefits of penetration testing?</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Manage the Risk Properly. </span>For many organizations, one of the most popular benefits of pen testing services is that they will give you a baseline to work upon to cure the risk in a structured and optimal way. It will show you the list of vulnerabilities in the target environment and the risks associated with it.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Increase Business Continuity.</span> Business continuity is the prime concern for any successful organization. A break in the business continuity can happen for many reasons. Lack of security loopholes is one of them. Insecure systems suffer more breaches in their availability than the secured ones. Today attackers are hired by other organizations to stop the continuity of business by exploiting the vulnerabilities to gain the access and to produce a denial of service condition which usually crashes the vulnerable service and breaks the server availability.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Protect Clients, Partners, and Third Parties.</span> A security breach can affect not only the target organization but also their associated clients, partners and third parties working with it. However, if company schedules a penetration test regularly and takes necessary actions towards security, it will help professionals build trust and confidence in the organization.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Helps to Evaluate Security Investment. </span> The pen test results will give us an independent view of the effectiveness of existing security processes, ensuring that configuration management practices have been followed correctly. This is an ideal opportunity to review the efficiency of the current security investment. What needs to be improved and what is working and what is not working and how much investment needed to build the more secure environment in the organization.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Help Protect Public Relationships and Guard the reputation of your company.</span>A good public relationship and company reputation are built up after taking many years struggle and hard work and with a huge amount of investment. This can be suddenly changed due to a single security breach.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Protection from Financial Damage.</span> A simple breach of the security system may cause millions of dollars of damage. Penetration testing can protect your organization from such damages.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Helps to tests cyber-defense capability.</span> During a penetration test, the target company’s security team should be able to detect multiple attacks and respond accordingly on time. Furthermore, if an intrusion is detected, the security and forensic teams should start investigations, and the penetration testers should be blocked and their tools removed. The effectiveness of your protection devices like IDS, IPS or WAF can also be tested during a penetration test.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Client-side Attacks. </span>Pen tests are an effective way of ensuring that successful highly targeted client-side attacks against key members of your staff. Security should be treated with a holistic approach. Companies only assessing the security of their servers run the risk of being targeted with client-side attacks exploiting vulnerabilities in software like web browsers, pdf readers, etc. It is important to ensure that the patch management processes are working properly updating the operating system and third-party applications.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Penetration_Testing.png"},{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"https://www.rapid7.com/globalassets/_pdfs/customer-stories/customer-story-retail-081715.pdf/","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":629,"title":"Agiliway custom software development for GPS tracking system","description":"<span style=\"font-weight: bold;\">The project’s goal</span> was to enhance the GPS tracking system, which is at the core of client’s business. Having analyzed the functionality and technical characteristics of the system, ourexperts noted a number of drawbacks, which had to be addressed:\r\n<ul><li>the used architecture was outdated</li><li>the system’s performance was poor</li><li>the system had no mobile version and, thus, could not be used from a mobile phone,which has long become a common customer demand</li><li>the features were limited and did not allow the company to expand the range of servicesto meet potential needs of its clients</li><li>customers with many cars following complex overlapping routes faced considerableperformance and visual issues</li><li>the user interface was far from intuitive</li><li>the system did not allow any access rights management</li><li>there were no automatic system alerts when the received data differed from the setconditions, so that management of transportation presupposed constant monitoring andknowledge of all route details</li></ul>\r\n<span style=\"font-weight: bold;\">The solutions</span> provided by Agiliway helped the company to establish on the market as a <span style=\"font-weight: bold;\">reliable partner</span> leveraging the latest technology to provide superior service to its customers. The company <span style=\"font-weight: bold;\">grew the number of its partners</span> and <span style=\"font-weight: bold;\">receives particularly positive feedback</span> on the performance and functionality of the GPS tracking system.\r\nBeing particularly satisfied with the provided solutions, the company has decided to work with Agiliway on further iterations of the product. In particular, it has been agreed to rewrite the system using React that will improve the performance of the GPS tracking system under the conditions of high loads of information coming from thousands of vehicles worldwide.","alias":"agiliway-custom-software-development-for-gps-tracking-system","roi":0,"seo":{"title":"Agiliway custom software development for GPS tracking system","keywords":"","description":"<span style=\"font-weight: bold;\">The project’s goal</span> was to enhance the GPS tracking system, which is at the core of client’s business. Having analyzed the functionality and technical characteristics of the system, ourexperts noted a number of drawbacks,","og:title":"Agiliway custom software development for GPS tracking system","og:description":"<span style=\"font-weight: bold;\">The project’s goal</span> was to enhance the GPS tracking system, which is at the core of client’s business. Having analyzed the functionality and technical characteristics of the system, ourexperts noted a number of drawbacks,"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":2957,"title":"AgiliWay","logoURL":"https://roi4cio.com/uploads/roi/company/linkedin-logo_1.png","alias":"agiliway","address":"","roles":[],"description":"Agiliway is a software development outsourcing and consulting company. We are headquartered in Austin, Texas, with the main software development and consulting center located in Western Ukraine.\r\nAgiliway is not an ordinary IT outsourcing company. Agiliway is founded by a group of IT experts who have been working in IT outsourcing industry around 20 year in USA and Ukraine. While working with multiple clients and hundreds of projects we have learnt a lot  about customers’ needs, expectations and challenges. And we wanted to help them work more effectively by providing flexible yet high quality service which would leverage IT potential of Ukraine, assure skills and quality of big IT outsourcing players but would be devoid of their flawed and expensive inner processes. That is why Agiliway was born.\r\n OUR CULTURE AND PROCESSES ARE BASED ON <span style=\"font-weight: bold;\">THE FOLLOWING MAIN PRINCIPLES</span>:\r\n<span style=\"font-weight: bold;\">FLEXIBILITY</span>\r\n– it is what the company is about. In the modern world the lack of quick response to market needs may cost you a business. All our focus is to make software outsourcing more responsive and flexible – that is in our processes, in our skills, in our experiences, in our client- and goals-oriented philosophy which we cultivate among our engineers\r\n<span style=\"font-weight: bold;\">CLIENT FOCUS</span>\r\n– the company culture is to understand client’s business needs and build the best solution to achieve them, not just provide custom software development by request. This is what our specialists learn and how they behave – keep permanent contact, think about the final goal, look ahead for potential options and opportunities\r\n<span style=\"font-weight: bold;\">INNOVATION</span>\r\n– our philosophy envisages constant search for the best solutions for our clients. We, inside Agiliway, encourage each individual to think wider, advance in technologies as well as follow regular improvements of our software development and consulting processes and outsourcing approaches\r\n<span style=\"font-weight: bold;\">TEAM</span>\r\n– skilled and motivated team is essential for success of the software development project. It becomes even more critical for offshore outsourcing with the engineering team located in Ukraine and lacking regular face-to-face communication with our clients. We know this. We understand that our engineers and partners, together with  clients, are our biggest value. We pay close attention to every person to assure their permanent development and work satisfaction","companyTypes":[],"products":{},"vendoredProductsCount":5,"suppliedProductsCount":5,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":0,"vendorPartnersCount":1,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://agiliway.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"AgiliWay","keywords":"Group, AgiliWay","description":"Agiliway is a software development outsourcing and consulting company. We are headquartered in Austin, Texas, with the main software development and consulting center located in Western Ukraine.\r\nAgiliway is not an ordinary IT outsourcing company. Agiliway is ","og:title":"AgiliWay","og:description":"Agiliway is a software development outsourcing and consulting company. We are headquartered in Austin, Texas, with the main software development and consulting center located in Western Ukraine.\r\nAgiliway is not an ordinary IT outsourcing company. Agiliway is ","og:image":"https://roi4cio.com/uploads/roi/company/linkedin-logo_1.png"},"eventUrl":""},"vendors":[{"id":2957,"title":"AgiliWay","logoURL":"https://roi4cio.com/uploads/roi/company/linkedin-logo_1.png","alias":"agiliway","address":"","roles":[],"description":"Agiliway is a software development outsourcing and consulting company. We are headquartered in Austin, Texas, with the main software development and consulting center located in Western Ukraine.\r\nAgiliway is not an ordinary IT outsourcing company. Agiliway is founded by a group of IT experts who have been working in IT outsourcing industry around 20 year in USA and Ukraine. While working with multiple clients and hundreds of projects we have learnt a lot  about customers’ needs, expectations and challenges. And we wanted to help them work more effectively by providing flexible yet high quality service which would leverage IT potential of Ukraine, assure skills and quality of big IT outsourcing players but would be devoid of their flawed and expensive inner processes. That is why Agiliway was born.\r\n OUR CULTURE AND PROCESSES ARE BASED ON <span style=\"font-weight: bold;\">THE FOLLOWING MAIN PRINCIPLES</span>:\r\n<span style=\"font-weight: bold;\">FLEXIBILITY</span>\r\n– it is what the company is about. In the modern world the lack of quick response to market needs may cost you a business. All our focus is to make software outsourcing more responsive and flexible – that is in our processes, in our skills, in our experiences, in our client- and goals-oriented philosophy which we cultivate among our engineers\r\n<span style=\"font-weight: bold;\">CLIENT FOCUS</span>\r\n– the company culture is to understand client’s business needs and build the best solution to achieve them, not just provide custom software development by request. This is what our specialists learn and how they behave – keep permanent contact, think about the final goal, look ahead for potential options and opportunities\r\n<span style=\"font-weight: bold;\">INNOVATION</span>\r\n– our philosophy envisages constant search for the best solutions for our clients. We, inside Agiliway, encourage each individual to think wider, advance in technologies as well as follow regular improvements of our software development and consulting processes and outsourcing approaches\r\n<span style=\"font-weight: bold;\">TEAM</span>\r\n– skilled and motivated team is essential for success of the software development project. It becomes even more critical for offshore outsourcing with the engineering team located in Ukraine and lacking regular face-to-face communication with our clients. We know this. We understand that our engineers and partners, together with  clients, are our biggest value. We pay close attention to every person to assure their permanent development and work satisfaction","companyTypes":[],"products":{},"vendoredProductsCount":5,"suppliedProductsCount":5,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":0,"vendorPartnersCount":1,"supplierPartnersCount":1,"b4r":0,"categories":{},"companyUrl":"https://agiliway.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"seo":{"title":"AgiliWay","keywords":"Group, AgiliWay","description":"Agiliway is a software development outsourcing and consulting company. We are headquartered in Austin, Texas, with the main software development and consulting center located in Western Ukraine.\r\nAgiliway is not an ordinary IT outsourcing company. Agiliway is ","og:title":"AgiliWay","og:description":"Agiliway is a software development outsourcing and consulting company. We are headquartered in Austin, Texas, with the main software development and consulting center located in Western Ukraine.\r\nAgiliway is not an ordinary IT outsourcing company. Agiliway is ","og:image":"https://roi4cio.com/uploads/roi/company/linkedin-logo_1.png"},"eventUrl":""}],"products":[{"id":1412,"logo":false,"scheme":false,"title":"AgiliWay Custom Software development","vendorVerified":1,"rating":"3.50","implementationsCount":3,"presenterCode":"","suppliersCount":0,"alias":"agiliway-custom-software-development","companyTypes":[],"description":"<ul>\r\n<li>Business requirements gathering and analysis</li>\r\n<li>Solution architecture design</li>\r\n<li>Development</li>\r\n<li>Quality control strategy planning and solution testing</li>\r\n<li>Solution deployment</li>\r\n<li>End-users education and migration support from old systems</li>\r\n<li>Post-implementation maintenance and user support</li>\r\n</ul>\r\n<p>Products(services)</p>\r\n<ul>\r\n<li>Custom Software development </li>\r\n<li>Outsourcing Consulting</li>\r\n<li>Web Dev</li>\r\n<li>Mobile Dev</li>\r\n<li>BigData</li>\r\n<li>QC</li>\r\n<li>BPO</li>\r\n<li>CiviCRM implementation</li>\r\n<li>Odoo Implementation</li>\r\n<li>E-commerce</li>\r\n</ul>\r\n<p> </p>","shortDescription":"Closed-cycle custom software development services starting from client needs collection and analysis, architecture design, solution development, quality control, deployment and maintenance","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":7,"sellingCount":5,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"AgiliWay Custom Software development","keywords":"support, Solution, Development, education, deployment, End-users, from, migration","description":"<ul>\r\n<li>Business requirements gathering and analysis</li>\r\n<li>Solution architecture design</li>\r\n<li>Development</li>\r\n<li>Quality control strategy planning and solution testing</li>\r\n<li>Solution deployment</li>\r\n<li>End-users education and migration suppo","og:title":"AgiliWay Custom Software development","og:description":"<ul>\r\n<li>Business requirements gathering and analysis</li>\r\n<li>Solution architecture design</li>\r\n<li>Development</li>\r\n<li>Quality control strategy planning and solution testing</li>\r\n<li>Solution deployment</li>\r\n<li>End-users education and migration suppo"},"eventUrl":"","translationId":1310,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":538,"title":"Services","alias":"services","description":" Service - any activity or work that one party can offer the other, characterized by the absence of the proposed material tangibility of such activities and not expressed in possession of something.\r\nA service from the point of view of marketing is a sale object in the form of an artist’s action, bringing benefits to the consumer or a useful result. In the process of providing services, a new, previously non-existent material product is not created, but the quality of an existing, created product changes. These are goods provided not in the form of commodities or exchange, but in the form of activities. The very provision of services creates the desired result for the consumer.\r\nServices have four main characteristics that significantly affect the development of marketing programs:\r\n<ul><li>intangibility - it is impossible to demonstrate, see, try, transport, store, pack or study. All this is possible only in relation to the final result (it was - it became);</li><li>inseparability - a service can be provided only when an order arrives or a client appears, i.e. services are provided and consumed simultaneously;</li><li>variability (non-standardization) - customers are direct participants in the service process and affect its final result;</li><li>impossibility of storage - unlike tangible goods, they cannot be made for future use.</li></ul>","materialsDescription":"<span style=\"font-weight: bold;\">What are the types of services?</span>\r\nThe provision (provision) of services may include, for example, the following:\r\n<ul><li>activities carried out on material products supplied by the consumer (for example, repair of a faulty car);</li><li>activities carried out on intangible products supplied by the consumer (for example, preparing a statement of income required to determine the amount of tax);</li><li>the provision of intangible products (for example, information in the sense of knowledge transfer);</li><li>creating favorable conditions for consumers (for example, in hotels and restaurants).