Internet of Things Archives - Page 8 of 15 - Appunti dalla rete

SeroXen Incorporates Latest BatCloak Engine Iteration

By: Peter Girnus, Aliakbar Zahravi
June 15, 2023
Read time: 7 min (2020 words)

We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion capabilities and interoperability with other malware.

The recent rise of highly sophisticated malware’s ability to evade detection through fully undetectable (FUD) capabilities, low-cost financial accessibility, and minimal skill barriers have created a pervasive threat targeting online communities and organizations. One particular malware known as SeroXen has deployed an advanced, fully undetectable (FUD) technique via highly obfuscated batch files to infect victims with hVNC-(Hidden Virtual Network Computing) capable malware.

This entry is the second installment of a three-part series featuring BatCloak engine, its iterations, and inclusion in SeroXen malware as the main loading mechanism. The first entry, titled “The Dark Evolution: Advanced Malicious Actors Unveil Malware Modification Progression,” looked into the beginnings and evolution of the BatCloak obfuscation engine. The third part of this series, “SeroXen Mechanisms: Exploring Distribution, Risks, and Impact,” analyzes the distribution mechanism of SeroXen and BatCloak, including the security impact and insights of FUD batch obfuscation. As of this writing, a quick online search for SeroXen will show top results for an official website and social media and sharing pages with videos on how to use the remote access trojan (RAT) as if it were a legitimate tool. We will go over these dissemination strategies in the subsequent entry.

SeroXen’s FUD batch patterns

To attain FUD status, the obfuscation patterns employed in SeroXen have shown multilayered tiers in its evolution, evolving from notable predecessors such as Jlaive, BatCloak, CryBat, Exe2Bat, and ScrubCrypt. Notably, the author of these FUD tools is acknowledged as a contributor in various instances, including attributions present on the main SeroXen website and forum posts authored by the individual behind SeroXen.

Examining the SeroXen infection chain

fig1-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 1. SeroXen infection chain

To successfully initiate the infection process, the targeted user is lured into executing a batch file. These lures are often presented as software-specific to enthusiast groups such as gaming communities. The infection process’ efficiency is enhanced because of the batch file’s FUD capability.

We found a compilation of compromised archives associated with cheats pertaining to prominent game titles. Each of these archives harbors a highly obfuscated batch file that serves as the infection vector initiating a SeroXen infection. Alarmingly, none of the archives exhibited any form of security solution detection. In most instances, these malicious archives are hosted on the Discord CDN (content delivery network) catering to specific interested communities, but they could also be hosted on any number of cloud storage options as well as special interest forums.

Taking a visual representation of a SeroXen sample submitted to a public repository under the false pretense of being a popular online video game cheat, the sample showcases the comprehensive concealment capabilities inherent. Through investigative analysis, we found a consistent pattern in the dimensions of SeroXen’s obfuscated batch files, which commonly exhibit sizes ranging from approximately 10MB to 15MB.

fig2-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 2. Gaming lures with no detections

Analyzing the obfuscation patterns deployed by SeroXen

To develop a comprehensive understanding of the obfuscation algorithm utilized within SeroXen, we conducted an in-depth examination on a multitude of heavily obfuscated batch files. The figure sample exhibits an obfuscated SeroXen batch payload camouflaged under the guise of a Fortnite hack.

fig3-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 3. SeroXen obfuscated batch payload

The batch obfuscation patterns implemented by the SeroXen FUD algorithm can be summarized as follows:

Suppression of console output through the inclusion of the directive “@echo off”
Utilization of sophisticated string manipulation techniques to obfuscate the initial “set” command
Assignment of the “set” command to a user-defined variable
Assignment of equal operations (“=”) to a user-defined variable
Utilization of steps 3 and 4 to assign values to the additional user-defined variables
Concatenation of variables at the conclusion of the obfuscation process to construct a command, which is subsequently executed

Furthermore, our investigation showed that the implementation of layered obfuscation techniques alongside the incorporation of superfluous code fragments or “junk code” were employed to impede the analysis of the batch file hindering detections.

