NaaS is capable of replacing several legacy network configurations such as multi-protocol label switching (MPLS) and virtual private networks (VPNs), as well as on-premises networking hardware like firewall hardware and load balancers.

Best NaaS Providers

There are many NaaS providers on the market today. The ones covered in this article are just a fraction of what’s available, selected for having standout features and reputations in the industry. Here are some of the top NaaS providers for 2023:

Perimeter 81: Best overall NaaS provider

Perimeter 81 is a top network cybersecurity company that delivers remote access and network capabilities managed over a multi-tenant cloud and provides high scalability for users around the globe. Its managed network service is easily integrated with cloud and local network resources for swift onboarding.

Key features

• One-click encryption across the network
• A single central platform to enable IT to manage all cloud and local resources
• Automatic Wi-Fi security, two-factor authentication (2FA), DNS filtering and more
• Extensive auditing and reporting capabilities
• Multiple public and private gateways around the world

Pros

• Cloud-native NaaS enables users to integrate network and security capabilities into their cloud-based SaaS applications.
• A sophisticated set of security tools to complement regular networking features.
• Total network visibility simplifies how organizations identify the occurrence of exposure.
• Global data backbone of over 50 managed data centers.
• Lower IT costs, since it’s possible to manage all network aspects from a single panel.
• Zero trust remote work supports and secures remote employees.

Cons

• Perimeter 81 may be pricier than its alternatives, with the most useful features available in the costliest tiers.
• Some users report that logging features are inconsistent.

Pricing

Perimeter 81 offers four pricing plans:

• Essentials: Provides all the basics required to secure and manage networks. Starts at $8 a month and serves a minimum of ten users.
• Premium: For $12 a month a minimum of 10 users get access to advanced network security management features.
• Premium Plus: Costs $16 per month and serves a minimum of 20 users. This tier offers more layered security and network for larger organizations.
• Enterprise: The pricing information for this tier is available upon contacting Perimeter 81. Its enterprise-ready security features serve a minimum of 50 users.

Though the company doesn’t offer a free trial, they do have a 13-minute demo presentation available on their website.

Cloudflare: Best for zero trust and DDoS protection

Cloudflare is a global cloud platform that delivers a variety of networking services to businesses all over the world to improve the security, reliability, and performance of their critical internet properties without the complexity and cost of managing legacy network hardware.

It offers Cloudflare Magic WAN—an enterprise NaaS solution designed to replace hardware appliances and WAN technologies with one network—and Magic Transit, which protects network infrastructure and data centers against distributed denial-of-service (DDoS) attacks, among other services.

Key features

• Magic Firewall, a network-level firewall for enterprise security
• Zero trust security for continuous monitoring and validation, micro-segmentation, multifactor authentication (MFA), device access control (DAC), and more
• DDoS protection and traffic acceleration via Magic Transit
• Network Interconnect for the direct connection of on-premises networks to the Cloudflare network

Pros

• Easy deployment and management
• Consistent speed and security anywhere globally
• Easy to use and integrate with endpoints and cloud providers already in use

Cons

• Could benefit from more learning resources and an improved learning portal in general.
• May come off as quite complex to users seeking a simple NaaS tool.

Pricing

Cloudflare’s network services, including Magic Transit, Magic WAN, and Magic Firewall, require prospective users to contact Cloudflare for custom pricing and a demo.

Prisma Cloud: Best for cloud-native security of critical applications and workloads

Prisma Cloud is a product by Palo Alto Networks that empowers enterprises to secure their critical applications across hybrid and multicloud environments. It assists with the effective collaboration of security and DevOps teams to accelerate secure cloud-native application development and deployment by securing applications from code to cloud.

Key features

• Cloud-native application protection to secure applications from code to cloud
• Code Security for shipping secure code for applications, infrastructure, and software supply chain pipelines
• Cloud security posture management
• Cloud Workload Protection to secure hosts, serverless functions, and containers all through the application lifecycle
• Web application and API security
• Cloud Infrastructure Entitlement Management to manage permissions across multicloud environments
• Cloud network security

Pros

• One integrated platform to reduce training and staffing challenges
• Code-to-cloud protection helps avoid friction between security and development teams
• Offers prevention-first protection to defend against zero-day vulnerabilities
• Free trial to test the solution before you buy

Cons

• Steep learning curve, as some users described the UI as complicated and complex to configure.
• It may be pricier than a number of its alternatives.

Pricing

Prisma Cloud offers two editions: Enterprise and Compute. While they don’t list pricing, they do provide an easy guide to what’s included in each edition to help you understand which is more suitable for your business. They also offer a free trial.

Megaport: Best for Software Defined Networking to enable rapid connectivity

Megaport is a leading NaaS provider that uses Software Defined Networking to give its customers rapid connectivity to other services in the Megaport Network. The provider enables its users to deploy global, high availability networks in minutes on its NaaS platform. With Megaport, users can organize all their connections from a single place and bring all their networks together in a simple platform.

Key features

• Direct connectivity to providers on the Megaport Network
• Inter-region/inter-cloud connectivity for control and localization of traffic
• High-speed Ethernet interfaces of 1Gbps, 10Gbps, and 100Gbps
• Secure and private connectivity

Pros

• Point-and-click functionality enables faster and simpler setup and deployment of connections
• Real-time transfer of workloads
• Flexible connections enable customers to scale their bandwidth up or down depending on business growth, changes, and workload transfers

Cons

• Setting up ports may take longer than expected.

Pricing

Megaport offers a scalable, pick-and-choose pricing model with its basic Ports solution starting at $500. You can also request a demo, but not a free trial.

Akamai: Best for Content Delivery Networks (CDNs)

Akamai gives users the ability to implement consistent security policies for their hybrid cloud environments on a global scale. Through the Akamai Intelligent Edge Platform, Akamai’s customers enjoy consistent round-the-clock protection for their applications, websites, APIs, and users, while enabling IT teams to oversee everything from a single pane of glass.

Key features

• DataStream for insight into CDN performance with continuous log data at scale
• Intelligent load balancing to avoid outages and improve application performance
• CloudTest for stress testing websites and applications with intense real-time load testing

Pros

• Secure applications, regardless of where they are hosted
• Fast CDN delivery
• Excellent customer support

Cons

• More expensive than most CDN alternatives
• Suite of offerings can be confusing to navigate
• Some users report that the user interface could be more intuitive

Pricing

Akamai has a broad portfolio of solutions listed on their website. They do not provide pricing, but some include free trials. You can also reach out to their sales team for assistance.

Aryaka: Best for SD-WAN and SASE deployments

Aryaka is a platform that provides a zero-trust WAN to enable enterprises to enjoy a modern SASE solution built for the cloud. The platform converges networking and security to deliver an integrated experience that can be managed from a single dashboard.

Aryaka offers Managed SASE to provide global network connectivity and secure internet access across sites, applications, and users. It also has a Managed SD-WAN service that gives enterprises an adaptable and resilient NaaS to connect users, applications, and clouds globally.

Key features

• Network and security-as-a-service offered as part of Aryaka’s managed SASE
• High-performance WAN to deliver an agile and flexible NaaS
• All-in-one managed service to interconnect enterprises, workers, workloads, support, and more
• Lifecycle services management capabilities integrated with Aryaka’s SASE and cloud-based service delivery platform

Pros

• Fastest SD-WAN and software-defined network on the market
• Greater operational simplicity and lower total cost of ownership (TCO)
• Superior application performance, which improves user experience
• 24/7 operations to ensure constant uptime of enterprise networks

Cons

• Some users report that cold storage is not allowed
• Migration and service incidents have also been reported

Pricing

Aryaka does not provide pricing, trial, or demo information on their website. Interested customers can fill out a contact form to reach out to the sales team.

Converged Cloud Fabric: Best for network automation for private cloud platforms

Arista’s Converged Cloud Fabric is an automated fabric created on cloud networking design principles to deliver a cloud-based NaaS operational model.

Converged Cloud Fabric enables networks to operate at the speed of virtual machines and containers via the automation of networking for multiple private cloud platforms. Its self-service networking and contextual intelligence provide NetOps teams the opportunity to prioritize areas such as analytics and the development of new services.

Key features

• Built-in analytics and telemetry for real-time contextual visibility
• Simplified management and zero-touch workflows
• Self-service networking model with delegated administration to provide teams with cloud-style experience on-premises for VMware, VXRail, and Nutanix HCI workloads
• Scale-out Fabric to provide users with the ability to start at the size and scale that meets their immediate needs while remaining future-proof

Pros

• Effective collaboration among DevOps, NetOps, and CloudOps teams to speed up issue resolution and improve IT productivity
• A self-service network experience
• Automation eliminates tedious tasks
• Highly dependable

Cons

• Very expensive compared to other vendors.

Pricing

Arista does not provide pricing information on their website, but you can reach out to their sales team for more information.

Amdocs NaaS: Best for 5G

Amdocs’ NaaS approach delivers a modular and programmable solution that enables service providers to swiftly design, deploy, and monetize on-demand NaaS offerings for their enterprise customers. It combines cloud and business applications with virtualized network infrastructure and is responsible for the automation, orchestration, and simplification of designing, ordering, and managing network services and value-added services.

Key features

• End-to-end programmable and modular service lifecycle automation and orchestration
• Open ecosystem of pre-integrated third-party virtual network functions (VNFs)
• Automated service factory to handle the whole service lifecycle
• Experience-driven, design-led enterprise self-service portal with network configuration functionality
• A VNF marketplace

Pros

• Faster time to market
• Greater revenue opportunities for enterprises
• Eradication of manual approval and fulfillment opportunities through automation

Cons

• Focuses on providing SD-WAN services to service providers and not directly to enterprises

Pricing

Contact an Amdocs specialist for accurate pricing information.

5 Benefits of Using Network-as-a-Service

There are some strong advantages of using a NaaS provider for companies who don’t have the resources to set up their own network infrastructure—or who would prefer to outsource the setup and maintenance to a dependable partner. Here are the most important benefits of NaaS:

1. Flexibility and customization. Cloud services provide greater flexibility and more customization, since network changes can be executed rapidly over-the-air instead of having to wrestle with hardware.
2. Scalability. For the same reasons as above, NaaS and cloud services in general provide greater scalability than typical hardware-based services.
3. Cost savings. Although this benefit is dependent on the vendor, the choice of subscribing to cloud services such as NaaS as opposed to building your own services often yields cost savings.
4. Security. NaaS enables a single provider to deliver both networking and security services such as firewalls to tighten integration between networks and their security.
5. No maintenance. The responsibility of network, software and hardware maintenance is on the cloud provider.

How to Select a NaaS Provider

For an effective NaaS deployment, it’s important to select the right service. Here are key considerations to help ensure you choose the best NaaS provider for your needs:

1. Define the service(s) you require. Since NaaS solutions vary greatly, determining your requirements is crucial to help you narrow down potential vendors.
2. Ensure the provider’s offerings are compatible. You’ll want to make sure the prospective provider offers services that are compatible with your existing environment. But it doesn’t stop there. Compatibility should also account for applicable networking interoperability factors and standards. You should also consider which of your current SaaS and cloud partners are integrated with the NaaS provider in consideration.
3. Compare the cost of the NaaS to a traditional network. Consumption-based models are meant to accelerate digital transformation, optimize scalability, and reduce capital costs and risks. The cost of the NaaS solution shouldn’t just be a cheaper option—it should allow your organization to smoothly approach digital transformation initiatives.

How We Evaluated the Top Network-as-a-Service Providers

We compared lists, insights, individual product reviews, and rankings from websites such as G2, Gartner Peer Insights, and Sourceforge, among others, as well as the individual product offerings listed on providers’ websites, datasheets, and other official resources. We then selected the standout providers, either for their entire feature set or particular areas they excelled in.

Bottom Line: Choosing the Top NaaS Provider for Your Business

To ensure that IT teams today stay abreast of the rapidly evolving pace of business while keeping network complexity manageable and maintaining security, organizations would do well to consider NaaS solutions. Their on-demand or subscription-based plans allow organizations to shift the responsibility of network management to third-party providers, freeing internal resources to focus on more productive work.

Still, it’s important to know that these services do not follow a one-size-fits-all approach but can vary widely in application. Make sure that the solutions in consideration are not only suitable for your use case but can also add value to your organization.

Explore the best network security companies offering comprehensive network security and management tools and services.

The post 8 Best Network-as-a-Service (NaaS) Providers for 2023 appeared first on Enterprise Networking Planet.

What is DCIM? 