</li></ul>\r\nThe services provided to the population, by appointment, are divided into material and socio-cultural:\r\n<ul><li>Material service - a service to satisfy the material and domestic needs of a consumer of services. It provides restoration (change, preservation) of consumer properties of products or the manufacture of new products by orders of citizens, as well as the movement of goods and people, the creation of conditions for consumption. In particular, material services may include household services related to the repair and manufacture of products, housing and communal services, catering services, transportation services, etc.</li><li>Socio-cultural service (intangible service) - a service to satisfy spiritual, intellectual needs and the maintenance of normal consumer life. Provides maintenance and restoration of health, spiritual and physical development of the individual, increasing professional skills. Social and cultural services cannot include medical care and compulsory educational process.</li></ul>\r\nServices can be: private or commercial, voluntary or forced, paid or free, instant or long-term, mutual and anonymous, public, etc.\r\nThe generalizing category, which includes all types of commercial and non-commercial services and is part of the economy, is the service sector.\r\n<span style=\"font-weight: bold;\">Service Examples</span>\r\nRealtor services - services of a realtor, real estate agent, aimed at satisfying the needs of the client when performing operations to manage real estate, as well as creating additional benefits for the client when carrying out operations with real estate (additional income or an additional increase in the value of real estate both in the short and long term), the receipt of which would be impossible without the participation of a realtor (real estate agent) and the use of special professional tools and skills. At the same time, the effectiveness of the realtor (real estate agent) is estimated by the value of the benefit received by the client, and his remuneration is only part of it.\r\nLegal services - the services of a lawyer and attorney in many cases are vital, therefore, the choice of performers for their provision should be with particular seriousness and responsibility. The main areas of lawyer and advocate services:\r\n<ul><li>Comprehensive legal services for organizations of various forms of ownership;</li><li>Arbitration - representing the interests of organizations in arbitration courts;</li><li>Representation of interests of companies in courts of various instances;</li><li>Professional legal support of transactions and contracts of organizations;</li><li>Services to legal entities related to bankruptcy of enterprises;</li><li>Services of professional lawyers in returning and collecting debts;</li><li>Representation of interests of organizations in the event of tax disputes;</li><li>Processes related to registration of the inheritance;</li><li>Services of a professional lawyer in the event of a traffic accident (Legal assistance in road accidents);</li><li>Services of a lawyer and advocate in the event of housing disputes;</li><li>Family lawyer services;</li><li>Providing the services of a lawyer and criminal lawyer;</li><li>Ensuring consumer protection.</li></ul>\r\nAccounting services are necessary for both newly opened companies and existing structures that need to establish an accounting service or monitor the work of a full-time accountant. Accounting services are also relevant in the case of business expansion, as new employees appear in the company, salaries are revised, and associated costs arise. Professional accounting services are the foundation of successful business activities, ensuring the prosperity of the business due to the precise control of all financial resources of the company.\r\nPsychological assistance services.\r\nIT-services (IT-services, IT-services; including IT-consulting) - services related to assisting in the development of computer literacy of users, training them in new software products. The list of services also includes services for installation, updating and maintenance of software products and computer equipment.\r\nInformation Services.\r\nand etc.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Services.png"},{"id":729,"title":"IT Project Deployment Services","alias":"it-project-deployment-services","description":" Companies invest in projects for the implementation of IT systems that are consistent with the organization's values, with the goal of realizing a business vision, stable support for operational activities, and gaining competitive advantages. In this regard, technological projects are becoming increasingly large-scale, affecting more departments of the organization, and pose a risk to the company if the operation of information systems is disrupted.\r\nThe introduction of new IT requires the project team to carry out at least two principal stages:\r\n<ul><li>pre-project analysis of the enterprise, when, with the help of specialists in the proposed IP and specialists of the enterprise, compliance and discrepancies between the system and its future use is revealed. As a result of the survey, ways to eliminate inconsistencies are determined based on the initial assessment of the required resources and time. The survey is conducted using questions and answers, to some extent formalized, and special software tools that allow you to describe the processes of the system and the enterprise and compare them visually. No changes take place at the enterprise unless individual employees are distracted from their direct duties, which is both a virtue and a disadvantage of this approach;</li><li>trial implementation carried out on the most characteristic site of work. Based on this test work, a general assessment of future implementation is determined and a fundamental decision is made on the use of IP.</li></ul>\r\nThere is a lot of confusion and substitution of the concept of “project team” with the idea of it as a “group”, “pack”, “family”, etc. There are several understandings that there is a modern “project team/group” and “integrated project team”, however, the fundamental characteristic of the team is that it does not exist outside the project. A team with all its human strengths and weaknesses is a necessary and inseparable element of any project. It is a developing element of the technology of the project and affects the project itself.\r\nThe project itself is not “done” - it is made by people, and where people are affected by the influence of biology, instincts, gender parameters, “conscious” and “unconscious”, etc. If people are in the organizational “system” (family, flock, group, team, etc.), systemic effects arise that should be foreseen in the formation of a set of people due to the competent selection, placement and development of the team in the right direction. This is not just an ordinary organizational question, but a question of the depth of understanding of the essence of the project, its management and the skill of the leader.","materialsDescription":" <span style=\"font-weight: bold;\">What is an IT project?</span>\r\nAn IT project is a project that includes work related to information technology.\r\n<span style=\"font-weight: bold;\">What is information technology?</span>\r\nInformation technology is a technology aimed at the creation, development and support of information systems.\r\n<span style=\"font-weight: bold;\">What are the main ideas underlying the project team model of an IT project?</span>\r\n<ul><li>interdependent and interrelated roles in a small group;</li><li>determination of the role, special mission and area of responsibility for each member of the project team;</li><li>distributed project management and responsibility;</li><li>each is focused on the success of the project and is set to work throughout the project cycle;</li><li>communication between project team members is a key success factor;</li><li>users and training staff are included in the project team;</li><li>parallel engineering - parallel work of all team members on a project.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_IT_Project_Deployment_Services.png"},{"id":743,"title":"IT System documentation writing","alias":"it-system-documentation-writing","description":" Without the development of technical documentation, it is impossible to create any complex technical solution. High-quality documentation, that is, informative, complete and understandable, is the key to the success of products at all stages of its life cycle. Properly written documentation is the basis of the functionality and effectiveness of information systems. It is with its use that the processes of creating databases, developing software, selecting and configuring network and server software are carried out.\r\nMany organizations at the initial stages of creating and implementing technical solutions do not pay enough attention to this factor, which often prevents the entry of a new product to the market.\r\nWriting documentation requires the contractor to have specific knowledge and skills, certain experience and considerable labor costs.\r\nThe main task of the working documentation is to give a complete picture of how the system is structured, what it consists of and how it functions.\r\nThere is no single standard for the development of this type of documentation. In most cases, its structure is selected for a specific situation. But you can take any algorithm that has already proven its effectiveness as the basis.","materialsDescription":"<span style=\"font-weight: bold; \">What is software documentation?</span>\r\nSoftware documentation - printed user manuals, online (online) documentation and help text describing how to use the software product.\r\n<span style=\"font-weight: bold; \">What is process documentation?</span>\r\nA process document outlines the steps necessary to complete a task or process. It is internal, ongoing documentation of the process while it is occurring—documentation cares more about the “how” of implementation than the “what” of process impact.\r\n<span style=\"font-weight: bold;\">What should be in the working documentation?</span>\r\nFirst of all, technical descriptions of implemented solutions. These are IT infrastructure diagrams, configuration descriptions, etc.\r\n<span style=\"font-weight: bold;\">What does well-written working documentation give?</span>\r\n<ul><li>systematizes data on IT infrastructure;</li><li>helps to understand the system architecture and functioning of connected services;</li><li>facilitates management decisions (for example, shows which service can be removed or replaced and how it will be displayed on the whole system);</li><li>makes it possible to comprehensively evaluate the selected IT structure and, also, timely notice the mistakes made or holes in the architecture.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the key benefits of writing technical documentation?</span>\r\nThe development of documentation will allow you to:\r\n<ul><li>increase user satisfaction</li><li>reduce the load on the system administrator;</li><li>reduce system support costs.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_IT_System_documentation_writing.png"},{"id":741,"title":"Proof of Concept","alias":"proof-of-concept","description":"Proof of concept (PoC) is a realization of a certain method or idea in order to demonstrate its feasibility, or a demonstration in principle with the aim of verifying that some concept or theory has practical potential. A proof of concept is usually small and may or may not be complete.\r\nProof of concept (POC) is used to test the idea of a certain technical feature or the general design of a product and prove that it is possible to apply those ideas.\r\nIt could be used to test something on just one part of the product before it is tried in practice with making a prototype.\r\nYou can think of this as a pre-prototype version of the product, but it is not even that since POC shouldn’t have all the features as the final product, not even as the prototype.\r\nThe main goal of POC is to prove that it is actually possible to develop that idea and include it as part of the final product.","materialsDescription":" <span style=\"font-weight: bold;\">What is a proof of concept?</span>\r\nProof of concept is the testing of the finished product based on the idea. Thus, this stage is the first phase in the design of the application. It explains how the project should work on the basis of a detailed description of requirements and specifications. The proof is the complete satisfaction of those functions that need to be realized. This approach makes it easier to hire developers for a startup in the future.\r\nIn order to confirm the concept in software development, it is necessary to determine the main tasks and perform the following steps:\r\n<ol><li>Identify project goals and methods for their implementation.</li><li>Receive feedback from users and customers.</li><li>Correct the idea and start implementing it.</li></ol>\r\n<span style=\"font-weight: bold;\">Project goals and methods of implementation</span>\r\nBefore you start, you need to understand what goal will perform a project. A web project can be a large marketplace or social network with unique features and a convenient solution. Also, it may be a CRM system and help the business to increase sales or improve the accounting of business resources. One way or another, each platform has a specific purpose.\r\nThe next step is to build methods of achieving the goal. At this stage, it is important not to delve into the details, but to evaluate common elements. How the project will work, what functions will be implemented, how the web application will interact with users, etc. It is very important to consider each item and write it down in the report. In fact, this is a small brainstorm. Typically, it takes from a few days to a couple of weeks. When the implementation plan is completed, you can begin to collect feedback from future users.\r\n<span style=\"font-weight: bold;\">Feedback from users and customers</span>\r\nWhen you have a ready document with a description of the project and the functions, then you need to get feedback from users or customers. Offer them your solution to a particular problem. Familiarize them with the implementation methods. You will receive many suggestions for improvement. At this point, some of your guesswork will be broken. It is important to listen and collect feedback. There is no need to hurry and change the concept or implement everything that future users are asking for. They don't have an expert evaluation and this is only their proposal.\r\n<span style=\"font-weight: bold;\">Idea correction and implementation</span>\r\nIt is at this stage that the final proof of the concept takes place. Having received feedback, you can clearly understand how users will interact with your project. What emotions it will cause. It is necessary to understand that this is a preliminary evaluation of the concept. Some recommendations may not have value, as others can significantly affect the further development. Thus, based on the information received, it is necessary to consider what can be changed to make the project more convenient. If you received a lot of negative feedback, it makes sense to stop the development process. Or at least think about a new improved version. So, if you really decided to start the development, we recommend starting the design with MVP. The minimal version will allow us to develop the project in the shortest possible time and check the idea on real users.\r\nProof of the concept is one of the important stages in the development of complex and expensive projects. It allows with high probability to determine the value of the project even before the begins development. Typically, the process takes from a few days to a couple of weeks. It gives a clear idea of how the project will work and what functions it will perform. If you approach the feedback analysis process with a clean head, this step in the future can save you money and time.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Proof_of_Concept.png"},{"id":739,"title":"Deployment and Integration Services","alias":"deployment-and-integration-services","description":" The number of various solutions implemented by customers today is quite large. Often, the subsystems of the seemingly unified IT landscape are either weakly connected with each other, or the interaction between them is established in the mode of transferring files and data by mail or “from hand to hand”.\r\nWestern IT vendors, following a certain trend, offer the customer complete and unified solutions. Such blocks of subsystems solve a specific task and form separate IT centers, which also require the mutual integration of infrastructures. This, oddly enough, is even more difficult, as a complete solution does not allow to penetrate deeply and get access to the required information or control subsystems.\r\nNevertheless, the integration and interconnection of information flows can significantly simplify business processes and lead to an increase in the efficiency of interaction both inside and outside the company (with customers and partners).\r\nThe integration task itself is important for business, as it provides a qualitatively new level of services. This is especially important for companies where IT is the immediate tool for achieving business goals. But it is equally important to make integration optimal in the light of minimizing not only the cost of purchasing equipment and software but also preserving previous IT investments.","materialsDescription":" <span style=\"font-weight: bold; \">The main types of implementation and integration services offered by companies:</span>\r\n<ul><li>Designing IT architecture for integration solutions in the field of analytics, automation and monitoring of business processes;</li><li>Development and integration of network infrastructure subsystems, including scalable telecommunications equipment, server equipment and workstations;</li><li>Defining a single platform and developing a solution for integrating enterprise applications, data and business processes;</li><li>Implementation and maintenance of integrated integration solutions in the field of enterprise management (ERP-systems);</li><li>Implementation and maintenance of integration solutions in the field of accounting and analysis of sales and customer relations (CRM-system);</li><li>Implementation and maintenance of integration solutions in the field of accounting and financial analysis;</li><li>Impairment, testing and development of solutions for ensuring information security of a business.