Summary of commands executed during the SeroXen infection process

We break down the core commands concatenated and executed in order to infect the victim as follows:

Ensure all batch commands run are suppressed with “@echo off”
Copy the PowerShell executable from System32 to the current directory
Set the current directory
Name this copied PowerShell after the batch filename with an appended .exe, such as <mal_bat>.exe
Use the PowerShell command to decrypt and execute the encrypted payload
Build the final PowerShell command used to decrypt the final payload
Use the static operator to decrypt the final payload

Analyzing the deobfuscated SeroXen batch files

During our technical analysis of FUD-enabled SeroXen batch payloads, we were able to deobfuscate the commands associated with its execution and patch key points in its operation to dump the deobfuscated version.

fig4-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 4. Deobfuscated SeroXen batch payload

If we compare the deobfuscated sample presented with the highly obfuscated sample (Figure 3), we can demonstrate the core function of the batch script: to generate a series of set commands in an obfuscated manner to evade detection. We see the result of the numerous obfuscated set commands in its deobfuscated equivalent. Throughout the obfuscated batch file, numerous variables are concatenated together to be executed.

fig5-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 5. Deobfuscated SeroXen PowerShell commands

Analyzing the final PowerShell decryption command

The PowerShell command to be executed in the FUD obfuscated batch file is a series of hidden PowerShell commands used to decrypt and deliver the .Net loader.

fig6-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 6 . Final PowerShell command executed in the SeroXen batch file

The deobfuscated sequence of PowerShell commands decrypt the payload and employ an assembly reflection mechanism to reflectively load it. The essential characteristics of the final sequence of PowerShell commands include:

Decode payload using Base64
Decrypt payload using AES OR XOR algorithm. In the case of AES:
- Instantiate an AES decryption object with the cipher block chaining (CBC) mode
- Use a Base64 blob for the key and IV
Unzip the payload
Reflectively load the payload

From the next figure, we demonstrate how the C# loader is decrypted from the deobfuscated batch files, after which we unzip the decrypted archive to drop the .Net binary.

We decoded the payload using Base64, which is then AES-decrypted using the deobfuscated Key and IV and finally gunzipped to reveal the .Net loader. This payload is then loaded into memory using reflection.

fig7-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 7. Using Python to decrypt the .Net loader

Deep dive into SeroXen builder

fig8-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 8. Obfuscated builder

The SeroXen builder binary file is protected by the Agile .NET. After unpacking the functions and builder resources, this section shows that SeroXen is a modified version of Quasar RAT with a rootkit and other modifications, such as adopting the loader builder Jlaive and BatCloak obfuscation engine to generate a FUD .bat loader. The evolution and technical analysis of Jlaive and BatCloak was discussed in part 1 of this series.

fig9-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 9 . Unpacked builder resources (left) and builder function names (right) a modified version of Quasar RAT in its arsenal

fig10-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 10. SeroXen builder adopting Jlaive and BatCloak source codes

As of this writing, SeroXen offers monthly and lifetime key options for purchase online, as well as instructions for using the RAT. We go over this in detail in the third installment of this series as part of the cybercriminals’ distribution strategies.

fig11-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 11. SeroXen builder usage instruction

SeroXen payload generation process

Upon pressing the “build” button, the builder writes the user-given configuration to the pre-compiled file called “client.bin,” and this produces the Quasar RAT payload and passes it to a function called “Crypt.”

fig12-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 12. SeroXen vs Quasar RAT payload generation

The Crypt function employs the Jlaive crypter multi-stage loader generator and BatCloack obfuscator source code to produce undetectable loaders. This function first reads the Quasar RAT payload content and verifies if it is a valid .NET assembly. Crypt then patches some string and opcode within the binary and encrypts it using the AES algorithm with CBC cipher mode, and saves it as “payload.exe.”

fig13-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 13. Payload encryption and obfuscation process

Much like a Jlaive crypter, the builder takes in user configuration and produces the first loader. This is achieved using a C# template file, “Quasar.Server.Stub.cs,” found embedded within its resources. The author has integrated an extra functionality in this adapted version of the Jlaive CreateCS function such as API unhooking.

fig14-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 14. Create C# loader

Apiunhooker.dll is an open-source project called “SharpUnhooker,” which is a C#-based universal API unhooker that automatically Unhooks API Hives (i.e., ntdll.dll, kernel32.dll, advapi32.dll, and kernelbase.dll). This technique is used to attempt evading user-land monitoring done by antivirus technologies and/or endpoint detection and response (EDR) solutions by cleansing or refreshing API DLLs that loaded during the process.