DCIM ensures the data center has high availability, operates with energy efficiency, properly utilizes capacity, predicts future needs, and operates within budget. DCIM tools provide commonality between all aspects of the data center. Instead of one team managing IT and another managing building facility systems such as heating, cooling, and humidity control, such systems are an attempt to bring everything under one umbrella. 

Gartner’s definition of DCIM is that it consists of tools designed to monitor, measure, manage, and control utilization and energy consumption of servers, storage, and networking gear as well as facility infrastructure components, such as power distribution units (PDUs) and computer room air conditioners (CRACs). Older systems don’t stray too far into building management systems (BMS). However, that is changing as the worlds of IT and operational technology (OT) converge. 

The Benefits of DCIM 

Traditionally, such systems operated on-premises. But increasingly cloud-based DCIM tools have entered the scene. They provide many benefits, which include: 

• Monitoring and alerting on the many aspects of data center operations
• Moving maintenance from a reactive to a proactive or predictive stance where failures are caught before they cause disruption
• Guidance on need for spares
• Turning raw analytics into customized recommendations to boost performance and lower maintenance costs
• The ability to correlate and integrate building systems with IT systems despite them utilizing very different protocols
• Tracking and trending data from a multitude of sensors throughout IT and building systems
• Bringing a higher degree of automation and digitalization to the data center
• Prevention of outages
• The ability to query and search all infrastructure elements and dynamically generate rack configurations
• View power loads and thresholds

Also read: Best Data Analytics Tools & Software 2021

Key DCIM Features

The features of DCIM systems vary from vendor to vendor. Those originating in the BMS side of the house tend to favor those systems. As a result, they tend to be lighter on IT management functionality. Similarly, many IT management tools focus on server and systems management and may struggle to integrate with building systems. But the divide is shrinking. Particularly in the cloud DCIM space, the latest generation of products is successfully crossing the chasm that once existed behind IT and facilities management. 

Key features for DCIM include many of the following: 

• Enterprise monitoring and event management
• IT operations analytics
• IT Service Management (ITSM) integration
• Monitoring infrastructure resources across a multi-cloud environment
• Integration between building and IT systems, at least from a data perspective if not from a control perspective

Also read: Data Loss Prevention (DLP) Best Practices & Strategies

Top DCIM Vendors 

Enterprise Networking Planet reviewed a great many DCIM vendors to find those best suited to offering DCIM for the data center. In our selection, we favored those providing cloud functionality. Here are our top picks, in no particular order: 

Schneider Electric

Schneider Electric’s EcoStruxure IT Software & Digital Services offers monitoring, planning, modeling, and digital services to help businesses mitigate and anticipate the risk of failures, receive insights and recommendations, and optimize infrastructure performance across the lifecycle of devices. It comes in three different flavors—IT Expert, Asset Advisor, and IT Advisor. 

Key Differentiators

• EcoStruxure IT Advisor provides insights via a planning and modeling platform 
• EcoStruxure Asset Advisor offers Schneider Electric Service Bureau expert services to monitor IT assets 24/7 
• EcoStruxure IT Expert offers visibility through a cloud-based monitoring platform 
• The EcoStruxure software platform is at the core of Schneider Electric’s broad IT and OT portfolio, thus it integrates well with a host of electrical and monitoring systems
• As well as providing data and visibility through software, it provides actionable information to run the data center more efficiently 
• 24/7 monitoring and dispatch with on-site remediation is offered 
• The EcoStruxure software platform offers custom integration, reports, and dashboards 
• The EcoStruxure software platform provides a holistic view of the entire IT portfolio, from collocation to hyperscale and from enterprise data centers and network edge 

Panduit     

Panduit SmartZone Cloud Software is a cloud-native solution that takes advantage of cloud extensive flexibility and scalability to manage data center, enterprise, and edge infrastructures. It supports the management, monitoring, control, and alerting of power, environmental, cooling, security, assets, and connectivity.

Key Differentiators

• Secure cloud-based platform with encryption on data at rest and in transit, two-factor authentication, access control, and security-focused development lifecycle and hardened with Web application security scanning and assessment tools  
• Vendor agnostic but tightly aligned with Panduit SmartZone G5 Intelligent PDUs to visualize rack-level power, environment, and cabinet physical security access along with IT and facility assets 
• Single pane of glass that offers a holistic view of data center resources 
• In addition to floor plan layout and rack elevation, power path visualization enables operators to identify single points of failure, reduce overprovisioning, and assess risk
• Provides visual representation of asset attributes, connectivity, space availability, and power/environment resources  
• Licensed by floor-mounted asset with unlimited users and locations 
• Multi-tenanted

BMC 

BMC Helix Operations Management with AIOps uses service-centric monitoring, advanced event management, root cause isolation, and intelligent automation to improve performance and availability. It is cloud-ready—able to monitor the health and performance of infrastructure and application resources across a multi-cloud environment. 

Key Differentiators 

• AIOps, analytics, and machine learning allows for ingesting, analyzing, and managing large volumes of operational data
• Event collection and correlation to analyze large numbers of events and group them (situations) to reduce event noise and provide visibility to the underlying cause of issues found
• Probable cause analysis and root cause isolation offer proactive, automated determination of root cause across business services
• Monitor business services and visualize status using heat maps and tile views 
• Out of the box adapters to ingest metrics, events, and topologies from third-party solutions
• Trigger events and notifications based on abnormal behavior
• Identify opportunities for automation and automation brokering to take corrective action
• Integrate with ITSM for automated ticket creation, enrichment, and routing
• Works with the common data store and BMC Helix Discovery data for visibility to infrastructure, relationships, and services

Nlyte

Nlyte Platinum DCIM is an end-to-end system for the entire physical computer infrastructure including data center, collocations, and edge computing. It automates the management of all assets, resources, processes, and people. 

Key Differentiators

• IT teams can monitor energy usage and receive alerts when thresholds are exceeded.
• Helps with data center design and infrastructure planning
• Monitor the performance of existing assets over time and measure them against established benchmarks
• Power and space capacity management
• Workflow automation
• Support for goods receiving, provisioning, changes, tech refresh, and decommission
• Facilitates timely onboarding of equipment at the time of receiving through the decommissioning of older equipment
• Extend the adoption of the IT Infrastructure Library (ITIL) into the data center
• Unlock unused and under-utilized workload, space, and energy capacity
• Forecast and predict the future state of data center physical capacity based on consumption management
• “What if” models forecast the capacity impact of data center projects on space, power, cooling, and networks

Device42

Device42 offers visibility into the data center and the cloud, from infrastructure and IaaS discovery to data center floor and rack diagrams and power consumption. 

Key Differentiators

• Can feed assets to ITSM ticketing systems and drive automated provisioning
• Data center management
• CMDB maintenance
• Audit and compliance
• ITSM integration
• Automated provisioning
• Reduce manual documentation time and compliance risk
• Agentless and automatic discovery of all IT assets, including physical, virtual, and cloud components
• SNMP, IPMI, RedFish, and Cisco UCS discovery
• AWS, Azure, GCP, and Oracle as well as container discovery for Docker and Kubernetes

Serverfarm

InCommand offers control over IT infrastructure and provides insights to drive capacity planning, change management, life cycle management, and efficiency in day-to-day operations. It takes all physical assets in IT, facility, and data center environments and presents them as a virtualized service. 

Key Differentiators 

• Creating management consistency and process and staff discipline through InCommand services, providing data, agility, and financial efficiencies
• InCommand combines a portal with clarified processes and a team to help enterprises gain control over their IT and facilities infrastructure
• Deployment and operations oversight
• Workflow administration
• Accurate IT infrastructure records
• Utilization metrics and KPIs
• Recommended actions to maximize efficiency
• Server asset life cycles
• Cable management

ZPE

ZPE’s Nodegrid Manager provides multi-vendor DCIM access and control for physical, virtual, and cloud infrastructure. It offers open, vendor-neutral network management for console servers, PDUs, IPMI appliances, and many other aspects of data center infrastructure.

Key Differentiators

• 96-port serial console
• Modular, all-in-one services router
• Access and control for all physical and virtual IT assets 
• Runs in a Virtual Machine, which scales with the size of the cloud
• Supports service processors, storage, network, and power appliances from multiple hardware vendors
• Tunneling capability through firewalls

LogicMonitor

LogicMonitor is an automated, cloud-based infrastructure monitoring and observability platform for enterprise IT and managed service providers. The agentless platform helps with the digitalization of applications and data center infrastructure. 

Key Differentiators 

• Includes more than 2,000 pre-built integrations with physical equipment as well as cloud environments
• Close integration with Cisco ACI and VMWare vCenter enables native monitoring of server, storage, and databases
• Provides IPFix, Netflow, and Syslog ingestion
• Alert management and ServiceNow integration promote automated incident management workflows
• Monitor cloud, on-premises and hybrid environments in a single platform
• Analyze logs and surface anomalies to reduce mean time to resolution (MTTR)
• Monitor and alert on applications, hardware, and OS metrics
• Perform on-the-spot service checks and enable synthetic transactions
• Monitor Kubernetes pods, nodes, containers, and other components
• Ensure your remote workforce has access to the tools they need to maintain business continuity

Read next: Best Deduplication Software for Managing Data 2021

The post Best DCIM Software for Managing Data Center Infrastructure appeared first on Enterprise Networking Planet.

The high value of information due to the ability of organizations to analyze and cross reference it with other datastores means that the tolerance for organizational data loss is at an all-time low. Data loss prevention (DLP) software and tools have been created to minimize the risk. 

What is Data Loss Prevention?

DLP is all about the various ways that can be employed to detect and prevent data breaches or the loss sensitive data. The various channels it guards against include removable storage devices, mobile connectivity, internet, the web, device control, and malware. 

For example, DLP tools can monitor USB ports to prevent data loss. They enforce policies related to how data leaves the network and catch unusual patterns or traffic volumes. 

Also read: Best Data Visualization Tools & Software 2021

What is DLP Software?

DLP software makes use of policy, procedures, and a variety of technologies to prevent data leakage or misuse. It addresses data leaks, insider threats, malware, human error, and more. It also provides a means of complying with standards and closely monitoring the movement of critical data.

Some tools are fairly simplistic. They establish a framework for who can access what and block unauthorized access. More sophisticated systems can detect and respond to potential data risks while preventing exfiltration. Some tools add sophisticated automatic discovery and classification of data across the enterprise regardless of the device or where the data resides (i.e., on premises, on devices, or in the cloud). 

Additionally, some DLP software prevents accidental sharing of data with coworkers, partners, or the public. In the case of sensitive information, there are DLP tools that can prevent USB drives from accessing endpoints to remove data. 

Core features include: 

• The ability to differentiate sensitive data from non-sensitive data.
• The ability to discover sensitive data wherever it may reside.
• Visibility into all the potential data loss vectors.
• DLP policy that aligns with corporate data protection requirements.
• Being able to take preventative action if a data loss event is detected. 
• Reporting on any data loss events.

Also read: Best Deduplication Software for Managing Data 2021

Top DLP Tools and Software 

Enterprise Storage Forum evaluated a number of DLP tools and applications. Here are our top picks, in no particular order: 

McAfee 

MVISION Unified Cloud Edge (UCE) is McAfee Enterprise’s device-to-cloud data security solution. It delivers unified data loss prevention across endpoint, network, secure web gateways (SWG), cloud access security brokers (CASB), and Zero Trust Network Access (ZTNA).  

Key Differentiators

• Data Discovery on endpoints, network shares, databases, sanctioned cloud Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) services.
• DLP detection engine embedded within endpoint, network, SWG, CASB, and ZTNA components. 
• Common set of data classifications – set once and extend across all technologies.
• Unified incident management interface across the solution set. 
• Common DLP engine, a common set of classifications, and a common set of incident management tools.  
• Remote Browser Isolation and DLP for devices trying to access private, internal applications. 
• Data protection from the device to the cloud. 
• Converged solution with unified classification, policy enforcement, and incident management (vs. individual point solutions). 
• Cloud-delivered Secure Web Gateway extends McAfee Enterprise DLP to web and shadow IT applications. 

Check Point 

Check Point Data Loss Prevention pre-emptively protects against unintentional loss of valuable information. Integrated in Check Point Next Generation Firewalls (NGFW), network DLP enables businesses to monitor data movement and empowers employees to work with confidence, while staying compliant with regulations and industry standards.