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Deployment_and_Integration_Services.png"},{"id":737,"title":"IT System Testing","alias":"it-system-testing","description":" System testing is testing conducted on a complete integrated system to evaluate the system's compliance with its specified requirements.\r\nSystem testing takes, as its input, all of the integrated components that have passed integration testing. The purpose of integration testing is to detect any inconsistencies between the units that are integrated together (called assemblages). System testing seeks to detect defects both within the "inter-assemblages" and also within the system as a whole. The actual result is the behavior produced or observed when a component or system is tested.\r\nSystem testing is performed on the entire system in the context of either functional requirement specifications (FRS) or system requirement specification (SRS), or both. System testing tests not only the design but also the behavior and even the believed expectations of the customer. It is also intended to test up to and beyond the bounds defined in the software or hardware requirements specification(s).\r\nSoftware testing is an investigation conducted to provide stakeholders with information about the quality of the software product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Software testing involves the execution of a software component or system component to evaluate one or more properties of interest. In general, these properties indicate the extent to which the component or system under test meets the requirements that guided its design and development, responds correctly to all kinds of inputs, performs its functions within an acceptable time, is sufficiently usable, can be installed and run in its intended environments, and achieves the general result its stakeholders desire. As the number of possible tests for even simple software components is practically infinite, all software testing uses some strategy to select tests that are feasible for the available time and resources.\r\nMobile-device testing assures the quality of mobile devices, like mobile phones, PDAs, etc. The testing will be conducted on both hardware and software. And from the view of different procedures, the testing comprises R&D testing, factory testing and certification testing. Mobile-device testing involves a set of activities from monitoring and troubleshooting mobile applications, content and services on real handsets. Testing includes verification and validation of hardware devices and software applications.","materialsDescription":" <span style=\"font-weight: bold;\">What is System Testing?</span>\r\nSystem Testing is the testing of a complete and fully integrated software product. Usually, the software is only one element of a larger computer-based system. Ultimately, the software is interfaced with other software/hardware systems. System Testing is actually a series of different tests whose sole purpose is to exercise the full computer-based system.\r\nTwo Category of Software Testing:\r\n<ul><li>Black Box Testing;</li><li>White Box Testing.</li></ul>\r\nSystem test falls under the black box testing category of software testing.\r\nWhite box testing is the testing of the internal workings or code of a software application. In contrast, black box or System Testing is the opposite. The system test involves the external workings of the software from the user's perspective.\r\n<span style=\"font-weight: bold;\">What do you verify in System Testing?</span>\r\nSystem Testing involves testing the software code for following:\r\n<ul><li>Testing the fully integrated applications including external peripherals in order to check how components interact with one another and with the system as a whole. This is also called End to End testing scenario.</li><li>Verify thorough testing of every input in the application to check for desired outputs.</li><li>Testing of the user's experience with the application.</li></ul>\r\nThat is a very basic description of what is involved in system testing. You need to build detailed test cases and test suites that test each aspect of the application as seen from the outside without looking at the actual source code.\r\n<span style=\"font-weight: bold;\">What Types of System Testing Should Testers Use?</span>\r\nThere are over 50 different types of system testing. The specific types used by a tester depend on several variables. Those variables include:\r\n<ul><li><span style=\"font-weight: bold;\">Who the tester works for</span> - This is a major factor in determining the types of system testing a tester will use. Methods used by large companies are different than those used by medium and small companies.</li><li><span style=\"font-weight: bold;\">Time available for testing</span> - Ultimately, all 50 testing types could be used. Time is often what limits us to using only the types that are most relevant for the software project.</li><li><span style=\"font-weight: bold;\">Resources available to the tester</span> - Of course some testers will not have the necessary resources to conduct a testing type. For example, if you are a tester working for a large software development firm, you are likely to have expensive automated testing software not available to others.</li><li><span style=\"font-weight: bold;\">Software Tester's Education</span> - There is a certain learning curve for each type of software testing available. To use some of the software involved, a tester has to learn how to use it.</li><li><span style=\"font-weight: bold;\">Testing Budget</span> - Money becomes a factor not just for smaller companies and individual software developers but large companies as well.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_IT_System_testing.png"},{"id":735,"title":"Installation and configuration","alias":"installation-and-configuration","description":" Installation or setup is the act of making the system or program ready for execution. Because the process varies for each program and each computer, programs (including operating systems) often come with an installer, a specialized program responsible for doing whatever is needed for their installation. The configuration is an arrangement of functional units according to their nature, number, and chief characteristics. Often, configuration pertains to the choice of hardware, software, firmware, settings, and documentation. The configuration affects system function and performance.\r\nSome computer programs can be executed by simply copying them into a folder stored on a computer and executing them. Other programs are supplied in a form unsuitable for immediate execution and therefore need an installation procedure. Once installed, the program can be executed again and again, without the need to reinstall before each execution.\r\nCommon operations performed during software installations include:\r\n<ul><li>Making sure that necessary system requirements are met</li><li>Checking for existing versions of the software</li><li>Creating or updating program files and folders</li><li>Adding configuration data such as configuration files, Windows registry entries or environment variables</li><li>Making the software accessible to the user, for instance by creating links, shortcuts or bookmarks</li><li>Configuring components that run automatically, such as daemons or Windows services</li><li>Performing product activation</li><li>Updating the software versions</li></ul>\r\nThese operations may require some charges or be free of charge. In case of payment, installation costs means the costs connected and relevant to or incurred as a result of installing the drivers or the equipment in the customers' premises. ","materialsDescription":"<span style=\"font-weight: bold;\">What does "Installation" mean?</span>\r\nInstallation is the process of making hardware and/or software ready for use. Obviously, different systems require different types of installations. While certain installations are simple and straightforward and can be performed by non-professionals, others are more complex and time-consuming and may require the involvement of specialists.\r\n<span style=\"font-weight: bold; \">What does the "Configuration" mean?</span>\r\nThe way a system is set up, or the assortment of components that make up the system. Configuration can refer to either hardware or software, or the combination of both. For instance, a typical configuration for a PC consists of 32MB (megabytes) main memory, a floppy drive, a hard disk, a modem, a CD-ROM drive, a VGA monitor, and the Windows operating system.\r\nMany software products require that the computer have a certain minimum configuration. For example, the software might require a graphics display monitor and a video adapter, a particular microprocessor, and a minimum amount of main memory.\r\nWhen you install a new device or program, you sometimes need to configure it, which means to set various switches and jumpers (for hardware) and to define values of parameters (for software). For example, the device or program may need to know what type of video adapter you have and what type of printer is connected to the computer. Thanks to new technologies, such as plug-and-play, much of this configuration is performed automatically.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Installation_and_configuration.png"},{"id":733,"title":"Technical Support","alias":"technical-support","description":" Technical support (often shortened to tech support) refers to services that entities provide to users of technology products or services. In general, technical support provide help regarding specific problems with a product or service, rather than providing training, provision or customization of product, or other support services. Most companies offer technical support for the services or products they sell, either included in the cost or for an additional fee. Technical support may be delivered over by phone, e-mail, live support software on a website, or other tool where users can log an incident. Larger organizations frequently have internal technical support available to their staff for computer-related problems. The Internet can also be a good source for freely available tech support, where experienced users help users find solutions to their problems. In addition, some fee-based service companies charge for premium technical support services.\r\nTechnical support may be delivered by different technologies depending on the situation. For example, direct questions can be addressed using telephone calls, SMS, Online chat, Support Forums, E-mail or Fax; basic software problems can be addressed over the telephone or, increasingly, by using remote access repair services; while more complicated problems with hardware may need to be dealt with in person.\r\nTechnical support is a range of services providing assistance with technology such as televisions, computers, and software, typically aiming to help the user with a specific problem.","materialsDescription":"<span style=\"font-weight: bold; \">What are the categories of technical support?</span>\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Call in</span></span>\r\nThis type of technical support has been very common in the services industry.[citation needed] It is also known as "Time and Materials" (T&M) IT support.[citation needed] The customer pays for the materials (hard drive, memory, computer, digital devices, etc.) and also pays the technician based on the pre-negotiated rate when a problem occurs.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Block hours</span></span>\r\nBlock hours allow the client to purchase a number of hours upfront at an agreed price. While it is commonly used to offer a reduced hourly rate, it can also simply be a standard non-reduced rate, or represent a minimum fee charged to a client before providing service. The premise behind this type of support is that the customer has purchased a fixed number of hours to use either per month or year. This allows them the flexibility to use the hours as they please without doing the paperwork and the hassle of paying multiple bills.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Managed services</span></span>\r\nManaged services means a company will receive a list of well-defined services on an ongoing basis, with well-defined "response and resolution times" for a fixed rate or a flat fee. This can include things like 24/7 monitoring of servers, 24/7 help desk support for daily computer issues, and on-site visits by a technician when issues cannot be resolved remotely.[citation needed] Some companies also offer additional services like project management, backup and disaster recovery, and vendor management in the monthly price. The companies that offer this type of tech support are known as managed services providers.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Crowdsourced technical support</span></span>\r\nMany companies and organizations provide discussion boards for users of their products to interact; such forums allow companies to reduce their support costs without losing the benefit of customer feedback.\r\n<span style=\"font-weight: bold;\">What is outsourcing technical support?</span>\r\nWith the increasing use of technology in modern times, there is a growing requirement to provide technical support. Many organizations locate their technical support departments or call centers in countries or regions with lower costs. Dell was amongst the first companies to outsource their technical support and customer service departments to India in 2001. There has also been a growth in companies specializing in providing technical support to other organizations. These are often referred to as MSPs (Managed Service Providers).\r\nFor businesses needing to provide technical support, outsourcing allows them to maintain a high availability of service. Such need may result from peaks in call volumes during the day, periods of high activity due to introduction of new products or maintenance service packs, or the requirement to provide customers with a high level of service at a low cost to the business. For businesses needing technical support assets, outsourcing enables their core employees to focus more on their work in order to maintain productivity. It also enables them to utilize specialized personnel whose technical knowledge base and experience may exceed the scope of the business, thus providing a higher level of technical support to their employees.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Technical_Support.png"},{"id":731,"title":"IT Project Management","alias":"it-project-management","description":" IT project management is the process of planning, organizing and delineating responsibility for the completion of an organizations' specific information technology (IT) goals.\r\nIT project management includes overseeing projects for software development, hardware installations, network upgrades, cloud computing and virtualization rollouts, business analytics and data management projects and implementing IT services.\r\nIn addition to the normal problems that can cause a project to fail, factors that can negatively affect the success of an IT  project include advances in technology during the project's execution, infrastructure changes that impact security and data management and unknown dependent relationships among hardware, software, network infrastructure and data. IT projects may also succumb to the first-time, first-use penalty which represents the total risk an organization assumes when implementing new technology for the first time. Because the technology hasn’t been implemented or used before in the organization, there are likely to be complications that will affect the project’s likelihood of success.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Project?</span>\r\nA Project is an initiative launched to create a unique product or service.  A Project has a defined start date and a defined end date.  The start date represents when the project will be launched.  The end date specifies when the project will be completed.\r\nA Project is not a reoccurring activity; but rather is a single effort to produce something new.\r\n<span style=\"font-weight: bold;\">What is Project Management?</span>\r\nProject Management is the collection and application of skills, knowledge, processes, and activities to meet a specific objective that may take the form of a product or service.  Project Management is an integrated process of applying 5 major processes and their related activities throughout a project lifecycle: initiating, planning, executing, monitoring and Controlling, Closeout.\r\n<span style=\"font-weight: bold;\">What is a Project Management Methodology?</span>\r\nA Project Management Methodology is the overall approach (system) that will be followed to meet the project objectives.\r\n<span style=\"font-weight: bold;\">What are the characteristics of a project?</span>\r\nA Project has three characteristics:\r\n<ul><li>Temporal nature (Is not ongoing and has a definite start and end date.)</li><li>Unique Deliverable (Produces a new unique product or service that does not exist.)</li><li>Progressive (Actions follow a sequence or pattern and progress over time.)</li></ul>\r\n<span style=\"font-weight: bold;\">Who is responsible for the project?</span>\r\nThe Project Manager is directly responsible for the results of the project. He/She should use the necessary skills, knowledge, and tools to meet the project objectives. During the early phases of the project, the Project Manager, working with the project team, should be able to:\r\n<ul><li>Determine project goals and objectives</li><li>Determine assumptions and constraints</li><li>Define and validate product description</li><li>Determine project requirements</li><li>Define Project deliverables</li><li>Estimate and monitor project resource allocation</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_IT_Project_Management.png"},{"id":667,"title":"Database Development","alias":"database-development","description":" Database development is the process of creating a database and setting its integrity parameters. The integral base is the correspondence of information in the database and internal structures, as well as to explicitly defined rules. Data types when creating a database are different data types.