The builder subsequently compiles the C# loader stub, adding necessary files and dependencies such as encrypted Quasart RAT (payload.exe) and SharpUnhooker (Apiunhooker.dll) to its resources.

fig15-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 15. C# loader compilation

Next, the builder compresses the C# loader, encrypts it using AES/XOR (depending on the configuration), and encodes it in Base64. Finally, it creates a batch file and includes the encoded C# loader binary into it. It also manages the compression, decoding, and decryption processes using an obfuscated PowerShell script, which is also appended to the batch file.

The batch file’s role is to deobfuscate the PowerShell script and execute it. This PowerShell script scans the content of the batch file for the value following “::“, extracts this value, decodes it, decompresses it, decrypts it, and finally executes it in memory.

fig16-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 16. Creating and writing encrypted data to a batch file, and deleting temporary files

fig17-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 17. Generating an obfuscated batch loader (top) and PowerShell loader (bottom)

Two PowerShell templates, “Qusar.Server.AESStub.ps1” and “Quasar.Server.XORStub.ps1,” exist in the resource section of the builder. Depending on the configuration, one of these will be loaded and utilized.

fig18-seroxen-incorporates-latest-batcloak-engine-iteration — Figure 18. PowerShell stub

Conclusion

In this entry, we include a Yara rule that organizations and security teams can use to detect SeroXen obfuscated batch files. Additionally, here’s a PowerShell script that can reveal the final deobfuscated batch file and commands to be run. It is critically important that this PowerShell script be run in an isolated malware sandbox. This script can be used to deobfuscate the SeroXen batch file where security teams can inspect its output file for the PowerShell command to be executed in the deobfuscation routine. By inspecting this deobfuscated payload, the analyst can grab the Key and IV from the PowerShell command to decrypt the final payload.

Overall, SeroXen is a full-feature remote administration tool (RAT) coded in C# and built using a combination of various open-source projects that work together to generate a FUD payload. Reports have emerged of SeroXen being abused for several infections and attacks. We foresee the evolved BatCloak engine at the core of SeroXen’s FUD capabilities as the BatCloak obfuscation engine continues to evolve and be used as a FUD tool for future malware attacks.

Individuals are strongly advised to adopt a skeptical stance when encountering links and software packages associated with terms such as “cheats,” “hacks,” “cracks,” and other pieces of software related to gaining a competitive edge. Users, developers, gamers, and enthusiasts are also advised to exercise caution when executing batch files obtained from the internet. Additionally, organizations are encouraged to stay vigilant against phishing attacks that might attempt to entice users to download and run batch installers (e.g., scripting and automation of repetitive tasks).

Organizations should consider employing a cutting edge multilayered defensive strategy and comprehensive security solutions, such as Trend Micro™ XDR, that can detect, scan, and block malicious content such as SeroXen and BatCloak across the modern threat landscape. An extended detection and response capability across endpoint, servers, workloads, email, network, cloud, and identity observed from a single platform like Trend Vision One™️ can mitigate these risks by considering adversarial tactics, techniques, and procedures (TTPs) to profile the entirety of a routine. Learn more about how the Zero Day Initiative (ZDI) bug bounty program rewards researchers for responsible vulnerability disclosure as well as protects organizations globally and stay up to date on the latest news regarding mission critical security patches.

Source :
https://www.trendmicro.com/en_us/research/23/f/seroxen-incorporates-latest-batcloak-engine-iteration.html

Analyzing the FUD Malware Obfuscation Engine BatCloak

By: Peter Girnus, Aliakbar Zahravi
June 09, 2023
Read time: 3 min (681 words)

We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities.