Key Differentiators

• Track data movement: Tracks and controls any type or format of sensitive information in motion, such as e-mail, web browsing and file sharing services.
• Pre-emptive data loss prevention: Educates and alerts end-users on proper data handling without involving IT/security teams, and allows for real-time user remediation.
• Centrally managed across the IT infrastructure
  from a single console. 
• Leverages out-of-the-box best practice policies.
• Check Point Content Awareness is for organizations that want basic data control features. 
• Check Point DLP is for those wanting granular control with the ability to use dictionary matches, scan file repositories, match by template, add watermarks to files and create their own data types using the CPcode scripting language.

Code42 

Code42 Incydr is a SaaS product that allows security teams to mitigate file exposure and exfiltration risks without disrupting legitimate work and collaboration. It monitors all file activity and provides visibility into all corporate file, vector and user activity to ensure product specs, customer pricing plans and source code isn’t being moved to an untrusted or unrecognized place. This includes web browser uploads, cloud sync activity, file sharing, Airdrop, and use of removable media.

Key Differentiators

• Incydr calls attention to an organization’s data security blindspots by giving teams visibility into activities that fly under the radar and increase data exposure risk. 
• When it detects suspicious activity, it gives security teams the ability to view the file content and confirm if it’s sensitive or to decide if it’s just a harmless activity, like uploading files to a trusted corporate domain. 
• Investigations to make fast, informed decisions about how to respond before files are loaded onto thumb drives or sent to personal cloud storage accounts.
• Automated detection when data lands someplace unexpected, or in an untrusted destination (like a personal shared drive). 
• Flag events for further scrutiny. 
• Address insider risk, while still allowing teams to collaborate.
  
  

CoSoSys

Endpoint Protector By CoSoSys discovers, monitors, and protects sensitive data across multiple OSes, devices, and channels. It includes a wealth of security features as well as the ability to monitor compliance. 

Key Differentiators

• USB & peripheral port control to monitor and manage devices. 
• Granular control based on vendor ID, product ID, serial number.
• Monitor, control and block file transfers that include content and context inspection.
• Encrypt, manage, and secure USB storage devices by safeguarding data in transit.
• Discover, encrypt, and delete sensitive data. 
• Detailed content and context inspection through manual or automatic scans.
• N-gram-based text categorization to discover intellectual property, such as source code.
• Scan and safeguard Personally Identifiable Information (PII), including Social Security Numbers, bank account numbers, and credit card numbers.
• Prevent data loss or theft by monitoring activity related to device use and file transfers. 
• Achieve compliance and meet the requirements of data protection regulations such as HIPAA, PCI-DSS, GDPR, SOX and others.

Forcepoint DLP

Forcepoint DLP addresses human-centric risk with visibility and control where people work and where data resides. Security teams apply user-risk scoring to focus on the events that matter most and to accelerate compliance with global data regulations

Key Differentiators

• Secure regulated data with a single point of control for all the applications and data.
• Protect intellectual property by analyzing how people use data. 
• Secure sensitive customer information and regulated data to prove ongoing compliance.
• More than 370 policies applicable to the regulatory demands of 83 countries. 
• Coach employees to make smart decisions, using messages that guide user actions, educate on policy, and validate user intent when interacting with critical data.
• Policy-based auto-encryption that protects data as it moves outside the organization.
• Integrates with data classification solutions such as Microsoft Azure Information Protection, Titus, and Boldon James. 
• Two versions: DLP for Compliance and DLP for Intellectual Property (IP) protection.
• Optical Character Recognition (OCR) identifies data embedded in images while at rest or in motion.
• Identification of PII for data validation checks, real name detection, proximity analysis, and context identifiers. 

Digital Guardian

Digital Guardian is about the convergence of data loss prevention and managed detection & response. Delivered in the cloud via Amazon Web Services (AWS), it promises to simplify deployment, lower overhead, and provide scalability.

Key Differentiators

• Locate, understand, and protect sensitive data.
• Get full coverage at the endpoint, on the network, and in the cloud.
• Team of analysts continuously hunting for cyber threats.
• Understand the sensitivity of data at risk to prioritize threats.
• Detailed attack sequences for advanced threat hunting.
• Coverage for Windows, macOS, or Linux operating systems and all applications, both browser based and native.
• Fine-grained controls, ranging from log & monitor to automated blocking.
• See where sensitive data is located, how it flows, and where it is put at risk — all without policies.

Google

Google Cloud DLP can help classify data on or off cloud with insights that assist proper governance, control, and compliance. It is a fully managed service designed to discover, classify, and protect sensitive data.

Key Differentiators

• Inspects structured and unstructured data to help IT and users make decisions to properly secure data. 
• Reduce data risk with de-identification methods like masking and tokenization. 
• Create dashboards and audit reports. 
• Automate tagging, remediation, or policy. Connect DLP results into Security Command Center, Data Catalog, or export to SIEM or another governance tool.
• Schedule inspection jobs directly or stream data into our API to inspect or protect workloads on Google Cloud, on-premises, mobile applications, or other cloud service providers.
• Native support for scanning and classifying sensitive data in Cloud Storage, BigQuery, and Datastore.
• Measure statistical properties such as k-anonymity and l-diversity.

Cyberhaven

Cyberhaven’s Data Detection and Response (DDR) platform protects enterprise data and intellectual property, and manages risk. It offers a comprehensive view into data while protecting all sensitive data. 

Key Differentiators

• Cyberhaven can use data lineage and other enterprise context to identify and track sensitive data whether the content is unstructured, modified, or encrypted. 
• Non-text data, source code, csv files, instant messages, design files, ML models, and other type content can be protected.
• Automatically discover and classify sensitive data even in unexpected locations.
• Define policies in terms consistent with the business and as situations change, data can be included or excluded. 
• Instantly see where a piece of data came from, how it’s been shared and modified, and all the associated risks.

Read next: Best Data Governance Tools for Enterprise 2021

The post Best Data Loss Prevention (DLP) Software & Tools appeared first on Enterprise Networking Planet.

There are plenty of data visualization tools out there. They range from simple spreadsheets that automatically translate data into charts, to far more complex tools that slice and dice the data a great many ways. Dashboards can be customized to the needs of different roles and lines of business, too. A sales manager might want to have at his or her fingertips a different set of charts and numbers than the CFO, for example. 

Within IT there are many different needs for visualization. The storage manager might want to see capacity numbers, free space available, and throughput. The security chief wants to know about potential incursions, threats blocked, and anomalous traffic. The network head, on the other hand, is more interested in bandwidth and latency. Whatever the need, there are tools and applications there to provide the graphics that people need to do their jobs.  

Why is Data Visualization Important?

Regardless of industry or size, all types of businesses are using reporting, querying and data visualization to help make sense of their data. At the bare minimum, data visualizations products should offer all or most of the following features: 

• Enable the creation of interactive dashboards featuring common chart types, using data from various sources. 
• The ability to comprehend information quickly, identify relationships and patterns, and pinpoint emerging trends using dynamic visuals.
• There must be a way to transmit data into the visualization or business intelligence (BI) tool. 
• Simplicity: What good is a data visualization/chart if it doesn’t make sense or is difficult to understand? A good tool should provide visualizations that help viewers understand what the data means. 
• A good data visualization tool should integrate with other systems and provide a user with the ability to act on the knowledge gained.
• Ability to clean, shape and prepare data for analysis.
• Self-service analytics capabilities – Business users and analysts should be able to answer their business questions, without overly relying on IT teams. 
• Security: Users need to be able to confidently trust the data, where it lives and who has access to it

Also read: Are Companies Protecting Employee Data?

Best Data Visualization Tools  

Enterprise Networking Planet reviewed many different data visualization tools. Here are our top picks in no particular order.

SAS

SAS Visual Analytics provides a single application for reporting, data exploration, and analytics, and enables business users to prepare, visually explore, and find insight in data without coding or the need for data science skills. Its heart is an in-memory, distributed processing engine that accelerates analytical computations. The combination of analytics and an easy-to-use data exploration interface enables different types of users to create and interact with visualizations so they can get the most value from their data. 

Key Differentiators

• Access, profile, cleanse, and transform data using an interface that provides self-service data preparation capabilities with embedded AI.
• Create and deploy custom, natural language chatbots​.
• Visually explore data and create and share smart visualizations and interactive reports​.
• Go directly from reporting and exploration, to analysis, to sharing information through different channels, including Microsoft Office applications.
• Automated forecasting, goal seeking, scenario analysis, and decision trees no matter the skill level.
• Gain insight from social media and other text data and know.
• Combine traditional data sources (transactional, customer, operational, etc.) with location data for analysis in a geographical context
• The software automatically gives suggestions and identifies related measures.
• SAS Visual Analytics Apps for mobile devices to view and interact with others through reports and dashboards on tablets and smartphones.
• Add visualization with third-party JavaScript libraries, such as D3 and C3. 
• Leverage open-source development resources for developers and REST APIs.

Domo

Domo has a cloud-native modern BI platform that helps organizations better integrate, interpret, and use data to drive informed decision making and action across the business. With connectors to simplify integration with existing technology, Domo takes BI-critical processes that previously took weeks and completes them on-the-fly, in minutes at scale. 

Key Differentiators

• 1000+ native cloud connectors to get live data into Domo for analysis. 
• Or use a Workbench feature for on-premises data. 
• Federated data option and a multi-cloud framework for any data access scenario to successfully visualize and analyze data. 
• ETL (extract, transform, and load) tool, called Magic ETL, to cleanse, join, and transform data for ease of use in visualizations. 
• Non-technical users can create self-service data analytics that they can distribute and share among their teams, customers, and partners. 
• Interactive data storytelling capabilities give viewers the ability to explore their data quickly. 
• Mobile app provides anyone with the ability to run their business from their mobile phone.
• Drive action through real-time alerts, interactive apps, integration with other platforms through the Domo Integration Cloud.
• Enterprise-grade data protection. 
• No need to hire a data scientist to get value out of Domo. 

Tableau

Tableau is all about helping people see and understand data. At the heart of Tableau is VizQL, a tool that makes interactive data visualization. A traditional analysis tool forces you to analyze data in rows and columns, choose a subset of your data to present, organize that data into a table, then create a chart from that table. VizQL skips those steps and creates a visual representation of data right away. 

Key Differentiators

• Tableau Business Science is AI-powered analytics to lower the barrier to data science techniques, enabling business users and analysts to make smarter decisions faster. 
• Integrated data analytics and AI suite. 
• Enterprise subscription plans. 
• Goes beyond creating charts through a series of templates and wizards to offer control and customization around insights.
• Full functionality can be deployed on any cloud (private or public cloud) or on premises, used on Mac or PC. 
• Leverages live connections or extracts without differences in functionality. 
• With over 80 native data connectors, you can access data from virtually any source. Web Data connectors allow you to connect to other data sources.
• Either ingest data into the product’s data engine, or push queries to your database. 

Zoho 

Zoho Analytics is business intelligence (BI) and analytics software that aims to transform raw data into actionable insight. The platform lets the user fetch data from any data source and analyze it visually to make data-driven decisions. It also allows the user to easily share insights and collaborate.

Key Differentiators 

• Data integration, preparation and management
• Visual, collaborative, and augmented analysis
•  Data storytelling.
•  Embedded BI. 
• Data analyzed, wherever it is, from over 250+ data sources. 
• Connect to data from files, feeds, web URLs, databases, business apps, and more. 
• Upload data from spreadsheets & flat files like Microsoft Excel, CSV, HTML, JSON, XML, text files and more. 
• Feed data from online storage services like Zoho Docs, Google Drive, Box, Dropbox & Microsoft OneDrive. Pull data from Web URL feeds.
• Connect to a wide range of relational or NoSQL databases, hosted in-house or on the cloud. 
• Connect with popular business applications in sales, marketing, finance, help desk, HR, and IT, through connectors.
• Filter and cleanse data using intelligent suggestions. 
• Enrich data with ML/AI-powered transforms, such as sentiment analysis, keyword extraction, language detection, and more.
• Manage datasets by categories, custom tags, data quality, data readiness. 
• Use smart AI assistant Zia’s search capabilities to perform system-wide metadata searches.
• Slice and dice data, and analyze it visually using a variety of visualization tools.
• Make use of a variety of charts, widgets, pivot, summary and tabular views.

Qlik 

Qlik Sense is a data analytics platform that includes an associative analytics engine, AI capabilities, and operates in a high-performance cloud platform. It empowers executives, decision-makers, analysts, and anyone else with BI that users can freely search and explore to uncover insights.