\r\nThe main tasks in designing are the possibilities for ensuring the entire database, obtaining data on all the necessary requests, reducing redundancy and duplication of data, ensuring the integrity of the database.\r\nThe main stages of the development of any database are:\r\n<ul><li>conceptual (infological) design;</li><li>logical (datalogical) design;</li><li>physical design.</li></ul>","materialsDescription":" \r\n<span style=\"font-weight: bold;\">What is a database?</span>\r\nA database is a file or a set of files that use a special format to structurally organize information for the purpose of searching and editing.\r\nDatabase development is a multi-step process of making informed decisions in the process of analyzing an information model of a domain, data requirements from applied programmers and users, synthesizing logical and physical data structures, analyzing and justifying the choice of software and hardware.\r\n<span style=\"font-weight: bold;\">What is a DBMS?</span>\r\nA database management system (DBMS) is a set of system utilities that solve the problem of organizing information (storage, search, editing).","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Database_Development.png"},{"id":665,"title":"User Interface Development","alias":"user-interface-development","description":" User interface design (UI) or user interface engineering is the design of user interfaces for machines and software, such as computers, home appliances, mobile devices, and other electronic devices, with the focus on maximizing usability and the user experience. The goal of user interface design is to make the user's interaction as simple and efficient as possible, in terms of accomplishing user goals (user-centered design).\r\nGood user interface design facilitates finishing the task at hand without drawing unnecessary attention to itself. Graphic design and typography are utilized to support its usability, influencing how the user performs certain interactions and improving the aesthetic appeal of the design; design aesthetics may enhance or detract from the ability of users to use the functions of the interface. The design process must balance technical functionality and visual elements (e.g., mental model) to create a system that is not only operational but also usable and adaptable to changing user needs.\r\nInterface design is involved in a wide range of projects from computer systems, to cars, to commercial planes; all of these projects involve much of the same basic human interactions yet also require some unique skills and knowledge. As a result, designers tend to specialize in certain types of projects and have skills centered on their expertise, whether it is a software design, user research, web design, or industrial design.","materialsDescription":" <span style=\"font-weight: bold;\">What is a Graphical User Interface?</span>\r\nThe graphical user interface, developed in the late 1970s by the Xerox Palo Alto research laboratory and deployed commercially in Apple’s Macintosh and Microsoft’s Windows operating systems, was designed as a response to the problem of inefficient usability in early, text-based command-line interfaces for the average user.\r\nGraphical user interfaces would become the standard of user-centered design in software application programming, providing users the capability to intuitively operate computers and other electronic devices through the direct manipulation of graphical icons such as buttons, scroll bars, windows, tabs, menus, cursors, and the mouse pointing device. Many modern graphical user interfaces feature touchscreen and voice-command interaction capabilities.\r\n<span style=\"font-weight: bold;\">How Does a Graphical User Interface Work?</span>\r\nGraphical user interface design principles conform to the model–view–controller software pattern, which separates internal representations of information from the manner in which information is presented to the user, resulting in a platform where users are shown which functions are possible rather than requiring the input of command codes. Users interact with information by manipulating visual widgets, which are designed to respond in accordance with the type of data they hold and support the actions necessary to complete the user’s task.\r\nThe appearance, or “skin,” of an operating system or application software may be redesigned at will due to the nature of graphical user interfaces being independent from application functions. Applications typically implement their own unique graphical user interface display elements in addition to graphical user interface elements already present on the existing operating system. A typical graphical user interface also includes standard formats for representing graphics and text, making it possible to share data between applications running under common graphical user interface design software.\r\nGraphical user interface testing refers to the systematic process of generating test cases in order to evaluate the functionality of the system and its design elements. Graphical user interface testing tools, which are either manual or automated and typically implemented by third-party operators, are available under a variety of licenses and are supported by a variety of platforms. Popular examples include: Tricentis Tosca, Squish GUI Tester, Unified Functional Testing (UFT), Maveryx, Appium, and eggPlant Functional.\r\n<span style=\"font-weight: bold;\">Graphical User Interface Examples</span>\r\nSketchpad, believed to be the first graphical computer-aided design program, was developed in 1962 by Ivan Sutherland while he was at MIT, and consisted of a light pen that enabled users to create and manipulate objects in engineering drawings in real-time with coordinated graphics.\r\nModern operating systems and graphical user interfaces are incorporated into nearly every interactive application, such as ATMs, self-service checkouts, airline self-ticketing and check-in, video games, smartphones, and desktops. Some popular, modern graphical user interface examples include Microsoft Windows, macOS, Ubuntu Unity, and GNOME Shell for desktop environments, and Android, Apple's iOS, BlackBerry OS, Windows 10 Mobile, Palm OS-WebOS, and Firefox OS for smartphones.\r\n<span style=\"font-weight: bold;\">Advantages of Graphical User Interfaces</span>\r\nThe advantage of a graphical user interface is a stark improvement in useability for the average person. The features of a graphical user interface leverage familiar metaphors, such as drag-and-drop for transferring files, and use familiar icons, such as a trash bin for deleted files, creating an environment in which computer operations are intuitive and easily mastered without any prior practice or knowledge of computing machinery or languages. Graphical user interface applications are self descriptive, feedback is typically immediate, and visual cues encourage and steer discoverability.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_User_Interface_Development.png"},{"id":653,"title":"Applications Development","alias":"applications-development","description":"Application development goes through a process of planning, creating, testing, and deploying an information system, also known as the software development life cycle. Applications are also often developed to automate some type of internal business process or processes, build a product to address common business challenges, or to drive innovation. Today, a majority of organizations are looking for custom solutions to support their individual business needs, and to be on par with cutting edge technologies by developing robust applications that are scalable, secure, and easily maintainable.\r\nFor many software development projects, getting the product in the market quickly, ahead of the competition is key. This is no easy task, considering that skilled domestic software developers come with a high price tag and demand for their talents is high. Outsourcing software development is a smart strategy for many businesses; it enables companies to reduce development and production time without draining budgets.","materialsDescription":" <span style=\"font-weight: bold;\">What is application development software?</span>\r\nApplication development software allows companies to make their own software products, including mobile and desktop applications. Application development platforms are often industry specific. They also require varying degrees of technical knowledge.\r\n<span style=\"font-weight: bold;\">How much does application development software cost?</span>\r\nBecause application development software is such a vast category that is defined by the varying customers across hundreds of industries as well as level of technical expertise required, prices vary just as wildly. The most common payment plan is per user, per month. Plans typically cost between $10 and $25 per user, per month, but the price tag can go up if you choose to add additional software integrations or features.\r\n<span style=\"font-weight: bold;\">What are some common application development software features?</span>\r\nThe most common features include code assistance tools, mobile development and integrations, feedback and analytics, automation and workflows, development tools, API, a development environment, and visual testing arena.\r\n<span style=\"font-weight: bold;\">What are the benefits of using application development software?</span>\r\nOrganizations can save time and money by developing their own apps with application development software instead of hiring third-party developers. They can also customize their products more easily and specifically, often leading to quicker production times. Several application development solutions do not require any previous programming knowledge.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Applications_Development.png"},{"id":647,"title":"Software Testing","alias":"software-testing","description":" Software testing is an investigation conducted to provide stakeholders with information about the quality of the software product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include the process of executing a program or application with the intent of finding software bugs (errors or other defects), and verifying that the software product is fit for use.\r\nSoftware testing involves the execution of a software component or system component to evaluate one or more properties of interest. In general, these properties indicate the extent to which the component or system under test:\r\n<ul><li>meets the requirements that guided its design and development,</li><li>responds correctly to all kinds of inputs,</li><li>performs its functions within an acceptable time,</li><li>it is sufficiently usable,</li><li>can be installed and run in its intended environments, and</li><li>achieves the general result its stakeholder's desire.</li></ul>\r\nAs the number of possible tests for even simple software components is practically infinite, all software testing uses some strategy to select tests that are feasible for the available time and resources. As a result, software testing typically (but not exclusively) attempts to execute a program or application with the intent of finding software bugs (errors or other defects). The job of testing is an iterative process as when one bug is fixed, it can illuminate other, deeper bugs, or can even create new ones.\r\nSoftware testing can provide objective, independent information about the quality of software and risk of its failure to users or sponsors.\r\nSoftware testing can be conducted as soon as executable software (even if partially complete) exists. The overall approach to software development often determines when and how testing is conducted. For example, in a phased process, most testing occurs after system requirements have been defined and then implemented in testable programs. In contrast, under an agile approach, requirements, programming, and testing are often done concurrently. ","materialsDescription":" <span style=\"font-weight: bold; \">What is Software Testing?</span>\r\nSoftware Testing is defined as an activity to check whether the actual results match the expected results and to ensure that the software system is Defect free. It involves the execution of a software component or system component to evaluate one or more properties of interest. Software testing also helps to identify errors, gaps or missing requirements contrary to the actual requirements. It can be either done manually or using automated tools. Some prefer saying Software testing as a White Box and Black Box Testing.\r\n<span style=\"font-weight: bold;\">Why is Software Testing Important?</span>\r\nTesting is important because software bugs could be expensive or even dangerous. Software bugs can potentially cause monetary and human loss, and history is full of such examples.\r\n<ul><li>In April 2015, the Bloomberg terminal in London crashed due to software glitch affected more than 300,000 traders on financial markets. It forced the government to postpone a 3bn pound debt sale.</li><li>Nissan cars have to recall over 1 million cars from the market due to software failure in the airbag sensory detectors. There has been reported two accident due to this software failure.</li><li>Starbucks was forced to close about 60 percent of stores in the U.S and Canada due to software failure in its POS system. At one point store served coffee for free as they were unable to process the transaction.</li><li>Some of Amazon’s third-party retailers saw their product price is reduced to 1p due to a software glitch. They were left with heavy losses.</li><li>Vulnerability in Windows 10. This bug enables users to escape from security sandboxes through a flaw in the win32k system.</li><li>In 2015 fighter plane F-35 fell victim to a software bug, making it unable to detect targets correctly.</li><li>China Airlines Airbus A300 crashed due to a software bug on April 26, 1994, killing 264 innocent live.</li><li>In 1985, Canada's Therac-25 radiation therapy machine malfunctioned due to software bug and delivered lethal radiation doses to patients, leaving 3 people dead and critically injuring 3 others.</li><li>In April of 1999, a software bug caused the failure of a $1.2 billion military satellite launch, the costliest accident in history.</li><li>In May of 1996, a software bug caused the bank accounts of 823 customers of a major U.S. bank to be credited with 920 million US dollars.</li></ul>\r\n<span style=\"font-weight: bold;\">What are the types of Software Testing?</span>\r\nTypically Testing is classified into three categories.\r\n<ul><li>Functional Testing</li><li>Non-Functional Testing or Performance Testing</li><li>Maintenance (Regression and Maintenance)</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Software_Testing.png"},{"id":651,"title":"Interface Testing","alias":"interface-testing","description":"When an application or a software or a website is developed, then there are several components of it. Those components can be server, database etc. The connection which integrates and facilitates the communication between these components is termed as an <span style=\"font-weight: bold;\">Interface</span>.\r\n<span style=\"font-weight: bold;\">Interface Testing</span> is performed to evaluate whether systems or components pass data and control correctly to one another. It is to verify if all the interactions between these modules are working properly and errors are handled properly.\r\n<span style=\"font-weight: bold; \">Interface Testing - Checklist</span>\r\n<ul><li>Verify that communication between the systems are done correctly</li><li>Verify if all supported hardware/software has been tested</li><li>Verify if all linked documents be supported/opened on all platforms</li><li>Verify the security requirements or encryption while communication happens between systems</li><li>Check if a Solution can handle network failures between Web site and application server</li></ul>\r\n<span style=\"font-weight: bold; \">Phases of Interface Testing. </span>\r\nThere are 2 components involved in Interface testing: 1) web server and application server interface and 2) web server and database server interface.\r\nBasically, 3 phases are involved in the Interface testing which is mentioned below:\r\n<b>Configuration and Development. </b>After the configuration of the interface and the development initialization, the configuration is needed to be verified as per the requirement. In simple words, verification takes place.\r\n<p style=\" text-align: justify; \"><b>Validation. </b>After the configuration and development stage, validation of the interface is necessary.</p>\r\n<p style=\" text-align: justify; \"><b>Maintenance.</b> After the completion of the project, when the project reaches it’s working stage, the interface is set to be monitored for its performance.</p>\r\n<p style=\" text-align: justify; \"></p>\r\n<p style=\"text-align: justify; \"><a name=\"StepsinvolvedinInterfaceTesting\"></a></p>","materialsDescription":"<h1 class=\"align-center\">Types of Interface Testing </h1>\r\nDuring Interface Testing various types of testing done on the interface which may include:\r\n<span style=\"font-weight: bold; \">Workflow:</span> It ensures that the interface engine handles your standard workflows as expected.\r\n<span style=\"font-weight: bold; \">Edge cases -unexpected values:</span> This is considered when testing include date, month and day reversed.\r\n<span style=\"font-weight: bold; \">Performance, load, and network testing:</span> A high-volume interface may require more Load Testing than a low-volume interface, depending on the interface engine and connectivity infrastructure.\r\n<span style=\"font-weight: bold; \">Individual system interface testing:</span> This includes testing each system individually. For example, billing system and inventory management system for the retail store should be able to operate separately.\r\n<h1 class=\"align-center\">What is Graphic User Interface (GUI) Testing?