^{UPDATE as of 6/15/2023 7:30PM (PHT): We’ve updated this entry to include indicators of compromise (IOCs) for BatCloak.}

In our recent investigation, we discovered the use of heavily obfuscated batch files utilizing the advanced BatCloak engine to deploy various malware families at different instances. Running analysis and sample collection from September 2022 to June 2023, we found that these batch files are designed to be fully undetectable (FUD) and have demonstrated a remarkable ability to persistently evade security solutions. As a result, threat actors can load various malware families and exploits by leveraging highly obfuscated batch files seamlessly. Our initial research titled “The Dark Evolution: Advanced Malicious Actors Unveil Malware Modification Progression” delves into the continuing evolution of BatCloak, uncovering the modifications that have propelled modern malware to new levels of security evasion.

This is the first entry in a three-part technical research series taking an in-depth look at the continuing evolution of the highly evasive batch obfuscation engine BatCloak. The second part of this series, “SeroXen Incorporates Latest BatCloak Engine Iteration,” will look into the remote access trojan (RAT) SeroXen, a piece of malware gaining popularity for its stealth and, in its latest iterations, targets gamers, enthusiast communities, and organizations. Aside from the RAT’s own tools, we will look into the updated BatCloak engine included as SeroXen’s loading mechanism. The third and last part of this series, “SeroXen Mechanisms: Exploring Distribution, Risks, and Impact,” will detail the distribution mechanisms of SeroXen and BatCloak. We also include our security insights on the community and demographic impact of this level of sophistication when it comes to batch FUD obfuscation.

Defying detection: A preview of BatCloak engine’s efficacy

We analyzed hundreds of batch samples sourced from a public repository. The results showed a staggering 80% of the retrieved samples exhibiting zero detections from security solutions. This finding underscores the ability of BatCloak to evade traditional detection mechanisms employed by security providers. Moreover, when considering the overall sample set of 784, the average detection rate was less than one, emphasizing the challenging nature of identifying and mitigating threats associated with BatCloak-protected pieces of malware.

fig1-analyzing-the-fud-malware-obfuscation-engine-batcloak — Figure 1. BatCloak detection counts from a public repository; samples and detection results collected from September 2022 to June 2023

Understanding the evolving landscape of advanced malware techniques such as FUD obfuscator BatCloak enables us to develop more effective strategies for combating the ever-evolving threats posed by these sophisticated adversaries. These findings highlight the pressing need for enhanced approaches to malware detection and prevention, such as a cutting-edge multilayered defensive strategy and comprehensive security solutions.

Security teams and organizations are advised to exercise a zero-trust approach. Teams should implement solutions capable of combining multiple rules, filters, and analysis techniques, including data stacking and machine learning to address the need for precise detection, as these tools can analyze individual and dynamic file signatures and observe patterns via heuristics and behavioral analysis. When uncertain of intrusions, behaviors, and routines, assume compromise or breach immediately to isolate affected artifacts or tool chains. With a broader perspective and rapid response, an organization can address these and keep the rest of its systems protected. Multilayered technologies and solutions, such as Trend Micro XDR™️, efficiently monitor, detect, and block tiered threats and attacks, as well as their clones and modified versions.

Instead of marking the end of an infection or an attack prior to the target because of siloed solutions, an extended detection and response capability across endpoint, servers, workloads, email, network, cloud, and identity observed from a single platform like Trend Vision One™️ can mitigate these risks by considering adversarial tactics, techniques, and procedures (TTPs) to profile the entirety of a routine. Trend Vision One also correlates with a connected threat intelligence system and rapidly prioritizes and responds with the necessary security and defensive actions as far left of the routine as possible.

Download the first part of our analysis on BatCloak engine here, and the indicators of compromise (IOCs) here and below :

The Dark Evolution: Advanced Malicious Actors Unveil Malware Modification Progression

BatCloak Indicators of Compromise (IOCs)

SHA256 of Trojan.BAT.BATCLOAK.A:

4981e6c42e66972a94077e3407823e212b7499f4be14c18e32e446b6bd5566d6
02169ca4a1fcaec423fdf033794f88266f1dec691ee527f91d9ef444b9e8fd00
024121ce693560695ffbb31714145647039dd0a33c7a637614ee3d408dd88c9b
02cd4e343fdfe9246977bd997ae7faa91b469df0bc9ed4c20cc2fa7898cb54e3
036132bcdc00e75dd71b6cba78c976ec50a52fd1b891a4f873bde87269007e0d
05e50707fc035d4045f52538cbd40df61bfc342ce90578780f169b0148e9e48a
06ee424a019da7a98de8ce82fde4b37037fd59f5f72ed882f63e7d054515785c
0a485b2a30d7818cadedc4b5c8d6a04cee2b4e98d58e292c4f6febc25553a43f
0ce9c7a4bc46fe2f92adf194767f02b460283ebd2100a4c4b6d9c8c03f05cc51
0e44555e8804fc351ca7b5369fef719691ebe3ac2e2dee92abe1359b06327ec3
0ea6d6a7f9532f5d6f2f1438349587aae83b7d82f7e92b3daa2b51658183308a
0f379d61a334d1cce8b67940696c527bb76392bdfae9f41bd4ea159aa0e8794e
1264fbc6fb67678c410dcea283342189c3f5a62b2cebfbbef3e5e88cae40c299
1cbab58e69089b40b0eca4aafa33bfb734707885c9d482f58da7fd2f22fa3f07
1ff46fa8630fe6104b6b31e88b4227474faa5b4891952381d745f0b6c1194d9a
2705be6a7e9fe94d0c90127bdd5cd3677af9a713b99ffaa302cd03d835b5b193
2fca9a8b9c2843001dd1f7d668f94f4aef6cf9fbfe0968dabd38c59f7ad7bf1b
378eea991cec20b879983f25c03c72d9c6492759ff0306267bb0af1934cecb5b
3ac9136078f802199506b4ce532fd221201b15d7d4eb84ce8a5128409d821c46
50e7ddd4d1fd4d6f57e5a39f9e31f20ea967a032ab60458af63bb43c0996b67b
545fa399c3d25ddeb9b1ce7dff99faf86b761937681a02377f6b22bab6953f74
57b573189433839f49b3694fb9dde7d6361a70d0d6d01b8bb5c052ac35e64966
5b1d862533bf0c6eddf0add97fe1d91f24489c9d43dba021a6cd433465abe670
5dc6ddbadfe77dae58755ab3524b8366ac52d6e4b0636cd5e88a9ee83fec93dd
66fbf321cb983176ab327c9357ab6970235263ed1f363960aa512adb255ce327
6fb3642107a5e541be64be269c91de20f10b5aba238a3552c0815ca290f0035e
720ec08526839f9f558439edeb86b0e30ed782edf0cfcc9709157e9963801a5c
735e591c7e0667087aff75f9923a7653b4f9661838e947d842171c20773a8913
73630f5690a1882296878e02fb9ef6ca8ab5f85bc60305682a872096ab59685e
7d1b4c45622ec5efebe8d6ef266a8ff8499285162305f2eb8eb3d09362b032dd
7dfe5e29b6278ddefa27217c26e09cd70c9ce2c920e30dd8e11d29b161a59fad
83046ab10ae92c337f7837191014d6f4aa792575947ad2ebbbdde247edabffad
846d4cf9af2e431ca61a7378fca693acc8cdf31348ce3bb09917de12e8a3de95
895d8257fc523a824e2eaf5a62a94e3cf2a3b87b797f696aa028f8443dd7a5e1
8ae18fc31866c3a35ede249b97457598e78cb6a0988df1dd58b9ddb1f3e88c05
8cf47ef94a01172ac5ed78fa657a2406e199691df02d58630d9b845dfd05007c
8df68758b29abe5c0807cc74221617052a175619121c1b41c1462e2e2c12d080
943c7e473924ff1efd4925eb8f2bf745008365f0256567009e5eb6d6b2f17e65
978361f5cea5e7b2ff801b74ed02a7e0a57ed80ac37c01a403b0614e789765c4
9949481d6311a298b4de1ac0d24d85583c8386bd03dc69cbb5995de475859ebc
994a9f76be5355444056833e0fdf5f9408ce6a028578571caa7eaaeb7176d50d
9c51fec7f9c7217fbaffef2e9476b1c74c6f9abdcfd68f58009307d3a1ced344
a07e12074c4013ff9a16b41822b9c2025fd42c2a6bb749f2489d533c73257bea
ab0e910f7470bbe3f612646e420836937bb26dbf87b2df48d47480d2835f384a
abd92088dc5a7a67ed7f0f27fac6b90cd3042f9c1966b3ec35798e3cf9d0b4ec
b0da1288c592b5710ec6e33f0af7dd69f3264e98c7fcdc0089e9a26e1ebf607a
b12ce995e5f3bd33f290be5ccd80ba847fcbde0d41ea53b8cb9f7f7cb25ab98d
b9077ca1640423f6b085d5b72e6bd0aac7877b6f40886db9f5e150cc5ca4bf9f
bb505db4936541c964c4f8c59e520b89ce83db76564f57548eebe8630758888a
c1e77860cd66a98f34ba4cf5bf55370d35bfba1950b6f79a84ab2f90c48fed86
c4ec0641549cdb66a8f9040a53d9ead724a0e2902866b43221e02c2c4fdcb900
c737111db0397904414e315dbe4604f1705b3cd7ee5579d6c0751752de25877d
c9259d18c1ba7e446406e206e0769ed74acc55c0cf40608c3e3d3ef6cc0e56c7
cda4e8d85f718233b93c4cfad2c28d333ffec523ebd32b1af47b6fa7c26345e6
cf8d86c39f7e76c889b6409ed9477c7b91f9424f491fb835f3643d8d55d5fd9e
d3fe2ae10b1c2dd2cf7339ba91bb4fac4454149361a3a9e8069901e3ea56ea8b
d45b5fde0b10a7d8a3227fac8b7af6f01adc8e78d6adc350588b7cebdd1c5894
d84390808d5a83d58d6f5544f9a717e736be234d18b4b607d8b8e842fb935d24
d8cde0701032e03ff9739889872547325881383791961a67ddebf07f8b80ab6a
d9afd0b9174140c001d6b0c60d02f5ba0469a14733a159c0e44045641b814aa1
daa08a205eec4e318c3f3eb6a001ec5ae16d3870ca1f05b3e8bb6838082910d9
de1356d868e63b027791957accaa3087f18901ae87eb01f6f09b7b88e6958e79
df5497ffb3b407397424ce7992ed62d8907d570668c79f9daef40863702349c0
e101b85439062a92773b046bee20d076513b81ddaa946c28096454c9fb934e19
f52ee895d9e8fd600ce4ea05d4a95443c8916af33a1b7b8b668007813fb61f8b
f62a915f1add8b29ebea13db7bc9c9314557f579631d0bebc3dc7044eaf7bbd7
f6a31c5a33d8b8dd38f39e31f27a32616cef12340c5a1b5914f8105abd22a710
fddce59e2c24f44c73c9913ca2415ec95f5a92cb2d94426aa4f8821952f2ddc2
fff222ff3c259db64dbd18e9382cc47ce8577a4069ba05b6db11b6b52d654294