Key Differentiators

• Create a data literate workforce with AI-powered analytics. 
• Insight Advisor, an AI assistant in Qlik Sense, offers insight generation, task automation, and search & natural-language interaction.
• SaaS and the choice of multi-cloud and on-premises. 
• Associative Engine allows people to explore in any direction. 
• Combine and load data, create smart visualizations, and drag and drop to build analytics apps.
• Insight Advisor gives suggested insights and analyses, automation of tasks, search & natural language interaction, and real-time advanced analytics.
• Interactive mobile analytics. 
• Embedded Analytics.

Looker 

Looker, now part of Google Cloud, is a business intelligence software and big data analytics platform that helps you explore, analyze and share real-time business analytics easily.

Key Differentiators 

• All the benefits that come with integration to the various parts of the Google Cloud. 
• Serve up real-time dashboards for more in-depth, consistent analysis. 
• Access to trustworthy data enables teams to collect fresh results for more precise reporting.
• Looker gives teams unified access to the answers they need to drive successful outcomes.
• Create custom apps that deliver data visualization. 
• Supports multiple data sources and deployment methods.
• Looker connects with Redshift, Snowflake, BigQuery, and 50+ supported SQL dialects, so you can link to multiple databases, avoid database lock-in, and maintain multi-cloud data environments. 
• Supports hosting on public clouds like AWS and GCP, and hybrid environments.

Sisense 

Sisense Fusion is an AI-driven embedded analytics platform that infuses intelligence at the right place and the right time. 

Key Differentiators

• Unlock data from cloud and on-prem, so everyone can analyze data to drive better outcomes. 
• Create custom experiences and automate multi-step actions to accelerate workflow.
• Agility at scale with an open cloud platform extended through deep tech partnerships.
• Integrate AI-powered analytics into workflows, processes, applications and products
• Over 2,000 customers worldwide rely upon Sisense.  

Tibco

Tibco Software is a provider of infrastructure software to use on-premise or as part of cloud. Its enterprise data virtualization solution orchestrates access to multiple and varied data sources and delivers the datasets and IT-curated data services foundation for multiple analytics and data collection solutions.

Key Differentiators 

• Tibco Data Virtualization system removes bottlenecks and enables consistency and reuse by providing all data, on demand, in a single logical layer that is governed and secure. 
• Its Connected Intelligence platform connects any application or data source; unifies data for greater access, trust, and control; and predicts outcomes in real time and at scale.
• Contextual cross-domain relationships as well as detail from transactional systems. 
• Virtually integrate data from multiple sources.
• Unify disparate data without creating copies or siloes. 
• Adapters connect to RDBMS, files, cloud sources, data lakes, and more. 
• Go beyond simple data profiling to examine data, locate important entities, and reveal hidden relationships across distinct data sources. 
• Access, query, federate, abstract, and deliver data on demand. 
• The graphical modeling environment provides a flexible workspace where developers model data, design data services, build transformations, optimize queries, and manage resources.

Read next: Best Data Governance Tools for Enterprise

The post Best Data Visualization Tools & Software appeared first on Enterprise Networking Planet.

With ransomware attempts shooting up by almost 80 million compared to the previous six months, it would be easy for security and IT personnel to become paranoid about cyberattacks. 

That’s where risk management comes in. It uses a series of enterprise risk management software tools to bring sanity to enterprise management and cybersecurity by highlighting the areas of high risk, analyzing the factors involved, and outlining how to respond to those risks. The goal is to achieve some measure of control in order to minimize future negative outcomes, and to move the organization from a reactive to a proactive stance.  

The key steps of the risk management process are: 

• Identify risks
• Assess risks 
• Implement controls 
• Review effectiveness 

Risk management tools are used to help organizations determine the level of risk involved and predict the potential outcome. They can offer management insight and knowledge to help determine such things as whether to upgrade systems now or delay the project for a year. They also help the business evaluate its tolerance levels for risk. A large financial firm processing billions of dollars weekly might have a low tolerance for transactional downtime, for example, whereas a construction firm might be willing to have its system down for a day or two without serious problems. 

Risk Management Complexity 

Risk management tools can be complex. It frequently requires consultants to help implement the technology, establish the processes, and groove in personnel. Risk management software can include many different functional areas spanning all ends of the organizational spectrum: IT and security risk management, audit management, compliance management, digital risk protection, privacy management, business continuity, inbound third-party risk management, and outbound third-party vendor risk management.

“Given the breadth of capabilities within risk management solutions, it is advisable to stage a deployment over time, implementing modules gradually,” said Rick Holland, Chief Information Security Officer, Vice President Strategy at Digital Shadows. “Instead of trying to set up all risk management aspects out of the gate, start with a few modules and slowly implement it.” 

To succeed, organizations must have a clear understanding that no matter how strong their technology may be, it is the people and process aspects that must be prioritized in risk management — otherwise failure is inevitable. Risk management tools today are growing in scope to encompass third-party software, supply chain partners, and customer portals. Holland noted the recent SolarWinds, Accellion, Microsoft Exchange/Hafnium, and Kaseya events. These, he said, have reprioritized the importance of third-party vendor management. 

“Now more than ever, defenders must be able to move beyond static vendor assessment questionnaires to ongoing monitoring of their supply chains,” said Holland. “Point in time assessments might be acceptable for checkboxes but aren’t sufficient when trying to reduce the risk from your business partners.”  

Also read: Managing Security Across MultiCloud Environments

Top Risk Management Tools 

The various risk management software packages out there take different approaches to risk. Some zero in on cybersecurity, others go end to end in the enterprise taking in all facets of organizational risk. This can include planning, budgets, financials, physical and cybersecurity, and more. 

Enterprise Networking Planet evaluated a number of risk management software platforms. Here are our top picks in no particular order.

Resolver 

Resolver equips enterprises with a picture of their risk, enabling them to make decisions to move their business forward and grow faster while ensuring their people and assets are protected.

Key Differentiators 

• Risk management software enables better remote risk management by improving engagement with the front line with a guided risk assessment, a simple task list, and easy reporting.
• AI-enabled security management tool.
• Incident management software to automate the incident and investigative process to mitigate losses and reduce incidents.
• Investigations and case management to find the links between investigations and tracked incidents to ensure management of security risks.
• Streamlined security planning that includes built-in security audit functionality. 
• Resolver’s Command Center Software increases situational awareness of corporate security teams by bringing event identification, response management, officer and dispatcher communication together into one centralized application.
• Modules for compliance and ethics management, internal audits, and vendor risk management. 

JupiterOne

JupiterOne uses its own platform to understand the risk in any environment. The JupiterOne cyber asset management and governance platform provides visibility into cyber assets as well as providing a deep understanding of the current state of those assets. Understanding the relationships between the assets is the final component that helps to detail threats and assess risks.

Key Differentiators 

• Empowers cybersecurity and GRC teams with a centralized compliance-as-code solution that automatically gathers evidence to support compliance needs and processes. 
• Can be used as the basis for the entire cybersecurity program. 
• Security engineering and operations, compliance, cloud security posture management, vulnerability management, incident response and more are all executed with the context that is gathered from JupiterOne.
• Cloud native graph-based cybersecurity platform. 
• The ability to understand the relationships and interdependencies between cyber assets.  
• Available as a SaaS solution with no need for an on-premise footprint to execute.
• Accelerated security reviews and audits.
• Accelerated gap remediation.
• Integrates with all security solutions, DevOps tools, and cloud services.
• Inventory of cyber resources and assets—everything from users and identities to code repositories, and endpoints updated in real time, automatically.
• Insights and compliance dashboards. 
• Security policy builder creates policies unique to the organization.

LogicManager

LogicManager risk-based solutions offer an enterprise-wide view of risk management processes. Its Enterprise Risk Management (ERM) software connects enterprise risk management, governance, and compliance activities in one centralized hub. 

Key Differentiators 

• Identify risk across the organization. 
• Centralized libraries of industry-specific risks.  
• Pre-built, configurable risk assessment criteria standardize data.
• Cloud-based risk monitoring capabilities. 
• Streamline testing, metric collection, and incidents remediation.  
• Create repositories of risk mitigation activities, controls, and procedures to cover the areas that need it most. 
• Interactive dashboards, heat maps, and risk-matrices.

Pathlock

Pathlock’s capabilities focus around treating and monitoring risks through automating detective and preventative controls. Automating controls allows companies to monitor and remediate risks in real time, as they surface. Many companies approach risk solely through the lens of annual compliance driven audits. It allows companies to constantly assess and respond to risks in real time, to ensure timely action.

Key Differentiators

• Pathlock integrates with 140+ critical business applications where many business processes are managed and many risks may originate. 
• Complete visibility to all activity within these applications to assess risk potential. 
• Ability to monitor risks in real time, with preventative controls to ensure risk is managed and mitigated in real time. 
• Pathlock has engaged with hundreds of Fortune 2000 companies to manage enterprise risk programs and enable a proactive strategy around critical risks.
• Map all Segregation of Duty (SOD) and sensitive access risks across systems to stop threats and take the pain out of compliance.
• Uses native dashboards to accelerate review workflows. 
• Financial control and audit support.
• Run “What-If” analyses to check what new risks might be introduced.
• Simulate the risk of adding new roles before making changes live.
• Shorten user access review cycles by up to 80% by automating your process end-to-end.
• Comprehensive ruleset to manage SOX audits out-of-the-box.

EY 

EY (formerly Ernst & Young) focuses on financial organizations, but its capabilities go beyond finance to include cyber-risk. It includes planning and profitability improvement, compliance, actuarial transformation, regulatory reporting, and more. It provides a team of experienced consultants to assist with the creation of a risk management program.  

Key Differentiators 

• Establishes a finance and risk technology infrastructure to include for automation and big data analytics. 
• Drives accountability and enterprise decision making. 
• A Global Regulatory Network, consisting of former regulators and bankers from the Americas, Asia and Europe, provides strategic insights on financial regulation that helps clients adapt to the changing regulatory landscape.
• Manages financial crime and cybercrime risk.
• Development of management strategies. 
• Evaluation of emerging trends in finance and risk.  

Icertis 

The focus of Icertis is on contract management and risk. But from there, it offers a general risk management platform that goes into many other aspects of governance, risk, and compliance (GRC). It identifies, assesses and manages all contract risks and ensures the fulfillment of obligations based on insights from compliance tools.

Key Differentiators 

• The AI-powered Icertis Contract Intelligence platform structures and connects the critical contract information that defines how an organization runs. 
• Streamline contracts and processes and connect the dots across departments.
• Standardized, rule-based content based on approved templates and relationships. 
• Dynamic approval workflows. 
• Identification, assignment, and fulfillment tracking for all obligations.
• Enterprise-grade security and administration to manage highly sensitive information. 
• Drive compliance and minimize risk with continuous monitoring and smart rules.
• Advanced analytics.  

SAP GRC

SAP’s GRC offering is composed of modules revolving around SAP HANA in-memory analytics. These modules include SAP Risk Management, SAP Process Control, SAP Audit Management, and SAP Business Integrity Screening. In-memory data access gives top of the line big data and predictive analytics capability that is tied to risk management. It enables organizations to automate and manage risks, controls, identities, cyber threats, and international trade across the enterprise with embedded analytics and artificial intelligence. 

Key Differentiators 

• Unify enterprise risk and control activities on a common technology platform, leveraging continuous monitoring for agile decision-making.
• Links operations, risk management, compliance, and internal audit.
• Helps screen trading partners, reduce the risk of penalties and fines, and clear inbound and outbound customs quickly.
• Threat monitoring, data controlling, and privacy management.
• Monitors and manages identities and controls who has access to information and processes. 
• Insight into how risk drivers can impact business value and reputation.
• Documents, assesses, tests, and remediates process risks and controls by streamlining enterprise compliance efforts and using best practice internal control processes.
• Streamlines internal audits by simplifying document evidence, organizing work papers, and creating reports.
• Screens large volumes of transactional data in real time based on predictive analyses and extensible rule sets that uncover anomalies, fraud, or deviations from policy.

Navex

Navex offers an integrated risk and compliance program to mitigate risk and leverage compliance. Its 360-degree view of risks across the enterprise includes modules for Ethics & Compliance, Environmental, Social, and Governance, and Integrated Risk Management.

Key Differentiators 

• Suite of ethics and regulatory compliance software aligned with international regulations, DOJ guidance, and EU directives.
• Manages the social, economic, and environmental decisions that impact reporting, compliance, hiring, investor relations, and long term stakeholder value.
• Enterprise-wide GRC solution addressing third party, IT, audit, operational, health and safety, internal control and business continuity risks.
• Navex Lockpath encompasses four standalone products including business continuity management and planning, privacy, risk and compliance management, third-party risk management, and health and safety management.
• Catalog key assets and assess for risk, then conduct business impact analyses to quantify the potential impact of disruption.
• Establish metrics to measure program effectiveness, and monitor for changes that could affect processes or plans and lead to a disruption.
• Use a best-practice template to resiliency and recovery plans that support operations during and after a disruption.
• Configure or use out-of-the-box templates, standardized processes, and contextual reports and dashboards.