</h1>\r\nGraphic User Interface Testing (GUI) testing is the process of ensuring proper functionality of the graphical user interface (GUI) for a specific application. This involves making sure it behaves in accordance with its requirements and works as expected across the range of supported platforms and devices.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">GUI Testing Approaches</span></p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Manual Based Testing: </span>Under this approach, the screens of the application are checked manually by testers. They are being confirmed with the requirements that are stated in the business requirements. The UI is also matched with the designs that are provided during the documentation phase of the application.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Automation Based Testing:</span> Automated user interface testing approach is performed in 2 steps i.e, record and play. While doing this, the steps are captured/recorded with the help of the automation tool while performing the first round of testing. And during playback, that recorded steps script is run when the application is under test. If the position of any button or image changes that during the playback, it does not get tracked and the test fails.</p>\r\n<h1 class=\"align-center\">What Features Should I Look for in a GUI Testing Tool?</h1>\r\nObviously the first answer is to choose a tool that can automate the specific technologies you’re testing, otherwise your automation is doomed to fail. Secondly you should choose a tool that has some of the following characteristics:\r\n<ul><li>Good interface testing software that makes it easy for your automation engineers to write tests, make changes, find issues and be able to deploy the tests on all the environments you need to test.</li><li>A tool that is well supported by the manufacturer and is keeping up to date with new web browsers, operating systems and technologies that you will need to test in the future. </li><li>An object abstraction layer so that your test analysts can write the tests in the way most natural for them and your automation engineers can create objects that point to physical items in the application that will be robust and not change every time you resort a grid or add data to the system.</li><li>Support for data-driven testing since as we have discussed, one of the big benefits of automation is the ability to run the same test thousands of times with different sets of data.</li></ul>\r\n\r\n","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Interface_Testing.png"},{"id":649,"title":"QA - Quality assurance","alias":"qa-quality-assurance","description":" <span style=\"font-weight: bold; \">Quality Assurance (QA)</span> is defined as an activity to ensure that an organization is providing the best possible product or service to customers. QA focuses on improving the processes to deliver Quality Products to the customer. An organization has to ensure, that processes are efficient and effective as per the quality standards defined for software products. Quality Assurance is popularly known as <span style=\"font-weight: bold; \">QA Testing. </span>\r\nQA establishes and maintains set requirements for developing or manufacturing reliable products. A quality assurance system is meant to increase customer confidence and a company's credibility, while also improving work processes and efficiency, and it enables a company to better compete with others.\r\nQuality assurance helps a company create products and services that meet the needs, expectations and requirements of customers. It yields high-quality product offerings that build trust and loyalty with customers. The standards and procedures defined by a quality assurance program help prevent product defects before they arise.\r\n<span style=\"font-weight: bold; \">Quality assurance utilizes one of three methods:</span>\r\n<span style=\"font-weight: bold; \">Failure testing, </span>which continually tests a product to determine if it breaks or fails. For physical products that need to withstand stress, this could involve testing the product under heat, pressure or vibration. For software products, failure testing might involve placing the software under high usage or load conditions.\r\n<span style=\"font-weight: bold; \">Statistical process control (SPC),</span> a methodology based on objective data and analysis and developed by Walter Shewhart at Western Electric Company and Bell Telephone Laboratories in the 1920's and 1930's. This methodology uses statistical methods to manage and control the production of products.\r\n<span style=\"font-weight: bold; \">Total quality management (TQM),</span> which applies quantitative methods as the basis for continuous improvement. TQM relies on facts, data and analysis to support product planning and performance reviews.\r\n<span style=\"font-weight: bold; \">Quality assurance in software.</span> Software quality assurance  management (SQA) systematically finds patterns and the actions needed to improve development cycles. Finding and fixing coding errors can carry unintended consequences; it is possible to fix one thing, yet break other features and functionality at the same time.\r\nSQA software has become important for developers as a means of avoiding errors before they occur, saving development time and expenses. Even with SQA processes in place, an update to software can break other features and cause defects - commonly known as bugs.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Differences between Software testing and SQA services</h1>\r\n<ul><li><span style=\"font-weight: bold; \">SQA tools</span></li></ul>\r\n- Is about engineering process that ensures quality\r\n- Involve activities related to the implementation of processes, procedures, and standards.\r\n- Process focused \r\n- Preventive technique\r\n- Proactive measure\r\n- The scope of software quality testing tools applied to all products that will be created by the organization\r\n<ul><li><span style=\"font-weight: bold; \">Software Testing</span></li></ul>\r\n- Software Testing is to test a product for problems before the product goes live\r\n- Involves actives concerning verification of product Example - Review Testing\r\n- Product focused\r\n - Corrective technique\r\n- Reactive measure\r\n- The scope of Software Testing applies to a particular product being tested\r\n<h1 class=\"align-center\">Manual QA testing services Vs Automated Quality Assurance Testing</h1>\r\nSoftware testing is a huge domain, but it can be broadly categorized into two areas: manual testing and automated testing. Both of them can be used to achieve the best results, but it is always worth knowing the difference between the two. Each testing type – manual and automated – comes with its own set of advantages and disadvantages. \r\nYou can choose between manual and quality assurance testing services based on a variety of factors. These include:\r\n- Project requirements\r\n- Timeline\r\n- Budget\r\n- Expertise\r\n- Suitability<br /> \r\n<ul><li><span style=\"font-weight: bold; \">Manual Testing     </span></li></ul>\r\n<span style=\"font-weight: bold; \">Exploratory Testing:</span> This scenario requires a tester’s expertise, creativity, knowledge, analytical and logical reasoning skills. With poorly written specifications and short execution time, human skills are a must to test in this scenario.\r\n<span style=\"font-weight: bold; \">Ad-Hoc Testing:</span> It is an unplanned method of testing where the biggest difference maker is a tester’s insight that can work without a specific approach.\r\n<span style=\"font-weight: bold; \">Usability Testing:</span> Here you need to check the level of user-friendliness and check the software for convenience. Human observation is a must to make the end user’s experience convenient.\r\n<ul><li><span style=\"font-weight: bold; \">Quality Assurance automation tools</span></li></ul>\r\n<span style=\"font-weight: bold; \">Repeated Execution:</span> When you need to execute a use case repeatedly, automated testing is a better option.\r\n<span style=\"font-weight: bold; \">Regression Testing:</span> Automated automated QA software is better here because the code changes frequently and the regressions can be run in a timely manner\r\n<span style=\"font-weight: bold; \">Performance:</span> You need an automated QA testing software when thousands of concurrent users are simulated at the same time. Additionally, it is a better solution for load testing.\r\n\r\n","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Quality_assurance.png"},{"id":615,"title":"Web Development","alias":"web-development","description":" Web development is the work involved in developing a website for the Internet (World Wide Web) or an intranet (a private network). Web development can range from developing a simple single static page of plain text to complex web-based internet applications (web apps), electronic businesses, and social network services. A more comprehensive list of tasks to which web development commonly refers, may include web engineering, web design, web content development, client liaison, client-side/server-side scripting, web server and network security configuration, and e-commerce development.\r\nAmong web professionals, "web development" usually refers to the main non-design aspects of building websites: writing markup and coding. Web development may use content management systems (CMS) to make content changes easier and available with basic technical skills.\r\nFor larger organizations and businesses, web development teams can consist of hundreds of people (web developers) and follow standard methods like Agile methodologies while developing websites. Smaller organizations may only require a single permanent or contracting developer, or secondary assignment to related job positions such as a graphic designer or information systems technician. Web development may be a collaborative effort between departments rather than the domain of a designated department. There are three kinds of web developer specialization: front-end developer, back-end developer, and full-stack developer. Front-end developers are responsible for behavior and visuals that run in the user browser, while back-end developers deal with the servers.\r\nSince the commercialization of the web, web development has been a growing industry. The growth of this industry is being driven by businesses wishing to use their website to advertise and sell products and services to customers.\r\nThere are many open source tools for web development such as BerkeleyDB, GlassFish, LAMP (Linux, Apache, MySQL, PHP) stack and Perl/Plack. This has kept the cost of learning web development to a minimum. Another contributing factor to the growth of the industry has been the rise of easy-to-use WYSIWYG web-development software, such as Adobe Dreamweaver, BlueGriffon and Microsoft Visual Studio. Knowledge of HyperText Markup Language (HTML) or of programming languages is still required to use such software, but the basics can be learned and implemented quickly.\r\nAn ever-growing set of tools and technologies have helped developers build more dynamic and interactive websites. Further, web developers now help to deliver applications as web services which were traditionally only available as applications on a desk-based computer. This has allowed for many opportunities to decentralize information and media distribution. Examples can be seen with the rise of cloud services such as Adobe Creative Cloud, Dropbox and Google Drive. These web services allow users to interact with applications from many locations, instead of being tied to a specific workstation for their application environment.\r\nExamples of dramatic transformation in communication and commerce led by web development include e-commerce. Online auction sites such as eBay have changed the way consumers find and purchase goods and services. Online retailers such as Amazon.com and Buy.com (among many others) have transformed the shopping and bargain-hunting experience for many consumers. Another example of transformative communication led by web development is the blog. Web applications such as WordPress and Movable Type have created blog-environments for individual websites. The increased usage of open-source content management systems and enterprise content management systems has extended web development's impact at online interaction and communication.\r\nWeb development has also impacted personal networking and marketing. Websites are no longer simply tools for work or for commerce, but serve more broadly for communication and social networking. Web sites such as Facebook and Twitter provide users with a platform to communicate and organizations with a more personal and interactive way to engage the public.","materialsDescription":" <span style=\"font-weight: bold; \">What is the Priority of a Web Developer?</span>\r\nTo answer the question “What is a web developer?”, we must first look at what a web developer does and how they do it.\r\nA web developer or programmer is someone who takes a web design – which has been created by either a client or a design team – and turns it into a website. They do this by writing lines and lines of complicated code, using a variety of languages. Web developers have quite a difficult job, because they essentially have to take a language we understand, such as English, and translate it into a language that a computer understands, such as Python or HTML.\r\nAs you can imagine, this can take a lot of time and effort and requires an intricate understanding of various programming languages and how they are used. Different types of developers specialize in different areas, which means that large web projects are usually a collaboration between several different developers.\r\n<span style=\"font-weight: bold; \">What Types Of Web Developers Are There?</span>\r\nUnfortunately, the question “What does a web developer do?” doesn’t have one simple answer. As noted above, there are some different types of web developers, each of which focuses on a different aspect of the creation of a website.\r\nTo understand what is a web developer it is crucial to know that the three main types of developers are front-end, back-end, and full-stack. Front-end developers are responsible for the parts of a website that people see and interact with, back-end developers are responsible for the behind the scenes code that controls how a website loads and runs, and full-stack developers do a bit of everything.\r\n<span style=\"font-weight: bold; \">Front-End Developer</span>\r\nA front-end developer is someone who takes a client or design team’s website design and writes the code needed to implement it on the web. A decent front-end web developer will be fluent in at least three programming languages – HTML, CSS, and JavaScript.\r\nHTML allows them to add content to a website while splitting it into headings, paragraphs, and tables. CSS lets a decent developer style the content and change things like colors, sizes, and borders. JavaScript allows the inclusion of interactive elements, such as push buttons. We will go into more detail about these languages later.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">So, what do web developers do when they work on the front end of a website?</span></span>\r\n<ul><li>What is a web developer responsible for is that they make sure that all of the content that is needed for the website is clear, visible, and found in the right place. In some cases front-end developers may also have content writing skills, allowing them to create the content for the website as they go.</li><li>They make sure that the right colors are in the right places, especially concerning text colors, background colors, and headers. Some of the best front-end developers are also very good designers, allowing them to tweak things as they go.</li><li>They make sure that all outbound links are correctly formatted, that all buttons work properly, and that the website is responsive and attractive. Mobile design is usually a big part of the job, while it is also important to make sure that a website will display correctly on all web browsers.</li></ul>\r\n<span style=\"font-weight: bold;\">Back-End Developer</span>\r\nWhile it may seem like front-end developers have a difficult job making sure that a website looks great, works well, and contains the correct content, back-end developers have it much worse. While front-end developers are responsible for client-side programming, back-end developers have to deal with the server-side.\r\nThis means that they have to create the code and programs which power the website’s server, databases, and any applications that it contains. The most important thing as a back-end developer is the ability to be able to create a clean, efficient code that does what you want it to in the quickest way possible. Since website speed is a major consideration when it comes to search engine optimization (SEO), it is a large factor when developing the back-end.\r\nTo fully explain what is a web developer it is essential to know that back-end developers use a wide range of different server-side languages to build complicated programs. Some of the most popular languages used include PHP, Python, Java, and Ruby. JavaScript is also becoming increasingly widespread as a back-end development language, while SQL is commonly used to manage and analyze data in website databases.\r\nSince different websites have different needs, a back-end developer must be flexible, able to create different programs, and they absolutely must have a clear, in-depth understanding of the languages that they use. This is very important to make sure that they can come up with the most efficient method of creating the required program while making sure that it is secure, scalable, and easy to maintain.\r\n<span style=\"font-weight: bold;\">Full-Stack Developer</span>\r\nIf you are looking for a quick, simple answer to the question “What is a web developer?”, then a full-stack developer is probably the closest thing that you’re going to get. Full-stack developers understand both front and back-end strategies and processes, which means that they are perfectly positioned to oversee the entire process.\r\nIn the case of small websites that don’t have a huge development budget, a full-stack developer will often be employed to build the entire website. In this case, it is extremely important for them to have a complete, in-depth understanding of both front and back-end development and how they work.