Source :
https://www.trendmicro.com/en_us/research/23/f/analyzing-the-fud-malware-obfuscation-engine-batcloak.html

Human vs Machine Identity Risk Management

By: Trend Micro
June 29, 2023
Read time: 5 min (1290 words)

Risk Management of Human and Machine Identity in a Zero Trust Security Context

In today’s business world’s dynamic and ever-changing digital landscape, organizations encounter escalating security challenges that demand a more business-friendly and pertinent approach. Conventional security measures frequently lead to adverse effects on business operations.

However, the advent of Zero Trust security offers organizations the opportunity to embrace a risk-based response strategy that effectively mitigates these risks. The concept of identity is central to the effectiveness of security functions, which serves as a critical factor in guaranteeing the precision and security of transactions and data storage.

Identity and the Evolving Role of Humans and Machines

All security functions are fundamentally centered around identity. The statement, “Who did what to what, when,” encapsulates the core significance of identity in security. The accuracy and integrity of this statement rely on the accuracy and integrity of each identity clause. By ensuring the integrity of these identity clauses, organizations can automate the risk management process with high confidence in the outcomes.

Traditionally, security systems were designed assuming that human operators were solely responsible for all decisions made by machines. However, with the advent of computers and the increasing reliance on automated processes, this operator-centric model has become increasingly inadequate.

While humans and their associated accounts are often the primary targets of security measures, they merely represent the activity of the machines they interact with. In a Zero Trust deployment, embracing the concept of “machine as proxy human” becomes crucial. This approach allows organizations to apply security rules and surveillance to all devices, treating them like a malicious human is operating behind them.