Read next: Employing SIEM in the Network Security Fight

The post Top Risk Management Tools for Enterprise appeared first on Enterprise Networking Planet.

The profile of data governance has risen steadily as the regulations impacting the enterprise have multiplied. As well as Sarbanes-Oxley (SOx), there are HIPAA (Health Information Portability and Accountability Act), and PCI-DSS (Payment Card Industry Data Security Standard). More recently, the picture has shifted with the EU GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act). The consequences of violating GDPR, for example, can be severe.

Therefore, a good data governance program has become a necessity in large organizations, and increasingly in mid-sized enterprises. Such a program needs to be anchored in good IT-based data governance tools. These tools detect data inconsistencies in systems, data integrity issues, errors, and areas of violation of non-compliance.

Data Governance Tools Selection Tips

Due to the extent and complexity of data governance systems, companies are understandably cautious when it comes to tool selection. Here are a few tips.

• Take your time: As data governance spills into so many areas of the enterprise and interfaces with so many other systems, it is important to not rush into any purchasing decision. The process used must include due diligence to pare down the number of candidates, detailed testing, and trial runs in your own environment.
• Treat the purchase as a business matter, not merely a technology buying decision. The tool selected must fit well with existing governance processes. Further, it must align well with ongoing compliance mandates and corporate policy.
• Focus on the big picture first. There are a million details to data governance. It is easy to get lost in them. Therefore, focus on key objectives and priorities first and once those are fulfilled, look to see which vendors best deal with any remaining issues.

Also read: Data Center Automation Will Enable the Next Phase of Digital Transformation

Top Data Governance Tools

There are many tools available. Some fall under the banner of risk management or enterprise risk management. Others are termed Governance, Risk Management, and Compliance (GRC) or data governance. Here are some of the best data governance tools according to Enterprise Networking Planet, given in no particular order.

LogicGate

LogicGate’a Risk Cloud combines a no-code workflow builder with hands-on assistance from GRC experts. It helps risk managers and GRC professionals to understand related and connected compliance issues. It assists top management in creating, implementing, and tracking decision-making throughout the organization in one centralized place.

Key Differentiators 

• Risks are identified, tracked, and mitigated.
• Tracking and response protocols are monitored and enforced.
• Identifies rules, regulations, and related compliance issues and program effectiveness.
• Coordinates issues with management and tracks risk remediation strategies across the enterprise.
• Keeps the organization up-to-date and compliant with relevant policies, laws, or regulations to protect assets and avoid violations, legal penalties, and fines.
• Helps prepare the organization to respond to cyberattacks.
• Ensure vendors and partners are compliant and don’t pose a potential liability.
• Align internal controls with standards, protocols, and regulations.
• Automate compliance processes.
• Ensures you are operating within the complex requirements of GDPR, CCPA, and other laws.

Archer

Archer is part of security vendor RSA. It offers integrated risk management solutions to improve strategic decision making and operational resiliency. Archer helps organizations to understand risk holistically by engaging stakeholders, leveraging a platform that spans domains of risk and supports analysis driven by both business and IT impacts. The Archer customer base represents more than 1,500 deployments including more than 90 of the Fortune 100.

Key Differentiators

• Provides an aggregated view of risks to help ensure compliance, protect the business from disruption, and address risks related to new opportunities.
• Breaks down silos between entities, professional functions, and disparate risk evaluation tools.
• Conducts risk quantification analysis, monitor, and report on their risk management programs.
• Customizable risk reporting and monitoring.
• Accessible via desktop and mobile devices.
• Customizable key risk indicators to track emerging trends in risk exposure.
• Comparison of risk profiles and metrics across different entities, processes, products, and regions.
• Describes, integrates, and compares types of possible risk consequences from financial loss to health and safety.
• Collaborative brainstorming for fast development and assessment of risk.
• Builds risk models to evaluate organizational dependence on third parties.

Riskonnect

Riskonnect GRC software helps risk, compliance, and audit professionals share data, exchange knowledge, and collaborate on action. It brings everything to manage risk and compliance into one place. It encompasses the work done by departments like internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite, and the board.

Key Differentiators 

• Blends people, systems, and data from multiple sources.
• Operates on high-performing PaaS and SaaS environments.
• Offers answers on demand with almost no wait time for queries, searches, or analytics.
• Understands risks individually and collectively via a risk-correlation engine.
• Can be accessed by laptop, desktop, tablet, or phone.
• Works in 35 different languages out of the box – or customize your experience with more than 90 available languages.

Concentric

Concentric’s AI-based data access governance solution protects intellectual property, financial documents, PII/PCI content, customer data, business confidential data across on-premises and cloud-based data stores. The Concentric Semantic Intelligence Data Access Governance solution uses deep learning and Risk Distance analysis to accurately categorize data, assess risk, and remediate security issues.

Key Differentiators

• Protects data from ransomware attacks.
• Semantic Intelligence autonomously profiles data access and usage activities.
• Concentric’s Risk Distance analysis finds and remediates overshared, business-critical data, enabling least-privileges access policies that mitigate damage by limiting what can be accessed and encrypted by a compromised account.
• Risk Distance also detects unusual encryption activity and encryption artifacts to alert security professionals when a ransomware attack is in progress.
• Establishes zero-trust data access controls.
• Data discovery, categorization, and risk assessment.
• Discovers and remediates risk without writing a rule.
• Meet regulatory mandates for information barriers and access governance.
• Helps to avoid data loss.

SAP GRC

SAP’s GRC offering is composed of modules revolving around SAP HANA in-memory analytics. These modules include SAP Risk Management, SAP Process Control, SAP Audit Management, and SAP Business Integrity Screening. In-memory data access gives top of the line big data and predictive analytics capability that is tied to risk management. It enables organizations to automate and manage risks, controls, identities, cyber threats, and international trade across the enterprise with embedded analytics and artificial intelligence.

Key Differentiators 

• Unify enterprise risk and control activities on a common technology platform, leveraging continuous monitoring for agile decision making.
• Links operations, risk management, compliance, and internal audit.
• Helps screen trading partners, reduce the risk of penalties and fines, and clear inbound and outbound customs quickly.
• Threat monitoring, data controlling, and privacy management.
• Monitors and manages identities and controls who has access to information and processes.
• Insight into how risk drivers can impact business value and reputation.
• Documents, assesses, tests, and remediates process risks and controls by streamlining enterprise compliance efforts and using best practice internal control processes.
• Streamlines internal audits by simplifying document evidence, organizing work papers, and creating reports.
• Screens large volumes of transactional data in real time based on predictive analyses and extensible rule sets that uncover anomalies, fraud, or deviations from policy.

SAI Global Compliance360

SAI360 is cloud-first software and ethics/compliance learning content designed to help organizations navigate risk. It can catalogue, monitor, update, notify, and manage a company’s operational GRC needs. By raising compliance and lowering risk, it also aims to reduce the possibility of levied fines.

Key Differentiators 

• Extensible data model with configurable UI/forms, fields, relationships to extend solutions.
• Helps to easily modify or create new processes to automate and streamline risk, compliance, and audit activities.
• Out of the box settings, templates, and dashboards to visualize and analyze data.
• Preloaded frameworks, control libraries, and regulatory content along with values-based ethics and compliance learning content.
• Integration framework with APIs and other protocols to integrate with enterprise systems.

MetricStream

MetricStream’s products include regulatory compliance, IT and cyber security, third-party management, audit and financial controls, risk management, and integrated platform. They provide built-in regulatory content, best-practice workflows, AI-powered recommendations, mobile apps, and contextual tours.

Key Differentiators

• Addresses audits, contracts, financial control, legal, quality, compliance, performance, risk management, vendor governance, FDA compliance, trading surveillance, social compliance, quality assurance audit, and loss prevention.
• AI helps to simplify, automate, and streamline governance, risk, and compliance programs.
• Eliminates regulatory change hassles with real-time content from Thomson Reuters, issue and action recommendations, compliance and control certification, contextual intelligence on policies for greater confidence and insights.
• Cyber risk quantification capabilities with RiskLens integration and new loss exposure reports give insights into optimal IT and cybersecurity investments and resource allocation.
• Automatically risk score third parties based on anomalies in their SOC2 and SOC3 reports.

Galvanize

Galvanize by Diligent helps to strategically manage risk, demonstrate compliance, and provide executives with visibility, assurance, and confidence. It helps to reduce the cost of managing GRC programs and prevent errors with a unified platform.

Key Differentiators

• Pre-configured solutions designed to deliver GRC programs.
• Gain insights with analytics and storyboards.
• Connect tools in a unified platform to centralize and scale work.
• Connects data sources.
• Integrates, analyzes, and contextualizes metrics in real time.
• Inventory of risks, controls, third parties, audits in one place.

Read next: How Data Centers Must Evolve in the Cloud First Era

The post Best Data Governance Tools for Enterprise appeared first on Enterprise Networking Planet.

That trend has been accelerated of late. The pandemic caused many still on in-house PBXs to move to voice over IP (VoIP) as a way to keep employees connected, able to access their extensions, and retrieve their voicemails. The idea is to be able to access voice communications from a central web console no matter the location or device. 

Today, most systems go beyond basic voice features to also offer video conferencing, team collaboration, and sometimes a lot more. These features are often structured with subscription-based pricing that is cheaper than an old on-premises PBX.

VoIP has suffered from plenty of quality issues over its history, but the level of quality is generally good enough for most business uses. The number of complaints about dropped calls or other issues are generally on a par with cellular networks.

Decision Time for VoIP in the Enterprise

During the pandemic, some organizations adopted a temporary VoIP solution. With many now returning to work, these organizations face the decision of whether to return to an on-premises PBX, shift the status of any temporary VoIP arrangements into a more permanent relationship, or find a new VoIP provider.

The good news is that there are plenty of VoIP options out there. Some services are relatively basic. Others have grand monikers such as Unified Communications as a Service (UCaaS) and operate as cloud-based, virtual PBXs with a whole lot of advanced functionality. In some cases, this might include CRM integration, global call capabilities, and integration with a Public Switched Telephone Network (PSTN) gateway or other legacy phone system functions.   

Also read: Unified Communications Security Considerations and Solutions

Key Features of Business VoIP Solutions

There can be a tremendous variety of features offered among the VoIP providers. This largely depends on their roots. Those who began in physical PBXs or software PBXs provide different capabilities compared to those who grew up in the cloud. Similarly, some gravitate to the SMB segment, others cater more to large enterprises, and quite a few attempt to serve all needs.

Thus, the feature set, pricing, and breadth of offerings can be wildly different. That said, most vendors should provide the bulk of the following features:

• Centralized device management to easily manage all voice and related features without the need for complex administrative tasks.
• Unified communications and mobile app integration so all employees can easily collaborate from their preferred device.
• Call routing.
• Call recording.  
• Call queuing
• Caller ID
• Additional features such as call transfer, call hold, 3-way calling, music on hold, paging, intercom, Spam call blocking/tagging, 911 admin notification, voicemail-to-email transcription, depending on needs. Some providers bundle all of these for one price, others have tiers of service that provide more of such functions if required.
• Phone system reliability without outages, downtime, or low call quality.

Top Enterprise VoIP Providers and Platforms

Here are Enterprise Networking Planet’s top business VoIP providers and solutions in no particular order. 

Nextiva

Nextiva Business Phone System manages calls, whether you are using a desk phone or the Nextiva App. It addresses business communications problems with one set of tools that are said to be simple to use and don’t require in-depth IT know-how. The network’s reliability has attracted many business customers who now make more than 200 million calls every month on the Nextiva network.

Key Differentiators

• Contact Center as a Service is integrated with Nextiva Business Phone System to make it easier for office-based, hybrid, and distributed organizations to better serve their customers. 
• Nextiva is said to boast the most reliable network in the industry.
• Meets security standards set by the ISO/IEC 27001 certification.
• Sign up, set up, and start taking calls in a matter of minutes.
• Scales up as the business grows.
• Won Best Business Phone Service from U.S. News and World Report for two consecutive years.
• Named a Customer’s Choice in Gartner Peer I.