\r\nLearning full-stack development techniques has a huge range of benefits, including:\r\n<ul><li>You will end up with the knowledge to be able to create an entire website on your own. This makes you a lot more employable, increasing your job security in the future.</li><li>As a full-stack developer, you will understand the connections between the front and back-ends of a website, allowing you do build efficient and effective programs for all parts of the website.</li><li>Full-stack developers are often employed to oversee large projects for big web development companies. Positions like this are likely to be paid more than standard web development positions, making them more attractive to developers. Full-stack defines what is a web developer.</li></ul>\r\nAlthough most developers start with either front or back-end specializations, there are a lot of reasons why you should consider branching out and learning both. It will make you a lot more employable, will give you a greater understanding of the whole concept of what is web development, and will make it easier for you to create entire websites on your own.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Web_Development.png"},{"id":645,"title":"JavaScript development","alias":"javascript-development","description":" JavaScript, often abbreviated as JS, is a high-level, just-in-time compiled, object-oriented programming language that conforms to the ECMAScript specification. JavaScript has curly-bracket syntax, dynamic typing, prototype-based object-orientation, and first-class functions.\r\nAlongside HTML and CSS, JavaScript is one of the core technologies of the World Wide Web. JavaScript enables interactive web pages and is an essential part of web applications. The vast majority of websites use it, and major web browsers have a dedicated JavaScript engine to execute it.\r\nAs a multi-paradigm language, JavaScript supports event-driven, functional, and imperative (including object-oriented and prototype-based) programming styles. It has APIs for working with text, arrays, dates, regular expressions, and the DOM, but the language itself does not include any I/O, such as networking, storage, or graphics facilities. It relies upon the host environment in which it is embedded to provide these features.\r\nInitially only implemented client-side in web browsers, JavaScript engines are now embedded in many other types of host software, including server-side in web servers and databases, and in non-web programs such as word processors and PDF software, and in runtime environments that make JavaScript available for writing mobile and desktop applications, including desktop widgets.\r\nThe terms Vanilla JavaScript and Vanilla JS refer to JavaScript not extended by any frameworks or additional libraries. Scripts written in Vanilla JS are plain JavaScript code.\r\nAlthough there are similarities between JavaScript and Java, including language name, syntax, and respective standard libraries, the two languages are distinct and differ greatly in design. JavaScript was influenced by programming languages such as Self and Scheme. The JSON serialization format, used to store data structures in files or transmit them across networks, is based on JavaScript.\r\n"JavaScript" is a trademark of Oracle Corporation in the United States. It is used under license for technology invented and implemented by Netscape Communications and current entities such as the Mozilla Foundation.","materialsDescription":" <span style=\"font-weight: bold;\">What is JavaScript?</span>\r\nJavaScript is a client-side as well as a server-side scripting language that can be inserted into HTML pages and is understood by web browsers. JavaScript is also an Object-based Programming language.\r\n<span style=\"font-weight: bold;\">What are the differences between Java and JavaScript?</span>\r\nJava is a complete programming language. In contrast, JavaScript is a coded program that can be introduced to HTML pages. These two languages are not at all inter-dependent and are designed for different intent. Java is an object-oriented programming (OOPS) or structured programming languages like C++ or C whereas JavaScript is a client-side scripting language.\r\n<span style=\"font-weight: bold;\">Do I have to buy JavaScript?</span>\r\nNo--there is nothing to buy. The JavaScript interpreter is included in all major Internet Browsers--so as long as you have an Internet Browser, you're all set. JavaScript source files are written using an ordinary text editor, such as Notepad.\r\n<span style=\"font-weight: bold;\">What is JScript?</span>\r\nJScript is Microsoft's version of Netscape's JavaScript. Each Internet Browser vendor creates their own version of what is collectively known as JavaScript---however, the latest versions of these browsers are moving towards the ECMA Script standard.\r\n<span style=\"font-weight: bold;\">Who 'owns' JavaScript?</span>\r\nECMA governs the standard features of JavaScript---however, each vendor writes the code for their own versions of JavaScript.\r\n<span style=\"font-weight: bold;\">What are the features of JavaScript?</span>\r\n<ul><li>JavaScript is a lightweight, interpreted programming language.</li><li>JavaScript is designed for creating network-centric applications.</li><li>JavaScript is complementary to and integrated with Java.</li><li>JavaScript is complementary to and integrated with HTML.</li><li>JavaScript is open and cross-platform.</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_JavaScript_development.png"},{"id":639,"title":"HTML Development","alias":"html-development","description":" Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScript.\r\nWeb browsers receive HTML documents from a web server or from local storage and render the documents into multimedia web pages. HTML describes the structure of a web page semantically and originally included cues for the appearance of the document.\r\nHTML elements are the building blocks of HTML pages. With HTML constructs, images and other objects such as interactive forms may be embedded into the rendered page. HTML provides a means to create structured documents by denoting structural semantics for text such as headings, paragraphs, lists, links, quotes and other items. HTML elements are delineated by tags, written using angle brackets. Tags such as <img /> and <input /> directly introduce content into the page. Other tags such as <p> surround and provide information about document text and may include other tags as sub-elements. Browsers do not display the HTML tags, but use them to interpret the content of the page.\r\nHTML can embed programs written in a scripting language such as JavaScript, which affects the behavior and content of web pages. Inclusion of CSS defines the look and layout of content. The World Wide Web Consortium (W3C), former maintainer of the HTML and current maintainer of the CSS standards, has encouraged the use of CSS over explicit presentational HTML since 1997.","materialsDescription":" <span style=\"font-weight: bold;\">What is HTML5?</span>\r\nHTML5 contains powerful capabilities for Web-based applications with more powerful interaction, video support, graphics, more styling effects, and a full set of APIs. HTML5 adapts to any device, whether desktop, mobile, tablet, or television. HTML5 is an open platform developed under royalty-free licensing terms.\r\nPeople use the term HTML5 in two ways:\r\n<ul><li>to refer to a set of technologies that together form the future Open Web Platform. These technologies include HTML5 specification, CSS3, SVG, MathML, Geolocation, XmlHttpRequest, Context 2D, Web Fonts (WOFF) and others. The boundary of this set of technologies is informal and changes over time;</li><li>to refer to the HTML5 specification, which is, of course, also part of the Open Web Platform.</li></ul>\r\nAlthough it would be great if people used one term to refer to the specification and another term to refer to a set of specifications, in practice people use the term both ways.\r\n<span style=\"font-weight: bold;\">HTML5 has been cited by many thought leaders as the future of the Web. Why is HTML5 generating this excitement?</span>\r\nThere is huge demand for open standards that allow the creation of rich internet applications. Watching videos, finding the nearest restaurant, accessing emails while being offline are just some of the powerful new capabilities enabled by the set of specifications in development at W3C.\r\nOne aspect that interests W3C, in particular, is enabling people to combine different technologies. W3C works to ensure not just interoperable support in the software of a single specification, but compatibility among specifications.\r\nEven though HTML5 is still a draft, browser vendors are deploying features and generating a lot of excitement in the IT industry. This experience, in turn, allows W3C to revise its drafts. In this way, the final standard can transparently inform implementers where they need to pay close attention to security and privacy issues.\r\n<span style=\"font-weight: bold;\">When can I use HTML5?</span>\r\nPeople can already use parts of the platform that interoperate, but W3C's mission is global interoperable, to ensure that the web is available to all. Not all elements are fully implemented yet and some of them provide builtin fallback mechanisms, such as <video> or <input>. One can use HTML5 today, knowing the existing limitations and ensuring proper fallbacks.\r\n<span style=\"font-weight: bold;\">Which Web Browsers support HTML5?</span>\r\nW3C encourages implementation and testing long before a specification becomes a standard to ensure that two people can read a specification independently and write interoperable software. Early adopters provide implementers and W3C with tremendously valuable feedback because they help identify where interoperability issues exist.\r\n<span style=\"font-weight: bold;\">Do you think that the benefits of HTML5, such as its neutrality, rich graphics, no need plug-ins, outweigh the security risk it carries?</span>\r\nNow entering its third decade, the Web has evolved from a Web of documents into a formidable platform for networked applications that let us share information and services over the Internet. In this highly connected environment, it is important that powerful Web applications be designed with sensitivity to user privacy and security needs. The risks associated with modern Web applications are familiar to the HTML5 community.\r\nHTML5 and related specifications are being developed in W3C's open standards process. This process allows an expert review of features along with their security and privacy implications. Rich functionality that was previously available only through proprietary plugins is now documented in an open specification for all experts to review and improve. We're pleased to see the HTML5 specifications subject to rigorous public review since that helps make the Web a more secure environment.\r\nSome security issues are not confined to HTML5. W3C and IETF are working closely to specify technologies and protocol extensions to mitigate some issues (such as cross-site request forgery and cross-site scripting).\r\n<span style=\"font-weight: bold;\">Will there be an HTML6?</span>\r\nNo work is currently happening on HTML6 but feature requests that are not planned to be addressed in HTML5 are available at listed under HTML.next.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_HTML_Development.png"},{"id":637,"title":"eCommerce development","alias":"ecommerce-development","description":" Electronic commerce is an online transaction of buying and selling products through World Wide Web-based websites and mobile applications. The examples of eCommerce business include supply chain, funds transfer, banking and electronic data interchange (EDI) and others. The electronic transactions are carried out through many eCommerce software platforms and eCommerce applications that are integrated with online websites with the help of eCommerce developers. The eCommerce applications are linked with the payment gateways for a smooth transfer of credit from one entity to another one.\r\nAn eCommerce developer is a very important role in eCommerce app development and web services to realize the power of online sales and marketing in all domains of businesses. The eCommerce developers are normally the web developers with additional exposure to the eCommerce tools and platforms commonly used in online businesses. HTML, CSS, JavaScript, Python, PHP, Ruby on Rail and related technologies are the fundamental components of eCommerce developer skills. In addition to those skills, the knowledge of eCommerce software platforms and API integration is very important for a good eCommerce developer resume.\r\nA good eCommerce website should be highly professional looking with great features and intuitive interface for the checkout process. This is only possible with the help of professional eCommerce developers. You need to evaluate a lot of things before you decide to hire eCommerce developers such as the backend technologies of your website, type of eCommerce, a domain of business, type of database and many others. Once you have decided about all these things, you need to match the eCommerce web developer resume, which is under consideration, with those factors to find a good eCommerce developer.","materialsDescription":" <span style=\"font-weight: bold;\">Why is it important for business owners to create an eСommerce site?</span>\r\nToday, people have very less time to purchase items, by going to physical stores. They prefer to browse their mobile devices or PC and shop online. Having an e-commerce site for your business will help you to capture this market base and keep your customers informed about all your latest products and services.\r\n<span style=\"font-weight: bold;\">How can I choose the best platform for my eСommerce business website?</span>\r\nBefore getting started with your eСommerce web development, consider the few fundamentals that can help to choose the best platform. Always consider the items that you are selling. Some eСommerce platforms can handle inventory tracking and multiple product options while some others will not. Consider the design options, payment gateways, the security of the site, integration with other tools, features and pricing before finalizing on the platform.\r\n<span style=\"font-weight: bold;\">How should I promote my eСommerce site?</span>\r\nThere are various ways to do this and the first thing to do is to promote the site to all the customers. This will help to increase your customer base. Your website address should be present in every advertisement that your company invests in. Register with the search engines and optimize your website as this will affect the traffic of your site.\r\n<span style=\"font-weight: bold;\">What are the important things that can turn browsers into buyers?</span>\r\nCreate your site so that it is much more oriented towards sales rather than marketing. Let your visitors see your products immediately instead of hiding them behind lots of marketing copy. Make a page that reads the terms and conditions as it will offer a professional look. Provide your contact details and explain your return policies, security, encryption methods, and payment options.\r\n<span style=\"font-weight: bold;\">How to create an impressive website?</span>\r\nThe beauty of a site lies in the way it operates and how user-friendly it is.  Ensure that your site is fast, easy to use, professional and attractive. Also, make sure that you are able to fulfill the orders very promptly without any delay. In case you are unable to offer the service, make sure that your customer is informed about it via email.\r\n<span style=\"font-weight: bold;\">What are the security risks that are involved with eСommerce sites?</span>\r\neCommerce website owners should always keep in mind the three dimensions of security - confidentiality, integrity, and availability. Business owners should develop a good strategy that can help to make the site and transactions secured. To avoid any hackers gain access to important confidential data, include encryption methods for any data transactions.\r\n<span style=\"font-weight: bold;\">Is there any limit on the size of my product or customer database?</span>\r\nNo, as such there are no limits on the size. The biggest benefit of having an online store is that you can add unlimited products and catalogs and at the same time you can grow your customer base as you require.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_eCommerce_development.png"},{"id":629,"title":"PHP Development","alias":"php-development","description":"PHP is a general-purpose programming language originally designed for web development. It was originally created by Rasmus Lerdorf in 1994; the PHP reference implementation is now produced by The PHP Group. PHP originally stood for Personal Home Page, but it now stands for the recursive initialism PHP: Hypertext Preprocessor.\r\nPHP code may be executed with a command line interface (CLI), embedded into HTML code, or used in combination with various web template systems, web content management systems, and web frameworks. PHP code is usually processed by a PHP interpreter implemented as a module in a web server or as a Common Gateway Interface (CGI) executable. The web server outputs the results of the interpreted and executed PHP code, which may be any type of data, such as generated HTML code or binary image data. PHP can be used for many programming tasks outside of the web context, such as standalone graphical applications and robotic drone control.\r\nThe standard PHP interpreter, powered by the Zend Engine, is free software released under the PHP License. PHP has been widely ported and can be deployed on most web servers on almost every operating system and platform, free of charge.\r\nThe PHP language evolved without a written formal specification or standard until 2014, with the original implementation acting as the de facto standard which other implementations aimed to follow. Since 2014, work has gone on to create a formal PHP specification.\r\nAs of September 2019, over 60% of sites on the web using PHP are still on discontinued/"EOLed" version 5.6 or older; versions prior to 7.2 are no longer officially supported by The PHP Development Team, but security support is provided by third parties, such as Debian.","materialsDescription":" <span style=\"font-weight: bold; \">What is PHP?