By considering machines as proxy humans within the context of Zero Trust, organizations can extend security measures to encompass all devices and systems within their environment. This includes user devices, servers, IoT devices, and other interconnected components. Organizations can enforce strict access controls by treating machines as potential threat actors, applying behavioral analytics, and continuously monitoring for suspicious activities or deviations from expected behavior.

This shift in mindset enables organizations to proactively detect and respond to potential security threats, regardless of whether they originate from human actors or compromised machines. It allows for a more comprehensive and robust security posture, as security measures are applied at the device level, reducing the risk of unauthorized access, data breaches, and other security incidents.

Recognizing the centrality of identity in security and embracing the concept of “machine as proxy human” in a Zero Trust deployment enhances the effectiveness and comprehensiveness of security measures. By treating all devices as potential threat actors and applying security rules and surveillance accordingly, organizations can strengthen their risk management process, automate security controls, and mitigate the risks associated with human and machine-based security threats.

Applying Zero Trust to Machine-Human Approach

Treating all accounts, human or not, as machine/service accounts offer architectural flexibility in a Zero Trust environment. This approach allows organizations to apply consistent security measures to unknown devices, users, networks, and known entities, regardless of how frequently they change.

However, harmonized identity telemetry is crucial for this machine-human approach to be effective. Subscriber Identity Modules (SIM cards) and additional credentials facilitate Zero Trust management in 4G and 5G environments.

Organizations can incorporate a Software Bill of Materials (SBOM) into their Zero Trust solution to address the risks associated with the software. A SBOM is a comprehensive inventory that identifies the software components within an organization’s infrastructure, including internally developed and third-party/vendor-provided software.

By implementing a SBOM in a Zero Trust environment, organizations can establish a baseline for expected software behavior. This baseline includes the software’s version, dependencies, and associated digital signatures. Any deviations from this baseline can be identified as potential security threats or indicators of compromise.

One of the significant advantages of incorporating SBOM into a Zero Trust solution is the ability to monitor unexpected behaviors. Organizations can detect any suspicious activities or unauthorized modifications by continuously monitoring the software components and comparing their actual behavior against the established baseline. This proactive monitoring helps incident responders and risk management teams identify potential threats early and respond effectively to mitigate the risks.

Furthermore, SBOM facilitates supply chain component mapping, crucial for incident response and risk management. With a detailed inventory of software components, organizations can trace the origin of each component and identify potential vulnerabilities or compromised elements within their supply chain. This mapping capability enhances incident response capabilities by providing visibility into the interconnectedness of various software components and their potential impact on the organization’s overall security.

Ultimately incorporating SBOM into a Zero Trust solution helps organizations address software-related risks more effectively. By establishing baselines for expected software behavior and monitoring for any deviations, organizations can detect and respond to potential threats promptly. SBOM also facilitates supply chain component mapping, enabling organizations to enhance their incident response capabilities and mitigate the risks associated with software vulnerabilities and compromises.

Recommendations

Zero Trust security offers a surveillance-based approach that continuously checks and cross-references identity, assesses behavioral risk, and compares it to potential losses and revenue. This approach brings several recommendations for organizations looking to enhance their security posture:

Changes to executive responsibility and board governance require the adoption of Zero Trust security
With the increasing importance of cybersecurity in today’s digital landscape, executive leadership, and board members need to prioritize and understand the significance of Zero Trust security. This includes making it a strategic focus and allocating resources for its implementation. By recognizing the value of Zero Trust and incorporating it into governance structures, organizations can ensure a top-down commitment to robust security practices.
Zero Trust can help organizations meet government and customer requirements for supply chain resiliency
Supply chains have become more vulnerable to cyber threats, and government regulations and customer expectations emphasize supply chain resiliency. Zero Trust security measures can provide transparency, control, and trust within the supply chain ecosystem. Organizations can demonstrate their commitment to supply chain security and meet compliance requirements by establishing rigorous authentication, continuous monitoring, and granular access controls.
Operational risk management automation tools in Zero Trust can streamline security management and reduce enterprise risk and total cost of ownership
Zero Trust security frameworks offer automation tools that streamline security management processes. Organizations can reduce human error and enhance operational efficiency by automating tasks such as identity verification, access controls, and threat detection. This automation minimizes security risks and reduces the total cost of ownership associated with managing complex security infrastructures.
Simplification of security management in Zero Trust can address the security skills gap by enabling reliance on junior or offshore staff for incident diagnoses
The shortage of skilled cybersecurity professionals is a significant challenge for many organizations. Zero Trust can alleviate this skills gap by simplifying security management and enabling the reliance on junior or offshore staff for incident diagnoses. With streamlined processes, intuitive security controls, and automated monitoring, organizations can empower less experienced staff to effectively handle security incidents, optimizing resources and addressing the skills shortage.