GoToConnect

GoToConnect provides VoIP calling, automatic rollover, caller engagement, unlimited extensions, lines for each device, visual plan editor, video conferencing, and cloud PBX on top of the basic features that users expect from any VoIP service. In fact, it comes packed with more than 100 features across cloud VoIP and web, audio and video conferencing, and contact center. It is part of the LogMeIn portfolio of business services.

Key Differentiators

• This hosted VoIP is a cloud-based service where the equipment for connecting VoIP calls is managed by a third-party provider. 
• Many data centers are distributed worldwide, providing redundant service. 
• Uptimes of 99.995%. 
• Is said to have lower bandwidth requirements than major competitors.
• Free international calling, unlimited domestic calls. 
• Conversations and confidential data secured by encryption, meeting lock with password protection, and security standards like SOC 2 Type II and GDPR (General Data Protection Regulation). 
• Integrated business communications, with video conferencing included. 
• As a product in LogMeIn’s larger portfolio, it integrates with GoToMeeting, GoToWebinar, Rescue, GoToAssist, and LastPass. 

Intermedia

Intermedia Unite is an all-in-one communications platform. Unite combines a 90+ feature VoIP/hosted PBX system with video conferencing, chat, contact center, file sharing and backup, creating a tightly integrated communications and collaboration solution. Users receive all of this for a price that is competitive to a standalone VoIP system.

Key Differentiators 

• Either purchase new VoIP phones for employees or use existing phones.
• Keep your same phone numbers.
• Businesses receive voice, video conferencing, chat, contact center, file sharing.
• 99.999% uptime service level agreements.
• J.D. Power-certified 24/7 technical support. 

8×8 

8×8’s business phone service uses the all-in-one 8×8 Work cloud-based app, bringing together business telephony, video meetings, and team messaging to a desktop PC, smartphone, or web browser. Employees can communicate and collaborate with co-workers, customers, and suppliers securely.

Key Differentiators

• Unlimited global calling to anywhere from 14 to 47 countries, depending on the plan.
• Utilize a dedicated direct inward dialing number for each extension.  
• View call quality details of the other party in addition to the user’s call quality status.
• Protect calls from eavesdropping with TLS/SRTP secure voice encryption.
• SLA for uptime and voice quality over the public internet that is financially backed and end to end.
• Works with 25+ PSTN carriers to provide global coverage and redundancy.
• Automatic localized signaling and voice to reduce latency and improve end-user experience.
• View and listen to recordings on desk phone, computer, or mobile device.
• Transcribes voicemail to text and sends an email with it included.
• Enterprise-grade cloud PBX with unlimited calling, multi-level auto-attendant, flexible call flows, and global coverage.
• Analytics with performance and usage dashboards, plus reporting options for valuable insights and sentiments.
• 35 data centers across the world.
• 8×8 Voice for Microsoft Teams delivers direct routing capabilities that allow Teams users to make and receive calls on the PSTN natively from any Teams endpoint.

Cox Business

Cox Business offers a fully hosted business phone service that integrates existing equipment and devices. Its portfolio of business phone offerings deliver many advanced features and are designed to improve and simplify communications, particularly for companies that lack sufficient IT resources.

Key Differentiators

• Many different phone bundles available.
• Works with existing phones.
• 24/7 Customer Support.
• Caller ID and blocking.
• Call waiting.
• Last number redial.
• Email notifications for missed calls or new voicemails.
• Call forwarding, holding, and speed dialing.
• Three-way calling.
• No need to install hardware.

Dialpad

The Dialpad cloud communications platform has talk, messaging, meetings, and contact center in one app. It delivers AI across every employee and customer experience through real-time transcriptions, live agent coaching, and sentiment analysis. More than 73,000 businesses use it, including Domo, Motorola Solutions, Netflix, Splunk, T-Mobile, Twitter, Uber and WeWork.

Key Differentiators  

• This unified communications platform connects teams through voice, video, messages, and online meetings.
• Fast setup, hassle-free deployment, and the ability to provision and manage users with efficiency.
• Web Portal for administrators to set up and manage the platform, and individual users to control their own settings and profile.
• Dialpad’s APIs and webhooks provide call data and additional user management functionality.
• Syncs with Google G Suite or Office 365.
• Dialpad’s Chrome extension offers a Chrome dialer that lets users make calls from a web browser.
• Call analytics in Dialpad optimize call center performance to meet KPIs.
• A hosted contact center service is available.
• Features such as call queue, call center recording, interactive voice response, quality management, computer telephony integration, and call history.  

RingCentral

RingCentral VoIP is part of a secure cloud communications platform that eliminates the need for on-premises PBX hardware. With mobile apps, online meetings, and business SMS, all business communications can be managed with a computer or mobile device from any location. RingCentral provides simplified billing, free onboarding services, and 24/7 customer support as part of the service plan.

Key Differentiators

• RingCentral VoIP service is encrypted with secure voice between desk phones, RingCentral for Desktop, and, with VoIP calling enabled, the RingCentral mobile app.
• Protection from service interruption threats such as natural disasters, power outages, and malicious attacks.
• Carrier-grade reliability and security.
• Tier 1 network centers and 24/7 monitoring to ensure your service isn’t disrupted.
• Geographically dispersed data centers provide redundant layers of security — at the perimeter, at the service delivery layer, and with SSL-encoded web applications.
• Tools to check internet connection speed as well as instructions on how to configure routers properly.

Vonage

Vonage Business Communications (VBC) activates conversations worldwide across voice, SMS, team messaging, fax, social, video meetings, and more. Available for desktop and mobile, it also enables users to schedule meetings from their calendars. The company offers training and webinars. Users can record and share meetings.

Key Differentiators

• 99.999% uptime reliability and Quality of Service (QoS).
• 50+ business phone features within a flexible small-business phone system that runs on the internet.
• Supported in 40 + countries.
• Click-to-dial.
• Paperless fax.
• Call monitoring.
• Local or geographic number.
• Call flip.
• Virtual receptionist. 

Read next: Maximizing the Benefits of UCaaS

The post Best Business VOIP Providers appeared first on Enterprise Networking Planet.

Whatever study you review, the primary points of access are phishing emails that enable criminals to steal credentials, install malware, or initiate a ransomware attack. The emails of lower-level personnel are useful to cybercriminals, but they crave access to privileged accounts as that is where they can do real damage. Therefore, such accounts require more than just a watchful eye. That’s where PAM comes in. 

Key Features of Privileged Access Management

PAM is one of the fastest-growing areas in cybersecurity today, according to analyst firm KuppingerCole. The market is expected to be worth $5.4 billion by 2025. And the reason is simple. Forrester estimates that 80 percent of all cybersecurity breaches involve privileged credentials. No wonder there are so many companies keen to serve this market. 

PAM solutions vary from vendor to vendor. But they generally include the following: 

• Storing of the login credentials of privileged accounts in a secure repository.
• A specific authentication process to log into such accounts.
• Logging of who accesses what accounts and what was done with them.
• Monitoring of suspicious or malicious behavior.
• Severe restriction of high-level privileges to a small group of approved users that can override certain security restraints, such as shutdowns, loading or apps or drivers, network configuration, and provisioning.

The benefits of PAM include: 

• Visibility into the activities of privileged users, accounts, assets, and credentials. 
• The ability to spot inactive privileged accounts or those that belonged to personnel no longer with the company. 
• Compliance to regulatory and security requirements. 
• Safeguarding the organization against internal and external threats. 
• Condensing the attack surface of critical systems. 
• Reducing the propagation of malware.

Also read: Best Business Continuity Management Software Solutions

PAM Vendor Selection 

Here are some tips to aid in the selection of a PAM solution. 

• PAM is as much about policy as it is about technology. Therefore, establish your policy first and then look for technology that helps you to implement it. 
• Favor tools that help you centralize the management of privileged accounts. This is especially relevant to global firms or those operating multiple centers in different regions. 
• Narrow down to PAM tools that align with your existing security tool vendor mix, and with the operating systems and cloud environments in play. 
• Look for PAM tools that help you enforce least privilege rights for most users and that heavily restrict privileged access. This includes the elimination of admin rights on endpoints. 

Top PAM Solutions 

Enterprise Networking Planet reviewed the various PAM solutions out there. Here are our top picks, in no particular order: 

Thycotic Secret Server

Thycotic Secret Server is a multi-layered solution that provides protection for privileged access and credentials. It is designed for integration into an organization’s cybersecurity fabric. A private equity firm TPG capital owns the company and earlier acquired one of its biggest rivals Centrify. The plan is to eventually combine the two. 

Key Differentiators 

• Discover, manage, and delegate access to privileged accounts with role-based access controls, encryption, multi-factor authentication support, and centralized administration.
• Meet cyber security PAM best practices and regulatory obligations with immutable auditing and reporting, and event-driven email alerts.
• Easy installation and user experience.
• Discovery of local and service accounts across an organization along with additional features such as automation, auditing, reporting and alerts, secret workflow, session monitoring and control, and custom script support. 
• Wizard-driven setup and a knowledge base built to enable self-service. 
• Secret Server Cloud can be incorporated alongside existing employee processes, allowing for integration into existing systems. 

Beyond Trust 

BeyondTrust Universal Privilege Management (UPM) allows customers to start with the use cases that are most critical to their organization and expand over time. It integrates privileged credential management with endpoint and remote access security and is non-intrusive to users.

Key Differentiators 

• BeyondTrust has a customer base of over 20,000. 
• UPM can be implemented as a standalone solution.
• It offers session auditing, least privilege management, and monitoring. 
• Session logging allows for the review of all end system and network interactions, detailing remote and third-party users involved, which endpoints they connected to, and system information. 
• Enables credential injection, eliminating the need for privileged users to remember or checkout credentials for the systems they need to access. 
• Available as on-premises and private cloud, as well as a SaaS/PaaS hosted offering.

CyberArk 

CyberArk Privileged Access Management addresses various use cases to secure privileged credentials and confidential information on-premises or in the cloud. It makes it possible to continuously discover and manage privileged accounts and credentials, isolate and monitor privileged sessions and remediate risky activities across environments.

Key Differentiators 

• The ability to secure privileged identities, whether human or machine, in a tamper-resistant repository.
• Meet internal requirements, manage access, and maintain a centralized, tamper-proof audit.
• Securely authenticate users with VPN-less access from a single web portal.
• Automatically discover and onboard privileged credentials. 
• Centralized policy management allows administrators to set policies for password complexity, frequency of password rotations. 

Centrify Server Suite

Centrify Server Suite addresses how organizations secure privileged access across hybrid- and multi-cloud environments. It allows humans and machines to authenticate, enforcing least privilege with just-in-time privilege elevation. It comprises three core products to protect Windows, Linux, and UNIX. Private equity firm TPG capital owns the company and recently acquired one of its biggest rivals Thycotic. Currently, both tools are being sold separately, but they are likely to be combined in the near future. 

Key Differentiators 

• Centrify Authentication Service extends Active Directory (AD) benefits to Linux and UNIX by natively joining them to AD for access controls in hybrid environments using identity entitlements. 
• Identities can be consolidated and many local privileged accounts can be removed. 
• Centrify Privilege Elevation Service grants just enough, just-in-time privileged access with policy enforcement controls to increase security and accountability. 
• Centrify Audit and Monitoring Service offers visibility into all privileged activity by recording and managing the IT estate. 
• Detects suspicious user activity with real-time alerts to stop breaches in progress. 
• Host-based auditing on each target system ensures cyber-attackers can’t bypass session recordings.
• Privilege elevation capability complements password vaulting. The combination empowers organizations to achieve a more mature PAM posture that enforces least privilege, removes reliance upon shared passwords, consolidates identities, and enforces role-based access controls.
• These capabilities are also available in Centrify Cloud Suite as a SaaS-delivered service to govern and control access to hybrid-cloud or multi-cloud hosted IT infrastructure.

ManageEngine 

ManageEngine offers a wide array of PAM solutions for Active Directory, Microsoft 365, and Exchange management and reporting. These help to manage privileged user accounts, administrative access to critical IT assets, and compliance mandates. IT can use it to provision, and monitor access to both applications and data. 

Key Differentiators 

• Manage digital identities across the IT environment and regulate access to critical resources.
• Provision users across multiple platforms.
• Control, track, and audit access to applications and data.
• Strictly govern privileged access to critical IT systems.
• Prevent privilege escalation with role-based access control.
• Enterprise single sign-on. 
• Enterprise credential vault.
• Secure remote access and session recording.
• Privileged user behavior analytics.
• SSH key management and SSL certificate management.
• Application credential security. 