</span>\r\nPHP stands for Hypertext Preprocessor. It is an open-source server-side scripting language that is widely used for web development. It supports many databases like MySQL, Oracle, Sybase, Solid, PostgreSQL, generic ODBC, etc.\r\n<span style=\"font-weight: bold; \">What is PEAR in PHP?</span>\r\nPEAR is a framework and repository for reusable PHP components. PEAR stands for PHP Extension and Application Repository. It contains all types of PHP code snippets and libraries. It also provides a command-line interface to install "packages" automatically.\r\n<span style=\"font-weight: bold; \">Who is known as the father of PHP?</span>\r\nRasmus Lerdorf.\r\n<span style=\"font-weight: bold; \">What was the old name of PHP?</span>\r\nThe old name of PHP was Personal Home Page.\r\n<span style=\"font-weight: bold; \">Explain the difference b/w static and dynamic websites?</span>\r\nIn static websites, content can't be changed after running the script. You can't change anything on the site. It is predefined.\r\nIn dynamic websites, the content of a script can be changed at the run time. Its content is regenerated every time a user visits or reload. Google, yahoo and every search engine is an example of a dynamic website.\r\n<span style=\"font-weight: bold; \">What is the name of the scripting engine in PHP?</span>\r\nThe scripting engine that powers PHP is called Zend Engine 2.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_PHP_Development.png"},{"id":627,"title":"CSS Development","alias":"css-development","description":" Cascading Style Sheets (CSS) is a style sheet language used for describing the presentation of a document written in a markup language like HTML. CSS is a cornerstone technology of the World Wide Web, alongside HTML and JavaScript.\r\nCSS is designed to enable the separation of presentation and content, including layout, colors, and fonts. This separation can improve content accessibility, provide more flexibility and control in the specification of presentation characteristics, enable multiple web pages to share formatting by specifying the relevant CSS in a separate .css file, and reduce complexity and repetition in the structural content.\r\nSeparation of formatting and content also makes it feasible to present the same markup page in different styles for different rendering methods, such as on-screen, in print, by voice (via speech-based browser or screen reader), and on Braille-based tactile devices. CSS also has rules for alternate formatting if the content is accessed on a mobile device.\r\nThe name cascading comes from the specified priority scheme to determine which style rule applies if more than one rule matches a particular element. This cascading priority scheme is predictable.\r\nThe CSS specifications are maintained by the World Wide Web Consortium (W3C). Internet media type (MIME type) text/css is registered for use with CSS by RFC 2318 (March 1998). The W3C operates a free CSS validation service for CSS documents.\r\nIn addition to HTML, other markup languages support the use of CSS including XHTML, plain XML, SVG, and XUL.\r\nBefore CSS, nearly all presentational attributes of HTML documents were contained within the HTML markup. All font colors, background styles, element alignments, borders and sizes had to be explicitly described, often repeatedly, within the HTML. CSS lets authors move much of that information to another file, the style sheet, resulting in considerably simpler HTML.","materialsDescription":" <span style=\"font-weight: bold;\">Which is better: plain HTML or HTML with CSS?</span>\r\nMany site developers wonder why you need CSS if you can use plain HTML. Most likely, they only know the development of the site and have a number of gaps in knowledge. The bottom line is that HTML is used to structure the content of a page. And CSS allows you to format this content, make it more attractive to users.\r\nWhen the World Wide Web was created, the developers used only one language - HTML. It was used as a means of outputting structured text. The author had scant functional at his disposal. The maximum that could be done - to designate the title, select the paragraph. Tags were not enough.\r\nIn connection with the development of the Internet, the base of HTML language tags was expanded to allow the appearance of documents to be adjusted. At the same time, the structure remained unchanged.\r\nStructuring tags, for example <table>, began to spread. It was they who were more often chosen to design the pages instead of the structure itself. Some browsers offered their own tags, which only they could reproduce.\r\nThus, users often stumbled upon the message: "To view a page, you need to use browser XXX."\r\nTo correct the situation and create a single database of tags for formatting was created CSS. He allowed refusing to bind tags to browsers.\r\nUsing HTML with CSS is more convenient than using plain HTML. CSS provides the following benefits:\r\n<ul><li>Designed to the smallest detail.</li><li>Using a single table, you can manage various documents.</li><li>You can customize the page display options for different devices: computer screen, smartphone screen, etc.</li></ul>\r\n<span style=\"font-weight: bold;\">Website Promotion with CSS</span>\r\nThe emergence and development of CSS have made the development of web resources more efficient and effective. Now it’s much easier and more convenient to control the design. Also, using CSS, we managed to reduce the code of the pages, their size. This had a positive impact on the download speed, the indexing also began to pass faster. The use of an adaptive approach allowed us to make a breakthrough in the field of mobile versions of Internet resources.\r\nTo improve the website promotion, experts recommend placing the CSS style sheets in a separate document so as not to increase the amount of code. You can create one or more such files.\r\nPreviously, search engines could not read style sheets, which made it possible to use them in black SEO, for example, to create invisible texts. Now it is better to abandon the use of CSS for other purposes.\r\nCSS has several advantages and allows you to improve the site, making it more attractive to visitors. However, it is important to correctly register all the elements.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_CSS_Development.png"},{"id":625,"title":"Typo3 Development","alias":"typo3-development","description":" TYPO3 is a free and open-source Web content management system written in PHP. It is released under the GNU General Public License. It can run on several web servers, such as Apache or IIS, on top of many operating systems, among them Linux, Microsoft Windows, FreeBSD, macOS and OS/2.\r\nTYPO3 is, along with Drupal, Joomla! and WordPress, among the most popular content management systems worldwide, however it is more widespread in Europe than in other regions. The biggest market share can be found in German-speaking countries.\r\nTYPO3 is credited to be highly flexible, as code and content are operated separately. It can be extended by new functions without writing any program code. Also, the software is available in more than 50 languages and has a built-in localization system, therefore supports publishing content in multiple languages. Due to its features like editorial workplace and workflow, advanced frontend editing, scalability and maturity, TYPO3 is used to build and manage websites of different types and size ranges, from small sites for individuals or nonprofit organizations to multilingual enterprise solutions for large corporations. According to the ability to support a corporate environment, it classifies itself as an enterprise level content management system.\r\nTYPO3 was initially authored by the Dane Kasper Skårhøj in 1997. It is now developed by over 300 contributors under the lead of Benjamin Mack (Core team leader) and Mathias Schreiber (Product Owner).\r\nCalculations from the TYPO3 Association show that it is currently used in more than 500,000 installations. The number of installations detected by the public website "CMS Crawler" was around 384,000 by February 2017.","materialsDescription":" <span style=\"font-weight: bold; \">What is the official site of TYPO3?</span>\r\nhttps://typo3.org/ :: TYPO3 — the Professional, Flexible Content Management System. TYPO3 CMS is an Open Source Enterprise Content Management System with a large global community, backed by the approximately 900 members of the TYPO3 Association.\r\n<span style=\"font-weight: bold; \">Where did the name TYPO3 come from?</span>\r\nTYPO3 creator Kasper Skårhøj remembers it something like this:\r\nBack in the late 1990s, while still working on the initial version of his new CMS, he was looking for a name for the new software. At the time, the name “freestyle” appealed to him, but it posed some problems through its over-association with certain activities, products and trademarks. So the issue of naming stayed on the back burner for want of a better idea.\r\nThen, one Friday evening while he was alone in the office after hours coding, Kasper inadvertently typed an error into the command line of his Linux server and accidentally deleted a whole week work. He recalls that feeling you get of a cold rush through the body, when you realize something dreadful has happened. Slowly he got up, walked to the other end of the room and sat down in the couch looking back across the office at the laptop on his desk.\r\nHe stayed like this for a while, just staring out into the room. Then, after the initial shock had subsided, he walked back, sat down, and began to recreate the lost code. This went surprisingly quickly; as such things do when you have them fully worked out in your head. And it was during this new rush of adrenaline and the satisfaction that all was not actually lost, that he began to put the incident into perspective. The recreated programming was going smoothly and cleanly, which made him wonder how ironic it would be if a typo ended up actually improving the product! It was this thought that first brought up the expression “typo” as a possible name. It seemed to fit especially well because\r\n<ul><li>“typo”, as in typography, had something to do with layout and content and</li><li>“typo”, as in a typing mistake, now had a quirky share in the product’s history.</li></ul>\r\nThe newborn child now had a name.\r\nOriginally there were Typo versions 1, 2 and 2.5. But with the success of version 3, which had branded itself more or less by default, a “3” was eventually appended to the product title itself. Since the launch of “TYPO3 version 4”, TYPO3 has remained as the product name for all future versions. So, TYPO3 it is called … and TYPO3 it will continue to be.\r\n<span style=\"font-weight: bold; \">What is TYPO3?</span>\r\nTYPO3 is a free and open-source Web content management system written in PHP. It is released under the GNU General Public License. It can run on several web servers, such as Apache or IIS, on top of many operating systems, among them Linux, Microsoft Windows, FreeBSD, macOS and OS/2.\r\n<span style=\"font-weight: bold; \">Why use TYPO3?</span>\r\nBecause TYPO3 is the CMS for you! TYPO3 is an Enterprise Content Management System. If you need to create, manage and output any kind of digital content, TYPO3 is the right tool for you. You can start small and grow fast, but while your business case might change - you'll never need to change the Content Management System since TYPO3 adapts to your needs.\r\n<span style=\"font-weight: bold;\">What are the system requirements?</span>\r\n<ul><li>Operating System: Linux, Windows or Mac, or common cloud infrastructure setups</li><li>Webserver: Apache httpd, Nginx, Microsoft IIS, Caddy Server</li><li>PHP: PHP >= 7.2</li><li>Database: PostgreSQL //Microsoft SQL Server //MariaDB(>= 10.2) //MySQL(>= 5) //SQLite</li><li>Hardware: RAM >= 256 MB</li><li>Supported Browsers: Chrome (latest) //Firefox (latest) //Safari (latest) //Edge (latest) //Internet Explorer (>= 11)</li></ul>","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Typo3_Development.png"},{"id":623,"title":"Magento Development","alias":"magento-development","description":" Magento is an open-source e-commerce platform written in PHP. It is one of the most popular open e-commerce systems in the network. This software is created using the Zend Framework. Magento source code is distributed under an Open Source Initiative (OSI) approved by the Open Software License (OSL) v3.0, which is similar to the AGPL but not GPL compliant.\r\nThe software was originally developed by Varien, Inc, a US private company headquartered in Culver City, California, with assistance from volunteers.\r\nMore than 100,000 online stores have been created on this platform. The platform code has been downloaded more than 2.5 million times, and $155 billion worth of goods have been sold through Magento-based systems in 2019. Two years ago, Magento accounted for about 30% of the total market share.\r\nVarien published the first general-availability release of the software on March 31, 2008. Roy Rubin, the former CEO of Varien, later sold a share of the company to eBay, which eventually completely acquired and then sold the company to Permira; Permira later sold it to Adobe.\r\nOn November 17, 2015, Magento 2.0 was released. Among the features changed in V2 are the following: reduced table locking issues, improved page caching, enterprise-grade scalability, inbuilt rich snippets for structured data, new file structure with easier customization, CSS Preprocessing using LESS & CSS URL resolver, improved performance and a more structured code base. Magento employs the MySQL or MariaDB relational database management system, the PHP programming language, and elements of the Zend Framework. It applies the conventions of object-oriented programming and model–view–controller architecture. Magento also uses the entity–attribute–value model to store data. On top of that, Magento 2 introduced the Model-View-ViewModel pattern to its front-end code using the JavaScript library Knockout.js.","materialsDescription":" <span style=\"font-weight: bold;\">What is Magento? What is the benefit of choosing an Open Source platform?</span>\r\nMagento is an open-source eCommerce platform that enables the online business owners to control their online store and add powerful and flexible tools for marketing, catalog management, and search engine optimization.\r\nThe open-source platform offers much more innovation, customization, quality, support and agility at a very low cost. It enables the users to share and access the platform, add rich features according to the needs, thereby making changes more effective and easier.\r\n<span style=\"font-weight: bold;\">How can my Magento site be at par with the latest mobile trends and activities?</span>\r\nResponsive designs, device-specific applications have brought a great change in the business world over the past few years. Magento’s latest version includes a responsive template, and it offers great features that meet the needs of the mobile world both for the B2B and the B2C businesses.\r\n<span style=\"font-weight: bold;\">What should be included in my eCommerce Magento strategy?</span>\r\nBefore you plan to start with your Magento project, it is very important to write down the business goals of your website. This will help you to measure success. Once you are done with this, you can plan for the remaining strategies that include target audience, personalization, content plan, mobile strategy, third party add-ons and support services that you would require to keep your site running and performing.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Magento_Development.png"},{"id":621,"title":"WordPress","alias":"wordpress","description":"","materialsDescription":"","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_WordPress.png"},{"id":619,"title":"Drupal Development","alias":"drupal-development","description":" Drupal is a content management software. It's used to make many of the websites and applications you use every day. Drupal has great standard features, like easy content authoring, reliable performance, and excellent security. But what sets it apart is its flexibility; modularity is one of its core principles. Its tools help you build the versatile, structured content that dynamic web experiences need.\r\nIt's also a great choice for creating integrated digital frameworks. You can extend it with anyone, or many, of thousands of add-ons. Modules expand Drupal's functionality. Themes let you customize your content's presentation. Distributions are packaged Drupal bundles you can use as starter-kits. Mix and match these components to enhance Drupal's core abilities. Or, integrate Drupal with external services and other applications in your infrastructure. No other content management software is this powerful and scalable.\r\nThe Drupal project is open source software. Anyone can download, use, work on, and share it with others. It's built on principles like collaboration, globalism, and innovation. It's distributed under the terms of the GNU General Public License (GPL). There are no licensing fees, ever. Drupal will always be free.","materialsDescription":" <span style=\"font-weight: bold;\">What can Drupal do? And why is it different from other CMS?</span>\r\nThere are many reasons why Drupal is the top three most used CMS, and why tons of small to big complex systems have made it their options. Here are those:\r\n<ul><li><span style=\"font-weight: bold;\">Reliability.</span> Drupal is one of the top three most popular content management systems in the world. It has a longstanding history. Though Drupal is a work in progress, it has been stable along the way. We have Drupal 7 now while Drupal 8 is going to be released. But you can be assured that you will be supported for Drupal previous version at least 5 years. Meanwhile, the resources will stay there for goods.</li><li><span style=\"font-weight: bold;\">Available resources.</span> Nearly anything you want to do with the system has been priorly created and done absolutely well by other people. Other great news is nearly all of the most useful modules (Drupal add-ons) are contributed to the Drupal community. This is invaluable because, in many CMS, you have to pay for important features. As a user, you have benefited greatly from someone’s efforts, and experience.