Arcon 

Arcon PAM offers access control features, granular controls, and Just-in-time (JIT) privileged access to enforce the principle of least privilege in IT environments. It is used by more than 1000 global organizations, spanning many different industries. 

Key Differentiators 

• Implement privileged access practice on a need-to-know and need-to-do basis. 
• Automate and secure password changing process and frequently randomize privileged passwords. 
• Spot threats and mitigate risks on a real-time basis to secure privileged access environments. 
• Reduce the threat surface by removing standing privileges to systems and applications. 
• Securely allow one-time access to critical systems without sharing privileged credentials. 
• Audit trail of privileged activities, reports and analytical. 

Hitachi ID Systems

Hitachi ID Bravura Privilege provides frictionless, elevated, and time-limited access to reduce IT security risk and enhance accountability. It is part of the Hitachi ID Bravura Security Fabric that also includes Identity, Pass, Group, and Discover modules. 

Key Differentiators

• Supports over a million daily password randomizations. 
• Facilitates access for thousands of authorized users, applications, and systems through a geo-redundant architecture. 
• Document every disclosure of access to every privileged account through custom reports.
• Integrate with every client, server, hypervisor, database, and application, on-premise or in the cloud. 
• Replaces shared and static passwords tied to privileged accounts with periodically new and random values based on robust password policy controls. 
• It can enforce multiple scheduled or event-triggered password policies on fixed IT assets, laptops, and rapidly provisioned virtual machines. 
• Securely Store Credentials to prevent unauthorized disclosure. 
• Distributed active-active architecture that replicates in real time across all instances. 
• Data at rest and in transit is encrypted using a 256 AES encryption key.

One Identity

One Identity PAM is available as a SaaS-delivered or traditional on-prem offering. It can secure, control, monitor, analyze, and govern privileged access across multiple environments and platforms. Additionally, it has the flexibility to provide full credentials when necessary or limit access to zero trust and least-privileged operating models.

Key Differentiators

• Control, monitor, and record privileged sessions of administrators, remote vendors, and high-risk users. 
• Session recordings are indexed to accelerate searching for events. 
• Automated reports to meet auditing and compliance requirements.
• Automate, control, and secure the process of granting privileged credentials with role-based access management and automated workflows. 
• Manage passwords from anywhere with nearly any device.
• Analyze privileged session recordings to identify high-risk privileged users. 
• Monitor questionable behaviors and other anomalies.
• For UNIX and Windows servers and desktops.

WALLIX

WALLIX Bastion PAM delivers oversight over privileged access. It helps to reduce the attack surface and meet regulatory compliance requirements. Manage, control, and audit access to network assets, ensuring that only the right person has access to the right IT resources.

Key Differentiators

• Deliver secure remote access to IT admins and external providers via HTML5-based secure connectivity accessible from any browser. 
• Eliminate the need for RDP, SSH, or telnet connections. 
• Remote Sessions benefit from the same level of control, approval, tracking and monitoring as internal sessions, enabling IT supervisors to control, audit and analyze all privileged access from anywhere.
• Just-in-Time (JIT) and zero standing privileges policies.  
• With the WALLIX Bastion REST API, users may access any of the features of the Bastion as if they were accessing it from the usual user interface.

Read next: Democratizing IT for Rapid Digital Transformation

The post Top 9 Privileged Access Management (PAM) Solutions in 2023 appeared first on Enterprise Networking Planet.

For this guide, though, we focus on software that facilitates business continuity management (BCM), particularly on the IT side. There are a great many vendors operating in this space, and many of them also offer disaster recovery (DR) solutions, backup, archiving, and more. 

Key Features of BCM Software 

Generally speaking, the key features that enterprise users expect in business continuity software include: 

• Automation: Enterprise users have enough complexity to deal with in their daily work, and they don’t want to have to worry about complexity when there’s a disaster. They want their business continuity solution to automatically recover data quickly so they can keep the business running. During a disaster there a lot of moving parts: without automation human errors can cause a problem with one of these moving parts. 
• Unified Coverage: All of these moving parts are why unified coverage is important. Business continuity solutions that provide enterprise users with a single view across their data estate allow them to ensure that all of their moving parts are moving in lockstep together. If they try to use multiple tools or products for business continuity, each with its own incomplete view of their data estate, they risk having some workloads or data sets fall through the cracks. 
• Replication/Failover: A core function is being able to continue functioning if one data center or server room goes down. Some software helps companies seamlessly failover to another facility. Others use replication so that the data is mirrored to another location. 

Continuity Software Vendor Selection Tips 

When selecting BCM software, there are certain important factors to consider. These include: 

• Backup is Not Enough: Data is the lifeblood of business but now lives in more places than ever before, is time-consuming to manage, and is under daily attack from cybercriminals and occasionally abused by employees. Backup alone is no longer enough. To address these challenges, IT pros need a business continuity and disaster recovery solution that can address all workloads no matter where they live, provides end-to-end protection against cybercrime and human error, injects automation and artificial intelligence to simplify complex systems, and empowers teams to work on more important projects that move their organization forward. 
• Automation: The best BCM software offers automation. Why scramble from screen to screen and perform endless grunt work when much of the drudgery can be eliminated by automation. 
• Testing: BCM and disaster recovery testing is vital. The last thing you want is to try to recover from a disaster and find out that your BCM software and recovery plan don’t work. Testing regularly helps to eliminate the risk of data loss and downtime by guaranteeing not only recovery, but recovery within defined recovery time objective (RTO) and recovery point objective (RPO). Good BCM software facilitates the ability to test rigorously.
• Reporting: Automated reports should offer actionable insights and essential documentation that can be shared with compliance auditors, as well as service-level agreements (SLAs) that guarantee data recovery within contracted times. 
• Good support: Check out how well prospective companies support you, especially during a disaster. 

Also read: Democratizing IT for Rapid Digital Transformation

Top BCM Vendors 

The vendor landscape scales from BC add-ons to existing backup applications, to cloud-based solutions, and full-fledged backup infrastructure with related software that can failover in the event of a disaster. For our top picks of BCM software, we included some from each category. Here they are, in no particular order: 

Commvault DR 

Commvault Disaster Recovery provides automation and orchestration for data resiliency and disaster recovery. Built on Commvault’s core Intelligent Data Services platform, it enables organizations to ensure business continuity with broad workload coverage. Also, enterprise users can test and verify data recoverability with ease.  Commvault DR is scalable, supports data recovery across hypervisors and clouds, and provides enterprise users with flexibility when it comes to where they recover their data.  

 Key Differentiators 

• Flexible configurations for different SLAs. 
• Automated processes that enable “one-click” failover and recovery operations. 
• Recovery validation and SLA reporting that ensure users can recover data in compliance with SLAs. 
• Ability to support rapid “cloud burst” recovery of workloads.  
• Near-real time replication of workloads, allowing users to meet tight RTO and RPO requirements. Integration with storage array snapshots to enable rapid capture and granular recovery of data. 
• Application awareness to drive consistent recovery of mission critical applications. 
• Unified code base makes it easy for Commvault DR to protect and recover new and emerging technologies. 

Unitrends 

Unitrends, a Kaseya company, brings expertise gained from more than 30 years in backup and recovery. Its centralized platform allows users to manage backup and recovery for data centers, endpoints, cloud and software-as-a-service (SaaS). The latest feature, known as Helix, eliminates failed backups due to environmental issues normally outside the control of a backup solution. It can monitor, detect, and remediate conditions in the production environment that may impact a successful backup. As a side effect, users have interrupted malware trying to cause backups to fail by messing with Windows services. 

Key Differentiators

• Brings together backup and DR with automation and security. 
• The platform is wrapped with data loss and downtime protections including ransomware detection, dark web monitoring for stolen credentials to eliminate account takeover attacks, and phishing defense tools. 
• Automated DR testing, auto-remediation of production errors to eliminate backup failures, bespoke alerting and white-glove DRaaS for invisible failover in case of an outage or disaster. 
• Adaptable licensing model which protects investment and no vendor lock in. 
• Available as an all-in-one, scalable physical appliance (Recovery Series) or a virtual appliance (Unitrends Backup) which can run on VMware vSphere, Microsoft Hyper-V, Nutanix AHV, or be deployed as a virtual machine (VM) within the Microsoft Azure or Amazon Web Services cloud. 

Also read: Top APM Tools & Software

Microsoft Azure Site Recovery 

Microsoft Azure Site Recovery has an extensive global presence, integration with other Microsoft platforms, low cost, and unlimited, pay-as-you-go testing. It is especially suitable for x86 environments. You can set up Azure Site Recovery by replicating an Azure VM to a different Azure region directly from the Azure portal. As an integrated offering, Site Recovery is automatically updated with new Azure features as they’re released. 

Key Differentiators 

• Minimize recovery issues by sequencing the order of multi-tier applications running on multiple virtual machines. 
• Ensure compliance by testing DR plans without impacting production workloads or end users. 
• Keep applications available during outages with automatic recovery from on-premises to Azure or Azure to another Azure region. 
• Compliance with industry regulations such as ISO 27001 by enabling Site Recovery between separate Azure regions. 
• Scale coverage to as many business-critical applications as needed. 
• Replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. 

Veritas Availability

Veritas provides enterprise data services focused on application availability, protection, and analytics. The integration of Veritas data protection, resiliency, high availability, and storage management solutions provides a continuum of availability that enables a unified, enterprise-wide resiliency strategy. Veritas provides a single source of visibility, automation, and control based on advanced integration between platforms.

Key Differentiators

• Eliminates multiple point solutions for application availability and resiliency. 
• Provides visibility into availability and resiliency status across all business applications from a single interface. 
• Manages availability and resiliency for applications of any type. 
• Choose the level of protection required based on an application’s business impact. 
• Automated availability management for multi-tiered business applications. 
• Visibility and reporting on availability and resiliency status across the entire organization. 
• Offers InfoScale, a software-defined optimization solution for mission-critical applications that abstracts applications from their underlying hardware and software resources. 
• Offers a software-defined DR and resiliency orchestration solution for physical and virtual systems that enables automated resiliency and disaster recovery for data centers and both hybrid and multicloud environments. 

SunGard AS 

Sungard Availability Services (AS) disaster recovery solutions are backed by SLAs, scalable, and based on business goals. With 40 years’ experience in BC, the company is comfortable with data center migrations and complex hybrid environments. Sungard AS offers resilient, hardened data and recovery centers in 45 locations worldwide.

Key Differentiators

• Sungard AS network of facilities span the globe’s key financial and business hubs. 
• Low latency and high performance. 
• A partnership with Megaport enables workloads to connect securely to hundreds of cloud providers. 
• Global network of 24 resilient data centers underpinned by carrier-neutral connectivity.

IBM Resiliency Services

IBM offers a vast range of services, solutions, and technologies for BCM and DR, including backup as a service (BUaaS), disaster recovery as a service (DRaaS), cyber resilience service, and IT resilience orchestration (ITRO). The company offers reliable recovery of applications and data within defined RPOs and RTOs. It can also mitigate the impact of cyber disruption with an orchestrated resilience approach. In addition, business continuity management consulting services are available to identify and address resiliency synchronization between business processes, applications, and IT infrastructure. 

Key Differentiators

• Rapid failover and failback for compute environments across physical, virtual, cloud and legacy layers. 
• Cloud landing zones for failover to achieve improved agility, flexibility, and cost efficiency.
• Consultants are available to provide flexible business continuity and disaster recovery consulting including assessments, planning and design, implementation, testing, and full business continuity management.
• Further services include IBM IT Infrastructure Recovery Services to help businesses identify risks and ensure they are prepared to detect, react, and recover from a disruption.
• The IBM Cyber Resilience Services approach uses advanced technologies and best practices to help assess risks, prioritize and protect business-critical applications and data. 
• IBM Disaster Recovery as a Service (DRaaS) provides continuous replication of critical applications, infrastructure, data and systems for rapid recovery after an IT outage. 

Acronis Disaster Recovery 

Acronis offers comprehensive BC protection for managed service providers as well as BC solutions for enterprises as an extension of its backup platform. It enables companies to run mission-critical applications constantly, even when the production environment is down, and achieve the best RTO and RPO by quickly adding virtual machines in the Acronis Cloud and hosting replicas of the applications.

Key Differentiators

• Test failover and failback of protected data, systems, and applications. 
• Encrypt backups, extend multiple networks, and track RPO in real-time.
• One infrastructure protection with one integrated solution for any environment, on-premises, remote systems, or the cloud. 
• In the event of disaster, quickly failover and run in Acronis Cloud.
• Customization of RPO for each application and data set. 
• Application-level replication.

Carbonite 

Carbonite provides a portfolio of data protection, BCM, and DR offerings for businesses including Carbonite Endpoint, Carbonite Backup for Microsoft 365, Carbonite Server Backup, Carbonite Availability and Carbonite Recover. Carbonite helps businesses reduce or eliminate the high cost and disruptive effects of data loss and downtime and achieve comprehensive protection for all types of business data.  

Key Differentiators

• Carbonite Endpoint is automatic backup for all endpoint devices and the data that resides on them. It simplifies administrative tasks, protects data, mitigates data loss and data breaches, and restores lost data quickly. 
• Carbonite Backup for Microsoft 365 offers backup of all Microsoft 365 applications. 
• Centralized management allows you to create granular policies for what should be protected, as well as run backups up to four times per day, with flexible retention options. 
• Restore granular data, including mailboxes, conversations, and projects. 
• Perform site-level rollback. 
• Carbonite Server is an all-in-one, server backup and recovery solution for physical, virtual and legacy systems. 
• Carbonite and Webroot are creating an online security offering to fight cybercrime and protect users. 
• Carbonite Recover is a DRaaS offering that securely replicates critical systems from a primary environment to the Carbonite cloud. 
• Carbonite Availability enables organizations to maintain high availability of Windows and Linux servers by preventing downtime and data loss. 
• Continuous, byte-level replication maintains a secondary copy without taxing the primary system or network bandwidth. 

Zerto 

The Zerto platform enables an always-on customer experience by simplifying the protection, recovery, and mobility of applications and data across private, public, and hybrid clouds. Built for enterprise scale, its software-only platform uses continuous data protection to converge disaster recovery, backup, and data mobility. Users can failover to any secondary location (on-premises, public cloud, or service providers) without data loss. 

Key Differentiators 

• Zerto Continuous Data Protection (CDP) eliminates periodic backups and snapshots, bringing always-on replication to perform disaster recovery and data protection.

• Always-on Replication by continuous capture and tracking of data modifications.
• Every change made is automatically written into a journal with a granularity of seconds, so you can rewind to a point in time immediately before an incident.
• Consistent recovery of multi-VM applications for accelerated RTOs. 
• Automated, simple workflows for all recovery, restore, move, and failover operations from entire data centers to single file. These workflows unlock RTOs of minutes, even for ransomware. 

Read next: The Growing Value of Enterprise Architects

The post 9 Best Business Continuity Management Software Solutions for 2023 appeared first on Enterprise Networking Planet.

UTM became particularly popular in the small and mid-sized enterprise market as it saved them having to evaluate, purchase, deploy, and train personnel on multiple best-of-breed tools. It also saved on the money side as choosing one security platform tended to come with a nice discount.  

The offerings vary considerably from vendor to vendor based on their existing product strengths, partnerships, acquisitions, and development roadmaps. Most include firewalls, intrusion prevention/detection systems (IPS/IDS), and secure gateways. Often, they also deal with remote access, routing, WAN connectivity, threat intelligence, and more. But it all depends on the vendor, what it has in its security arsenal, and what it can cobble together via acquisitions. 

Also read: Taking the Unified Threat Management Approach to Network Security

Key Features of UTM 

A Gartner analysis of UTM tools noted the following features in use, as well as their frequency: 

• Firewall (100%)
• URL filtering (77%)
• IPS (70%)
• Web antivirus (51%)
• IPsec (63%) 
• SSL, application control and virtual private networking (VPN) (46%)
• User control, QoS, and anti-spam (41%)

As you can see, there is plenty of room for variation in this market. 

UTM Buying Tips 

Here are some tips to help in product evaluation and selection: 

• As each vendor incorporates different tools in their software suites or UTM appliances, buyers should start with the features they need and then match UTM products up against those specific features. 
• The evolving threat landscape means firewalls and UTM products need to do more than ever before. As well as core functions above, ask about how the prospective vendor is incorporating new tools to stop complex, evolving attacks, how their tools can share threat intelligence with other security systems to automatically identify and isolate infected machines, and how they are incorporating analytics. 
• Investigate the degree of integration. Some tools are highly integrated. Others are just packages tied loosely together that really only integrate on the front end. 
• A feature that is growing in importance is to be able to parse the mountain of information collected, correlate data with other systems, and highlight critical information or threats that require action. But not all vendors offer this. If it is important to you, insist vendors demonstrate that such functionality is available now, not merely promised on a nebulous roadmap.

Also read: Understanding and Preventing Zero Day Threats

Top UTM Vendors

Enterprise Networking Planet considered multiple vendors. Here are our top picks for UTM, in no particular order: 

• Sophos Firewall
• Fortinet NGFW
• Cisco Meraki NGFW
• WatchGuard UTM  
• Untangle zSeries Appliances 
• SonicWall UTM 
• Barracuda CloudGen
• Check Point Quantum

Sophos Firewall

Sophos Firewall combines the features of firewalls and UTM to offer network security with insights into network activity. It provides visibility into risky users, unwanted applications, suspicious payloads, and persistent threats. It integrates a suite of threat protection technologies that are easy to set up and maintain. And the Sophos Firewall communicates with other security systems on the network, enabling it to become an enforcement point to contain threats and block malware from spreading or exfiltrating data out of the network.

Key Differentiators

• Sophos Firewall includes full-featured email anti-spam, encryption, and DLP along with a web application firewall. 
• It integrates with various VPN technologies to enable remote workers to securely connect with applications and data.
• Visibility into risky activity, suspicious traffic, and advanced threats.
• Deep learning and intrusion prevention to keep networks secure.
• Automatically identifies and isolates compromised systems to stop threats from spreading.

Fortinet NGFW

Fortinet offers a range of UTM products as part of its FortiGate and FortiCloud lines. These appliances provide high-performance, multi-layered security, and unified visibility while reducing complexity. They leverage dedicated security processors and provide wireless access point controller, switch controller, integration, software-defined wide area network (SD-WAN), NGFW, IPS, anti-virus, Web filtering, content filtering, DLP, VPN tunnel endpoint (SSL and IPSec), SSL inspection, and advanced threat protection capabilities. 

Key Differentiators

• Next-generation firewalls (NGFWs) filter network traffic to protect from internal and external threats. 
• Deep content inspection to identify attacks, malware, and other threats. 
• SSL inspection, application control, intrusion prevention, and visibility across the attack surface. 
• FortiGate Next-generation Firewalls are powered by purpose-built security processing units (SPUs), including the latest NP7 (Network Processor 7). 
• Inspection of traffic at hyperscale as it enters and leaves the network. 
• FortiGate NGFWs can communicate within the Fortinet security portfolio as well as third-party security solutions in a multivendor environment. 

Cisco Meraki NGFW

Cisco Meraki’s layer 7 next-generation firewall, included in Cisco MX security appliances, gives administrators control over the users, content, and applications on their network. The Cisco Meraki proprietary packet processing engine analyzes network traffic up to and including layer 7, using fingerprinting to identify users, content, and applications. Each network flow is categorized and access control policies are enforced. 

Key Differentiators 

• By classifying traffic at layer 7, it controls evasive, encrypted, and peer-to-peer applications, like BitTorrent or Skype, that cannot be controlled by traditional firewalls. 
• Cisco Meraki’s next generation firewall is included in all wireless access points and security appliances.
• Integrated IDS/IPS engine based on Sourcefire Snort.
• Using a combination of signature, protocol and anomaly based inspection methods ensures network security. 
• Device-aware access controls enable administrators to ensure the appropriate level of network access for each class of devices. 

WatchGuard UTM

WatchGuard UTM encompasses a stateful packet firewall backed by an array of scanning engines to protect against spyware and viruses, malicious apps, and data leakage. There are many aspects to the company’s UTM offerings. The Basic Security Suite includes all the traditional network security services typical to a UTM appliance: intrusion prevention service, gateway antivirus, URL filtering, application control, spam blocking and reputation lookup. It also includes centralized management and network visibility capabilities, as well as support. 

Key Differentiators

• Protects against ransomware, botnets, advanced persistent threats, and zero day malware. 
• Addresses threat prevention, detection, correlation, and response. 
• Unified security controls. 
• Multi-core processing delivers high throughput. 
• WatchGuard Host Sensor, available through Threat Detection and Response, provides continuous event monitoring, detection and remediation of threat activity on the endpoint. 
• WatchGuard Cloud Visibility and Dimension takes data from all devices across the network and presents that data as actionable information. 

Untangle zSeries Appliances

Untangle zSeries appliances are shipped with NG Firewalls pre-installed and are ready for provisioning and configuration. It provides network security from branch offices to headquarters and its features span many of the UTM elements. Appliances range for those for small networks, all the way to large enterprises. 

Key Differentiators

• The z4 appliance is for smaller networks, branch offices, or retail locations that need a network security solution that works out of the box. It performs well under heavy workloads like content filtering, intrusion prevention, and VPN encryption. 
• The z12 delivers next-generation firewall features for mid-to-large-sized offices. This appliance offers fiber connectivity for increased performance and security. 
• The z20 is the largest Untangle appliance, ideal for large campuses and headquarters with 500-3,000 users. 
• Multiple high-speed interfaces, fiber connectivity, fast processing and ample memory allow this 1U rackmount appliance to support large-sized organizations while exceeding expectations for both security and performance.

SonicWall UTM

SonicWall’s approach to UTM creates a security environment that delivers firewalling, content protection, anti-virus, anti-spam, and intrusion prevention on a single hardware platform. Protection starts at the gateway, and blocks both internal and external threats, at multiple access points and at all network layers.

Key Differentiators

• SonicWall Reassembly-Free Deep Packet Inspection (RFDPI) goes beyond stateful inspection of the network layer, by also inspecting the application layer for attacks on application vulnerabilities. 
• Scans over 50 application types, as well as multiple protocols, including SMTP, POP3, IMAP, FTP, HTTP and NetBIOS. 
• Matches all downloaded, e-mailed, and even compressed files against a continuously updated signature database, scanning in real time to block hidden threats.
• Eliminates rebooting after the signature file update. 
• SonicWall UTM has built-in gateway anti-virus, anti-spyware, anti-spam, and intrusion prevention as part of SonicWall E-Class NSA, NSA and TZ Series gateway appliances. 
• Built-in SD-WAN.

Barracuda CloudGen

Barracuda CloudGen Firewalls provide multiple layers of protection, including cloud-based sandboxing that stops traditional threats and advanced threats without impacting network performance. They can be deployed across multiple physical locations as well as in Microsoft Azure, AWS, and the Google Cloud Platform. Centralized management ensures that you can maintain a consistent security posture across your entire network perimeter.

Key Differentiators 

• Barracuda Advanced Threat Protection is a cloud-based service that provides protection against ransomware, malware, and other cyberattacks. 
• Multiple layers of detection including signature, static, behavioral analysis, and sandboxing.
• Real-time network protection against a range of network threats that can bypass traditional firewall security.
• Combines Deep Packet Inspection and behavioral analysis to detect and classify thousands of applications and sub-applications.
• CPU emulation-based sandbox eliminates any attachment that is not addressed by preceding layers of advanced threat signatures, behavioral and heuristic analysis, and static code analysis. 
• Connected to Barracuda’s global threat intelligence network to provide real-time protection from the latest threats. 
• Barracuda’s firewalls can be deployed across multiple physical locations as well as in Microsoft Azure, AWS, and Google Cloud Platform.

Check Point Quantum

Check Point Quantum Network Security provides scalable protection against cyberattacks against the network, cloud, data center, IoT applications, and remote users. These NGFW Security Gateways combine SandBlast threat prevention, hyper-scale networking, a unified management platform, remote access VPN and IOT security.

Key Differentiators 

• Check Point Infinity is a consolidated cyber security architecture that protects business and IT infrastructure against mega cyberattacks across all networks, endpoint, cloud, and mobile. 
• Threat prevention seals security gaps and enables automatic threat intelligence sharing across all security environments. 
• Includes powerful security features such as firewall, IPS, anti-bot, antivirus, application control, and URL filtering. 
• SandBlast Threat Emulation and Threat Extraction offers protection against sophisticated threats and zero-day vulnerabilities. 
• Cloud-based Threat Emulation engine detects malware at the exploit phase before hackers can apply evasion techniques attempting to bypass the sandbox. 
• Files are quarantined and inspected, running in a virtual sandbox to discover malicious behavior before it enters the network. 

Read next: Best Firewall Software for Enterprise Networks

The post Best UTM Software: Unified Threat Management Companies appeared first on Enterprise Networking Planet.