</li><li><span style=\"font-weight: bold;\">A huge dedicated community.</span> The Drupal community is large, dynamic and has functioned well since 2001. As a newbie or a senior developer, Drupal.org is a must-have resource where you dig in for learning material, upcoming news, or ask for support from contributors, and specialists.</li><li><span style=\"font-weight: bold;\">Robust and convenience.</span> Be assured that the source code for building your Drupal sites has been precisely written, and designed by Drupal experts. When you have an intention to do more complex and advanced work, you will find it easy and convenient to modify the system. This grants users a great advantage over other CMS.</li><li><span style=\"font-weight: bold;\">Flexibility.</span> It’s not a chance that Drupal is considered the most flexible CMS. We have always thought that if you have an idea about any functions, contents, you can certainly create it with Drupal. Seriously. You can create any content on site. You can customize anything to fit your taste. You can create any website type that you want.</li><li><span style=\"font-weight: bold;\">Scalability.</span> By scalability, we mean that you can extend your Drupal core to a higher level with a variety of contributed Drupal modules. What’s great with the Drupal modules is that they integrate perfectly well with Drupal core. They also connect absolutely efficiently with the modules. This is regardless of the fact many modules are totally different. It is due to the natural structure & built-in system of Drupal. This thereby enhances the power of extending your Drupal website. It is also a core strength of Drupal compared with other CMS. Meanwhile, Drupal is an open source. So suppose the modules you want don’t exist, you can create one, edit an existing module, or hire someone to do the job.</li><li><span style=\"font-weight: bold;\">Security.</span> Drupal has been meticulously tested up to strict security rules by Drupal experts and contributors. Its built-in security is strong. Drupal will lock down whatever directory installed, rendering important data, configuration files unable to be accessed directly. No wonder that many big sites with extreme security are using Drupal, namely - whitehouse.org, commerce.gov, weforum.org,...</li></ul>\r\n<span style=\"font-weight: bold;\">What are the uses of Drupal?</span>\r\nAs stated, due to its flexibility and extensibility, Drupal is not limited to any kind. Browse these lists to see the wide range of things that Drupal can build:\r\n<ul><li>Personal or corporate Web sites</li><li>Community portal sites</li><li>Intranet/Corporate sites</li><li>Blogs, art, portfolio, music, multimedia sites</li><li>Forums</li><li>International sites (websites with multi languages)</li><li>E-commerce sites</li><li>Resource directories</li><li>Social networking sites</li></ul>\r\n<span style=\"font-weight: bold;\">When Drupal isn't right?</span>\r\nIf it is necessary to know about a system before we set our foot on, it’s never been less important to explore its cons. Here we bring some of our caveats for the system:\r\n<ul><li>There’s a little learning curve. You will not learn and work with Drupal in a few days. Accept this fact. It’s harder to start compared with other CMS like Wordpress. But once you learn some basic things, it’s easy, and the flow is smoother.</li><li>It is not for those who have insufficient time to educate themselves about this system, or little money to pay a Drupal developer to carry out the work.</li><li>Finding a good Drupal developer is harder to find than that of Wordpress or other systems. It’s not hard to guess this considering the number of Wordpress developers compared with Drupal.</li></ul>\r\nIt always takes some investments to learn about something. For a new user, it would be a huge opportunity cost - what you will gain and lose working with one system and leave others behind.\r\nBut after all the choice is always yours.We expect it would be worth. The CMS you will spend thousands hours working. The system through this you make a living. The option that yields energy and satisfaction.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Drupal_Development__1_.png"},{"id":601,"title":"Custom Software Development","alias":"custom-software-development","description":" Custom software (also known as bespoke software or tailor-made software) is software that organization for some specific organization or another user. As such, it can be contrasted with the use of software packages developed for the mass market, such as commercial off-the-shelf (COTS) software, or existing free software.\r\nSince custom software is developed for a single customer it can accommodate that customer's particular preferences and expectations. Custom software may be developed in an iterative process, allowing all nuances and possible hidden risks to be taken into account, including issues which were not mentioned in the original requirement specifications (which are, as a rule, never perfect). In particular, the first phase in the software development process may involve many departments, materchode including marketing, engineering, research and development and general management.\r\nLarge companies commonly use custom software for critical functions, including content management, inventory management, customer management, human resource management, or otherwise to fill the gaps present in the existing software packages. Often such software is legacy software, developed before COTS or free software packages offering the required functionality became available.\r\nCustom software development is often considered expensive compared to off-the-shelf solutions or products. This can be true if one is speaking of typical challenges and typical solutions. However, it is not always true. In many cases, COTS software requires customization to correctly support the buyer's operations. The cost and delay of COTS customization can even add up to the expense of developing custom software. Cost is not the only consideration, however, as the decision to opt for custom software often includes the requirement for the purchaser to own the source code, to secure the possibility of future development or modifications to the installed system.\r\nAdditionally, COTS comes with upfront license costs which vary enormously but sometimes run into the millions (in terms of dollars). Furthermore, the big software houses that release COTS products revamp their product very frequently. Thus a particular customization may need to be upgraded for compatibility every two to four years. Given the cost of customization, such upgrades also turn out to be expensive, as a dedicated product release cycle will have to be earmarked for them.\r\nThe decision to build custom software or go for a COTS implementation would usually rest on one or more of the following factors:\r\n<ul><li>Finances - both cost and benefit: The upfront license cost for COTS products mean that a thorough cost-benefit analysis of the business case needs to be done. However it is widely known that large custom software projects cannot fix all three of scope, time/cost and quality constant, so either the cost or the benefits of a custom software project will be subject to some degree of uncertainty - even disregarding the uncertainty around the business benefits of a feature that is successfully implemented.</li><li>Supplier - In the case of COTS, is the supplier likely to remain in business long, and will there be adequate support and customization available? Alternatively, will there be a realistic possibility of getting support and customization from third parties? In the case of custom software, software development may be outsourced or done in-house. If it is outsourced, the question is: is the supplier reputable, and do they have a good track record?</li><li>Time to market: COTS products usually have a quicker time to market</li><li>Size of implementation: COTS comes with standardization of business processes and reporting. For a global or national organization, these can bring in gains in cost savings, efficiency and productivity, if the branch offices are all willing and able to use the same COTS without heavy customizations (which is not always a given).</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is custom software such a large investment?</span>\r\nBuilding a custom web application is a time-consuming endeavor. It takes time to learn the processes of your business, to gather requirements, to flesh out your needs, and to build the software. Put simply, time is money.\r\nWhile it’s a large investment, by investing in custom software, you’ll own the code instead of having a long-term licensing agreement with another software company.\r\n<span style=\"font-weight: bold;\">How could my business benefit from custom software?</span>\r\nA custom business software solution increases process efficiency through process automation. When business processes are properly automated, they minimize the waste in time and resources that the original processes contained.\r\nThink of it this way: with software that already exists, you have to modify your process to meet software capabilities. With custom software, you can build a system around the existing processes you have in place. You took a lot of time to develop those processes, so why should you revamp your business?\r\n<span style=\"font-weight: bold;\">What is IP and how important is it that I own it?</span>\r\nIP stands for Intellectual Property. When you deal with anything creative, you have to think about copyright and the intellectual property on that work and that includes the creation of software code.\r\nThis gets back to the question of buying vs. building. If there is an existing solution that can suit your needs just fine, then it makes sense to buy, but the software developer owns the code and you are basically licensing the software from there. However, if you need a specialized solution that is customized to your needs and decide to go the custom development route, then the question of who owns the code is an important one.\r\n<span style=\"font-weight: bold;\">I’m thinking about hiring someone offshore; what should I watch out for?</span>\r\nIn short, everything. Language barriers and lack of proximity lead to breakdowns in communication and quality. Do yourself a favor and stay local.\r\nOn a related note, if you’re thinking about hiring for the position internally, think about this: it takes around three people to complete a successful custom software project. If you hire someone internally, their salary might cost what it would take to build with us, and you get a whole team when you work with us. Plus, if your software developer decides to leave, they take their knowledge with them. If one of our team members leave, our whole team shares the knowledge so you’re not left in the dark.\r\n<span style=\"font-weight: bold;\">If things don’t go well, am I sunk?</span>\r\nWe make communication and transparency are top priorities so this doesn’t happen. Right out of the gate we work hard to make sure that not only the project is a good fit, but the relationship with the client is as well. Through each step of the process and the build, we keep you in the loop weekly so you know what to expect and what is happening, but a good development company should have places in their process/relationship where you can cleanly exit. Make sure you know what the process is for leaving and what those different ‘leaving’ options are.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Custom_Software_Development.png"},{"id":593,"title":"Mobile Software Development","alias":"mobile-software-development","description":" Mobile app development is the act or process by which a mobile app is developed for mobile devices, such as personal digital assistants, enterprise digital assistants or mobile phones. These applications can be pre-installed on phones during manufacturing platforms, or delivered as web applications using server-side or client-side processing (e.g., JavaScript) to provide an "application-like" experience within a Web browser. Application software developers also must consider a long array of screen sizes, hardware specifications, and configurations because of intense competition in mobile software and changes within each of the platforms. Mobile app development has been steadily growing, in revenues and jobs created. A 2013 analyst report estimates there are 529,000 direct app economy jobs within the EU 28 members, 60% of which are mobile app developers.\r\nAs part of the development process, mobile user interface (UI) design is also essential in the creation of mobile apps. Mobile UI considers constraints, contexts, screen, input, and mobility as outlines for design. The user is often the focus of interaction with their device, and the interface entails components of both hardware and software. User input allows for the users to manipulate a system, and device's output allows the system to indicate the effects of the users' manipulation. Mobile UI design constraints include limited attention and form factors, such as a mobile device's screen size for a user's hand(s). Mobile UI contexts signal cues from user activity, such as location and scheduling that can be shown from user interactions within a mobile app. Overall, mobile UI design's goal is mainly for an understandable, user-friendly interface. The UI of mobile apps should: consider users' limited attention, minimize keystrokes, and be task-oriented with a minimum set of functions. This functionality is supported by mobile enterprise application platforms or integrated development environments (IDEs).\r\nMobile UIs, or front-ends, rely on mobile back-ends to support access to enterprise systems. The mobile back-end facilitates data routing, security, authentication, authorization, working off-line, and service orchestration. This functionality is supported by a mix of middleware components including mobile app server, mobile backend as a service (MBaaS), and service-oriented architecture (SOA) infrastructure. ","materialsDescription":" <span style=\"font-weight: bold;\">What is the native app development?</span>\r\nUnlike websites and web applications, native mobile apps don’t run in the browser. You need to download them from platform-specific app stores such as Apple’s App Store and Google Play. After installation, you can access each app by tapping its respective icon on the screen of your device.\r\nNative app development requires different skills and technologies than mobile website development. You don’t have to worry about browser behavior and compatibility. You can use the native features of mobile OSs to deliver the user experience and implement the functionalities of your app.\r\n<span style=\"font-weight: bold;\">What is the difference between a native mobile app and a hybrid app?</span>\r\nMobile apps have two types: native and hybrid apps. At first glance, both have similar features and design but the underlying technology is different. As the name suggests, hybrid apps are a combination of web apps and native mobile apps. You can build them using web technologies: HTML, CSS, and JavaScript. You can also upload them to app stores and users can install them as native Android or iOS applications.\r\nThe main advantages of hybrid apps are portability and the simplicity of development. You only have to write the code once and your hybrid app will run on different operating systems. You can use hybrid frameworks like Ionic and Apache Cordova to create cross-platform hybrid applications. By contrast, native mobile apps have to be written in platform-specific languages such as Java, Swift, or Objective-C.\r\nNative mobile apps can access the built-in features of smartphones such as the camera and microphone by default. If you have a hybrid app you need to rely on plugins like Cordova plugins to use the native capabilities of the user’s device.\r\nHybrid apps also depend on WebViews to render their user interfaces. WebViews are in-app browsers that allow mobile applications to access and display web content. This is how Android and iOS devices are able to run hybrid apps built with HTML, CSS, and JavaScript as native mobile applications.\r\n<span style=\"font-weight: bold;\">What are the benefits of native mobile app development?</span>\r\nAlthough hybrid apps are easier and cheaper to develop, native mobile apps have many benefits, too.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Better performance</span></span>\r\nNative mobile apps directly interact with native APIs without depending on middleware such as plugins and WebViews. As there are fewer dependencies, native mobile apps are faster and more responsive than hybrid apps. This is especially important for performance-centric apps like games and graphic-heavy applications.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Consistent look and feel</span></span>\r\nAs native mobile apps are developed using native SDKs (software development kits), their UIs look consistent with their platform. This ensures a better user experience, as there are no discrepancies between the OS and app design.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Immediate access to new features</span></span>\r\nNative mobile apps can immediately access the latest iOS or Android features. As web technologies can’t directly use native APIs, hybrid apps have to wait until there’s a plugin that supports the new feature.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Better compliance with app store guidelines</span></span>\r\nBecause of their architecture, native mobile apps comply better with app store guidelines. In 2017, Apple restricted its submission guidelines. Since then, they have begun to reject apps that rely too much on WebViews, such as Ionic View that allowed developers to test their Ionic applications. As it’s likely that app stores will continue cracking down on hybrid apps, native mobile apps are also a more future-proof investment.","iconURL":"https://roi4cio.com/fileadmin/user_upload/icon_Mobile_Software_Development.png"},{"id":598,"title":"Mobile Website Development","alias":"mobile-website-development","description":" Today, virtually no company can effectively conduct its business without ha