By prioritizing identity integrity and leveraging the benefits of Zero Trust, organizations can establish a robust security framework that maximizes enterprise functionality while minimizing risk. In an increasingly unstable world where cyber threats continue to evolve, adopting a sophisticated, nuanced, and cost-effective security approach such as Zero Trust becomes essential for organizations to thrive and maintain resilience in the face of emerging challenges.

Ready to take your organization’s security to the next level? Download our comprehensive report on “Zero Trust: Enforcing Business Risk Reduction Through Security Risk Reduction” to gain valuable insights and practical strategies for implementing a business-friendly security approach. Discover how Zero Trust can minimize negative impacts, enhance risk management, and safeguard digital assets. Click here to download the report now!

Source :
https://www.trendmicro.com/it_it/research/23/f/human-vs-machine-identity-management.html

Content Delivery Networks (CDNs)

Article
02/17/2023
7 contributors

Feedback

CDNs help keep Microsoft 365 fast and reliable for end users. Cloud services like Microsoft 365 use CDNs to cache static assets closer to the browsers requesting them to speed up downloads and reduce perceived end user latency. The information in this topic will help you learn about Content Delivery Networks (CDNs) and how they’re used by Microsoft 365.

What exactly is a CDN?

A CDN is a geographically distributed network consisting of proxy and file servers in datacenters connected by high-speed backbone networks. CDNs are used to reduce latency and load times for a specified set of files and objects in a web site or service. A CDN may have many thousands of endpoints for optimal servicing of incoming requests from any location.

CDNs are commonly used to provide faster downloads of generic content for a web site or service such as Javascript files, icons and images, and can also provide private access to user content such as files in SharePoint Online document libraries, streaming media files, and custom code.

CDNs are used by most enterprise cloud services. Cloud services like Microsoft 365 have millions of customers downloading a mix of proprietary content (such as emails) and generic content (such as icons) at one time. It’s more efficient to put images everyone uses, like icons, as close to the user’s computer as possible. It isn’t practical for every cloud service to build CDN datacenters that store this generic content in every metropolitan area, or even in every major Internet hub around the world, so some of these CDNs are shared.

How do CDNs make services work faster?

Downloading common objects like site images and icons over and over again can take up network bandwidth that can be better used for downloading important personal content, like email or documents. Because Microsoft 365 uses an architecture that includes CDNs, the icons, scripts, and other generic content can be downloaded from servers closer to client computers, making the downloads faster. This means faster access to your personal content, which is securely stored in Microsoft 365 datacenters.

CDNs help to improve cloud service performance in several ways:

CDNs shift part of the network and file download burden away from the cloud service, freeing up cloud service resources for serving user content and other services by reducing the need to serve requests for static assets.
CDNs are purpose built to provide low-latency file access by implementing high performance networks and file servers, and by leveraging updated network protocols such as HTTP/2 with highly efficient compression and request multiplexing.
CDN networks use many globally distributed endpoints to make content available as close as possible to users.

The Microsoft 365 CDN

The built-in Microsoft 365 Content Delivery Network (CDN) allows Microsoft 365 administrators to provide better performance for their organization’s SharePoint Online pages by caching static assets closer to the browsers requesting them, which helps to speed up downloads and reduce latency. The Microsoft 365 CDN uses the HTTP/2 protocol for improved compression and download speeds.

Note

The Microsoft 365 CDN is only available to tenants in the Production (worldwide) cloud. Tenants in the US Government, China and Germany clouds do not currently support the Microsoft 365 CDN.

The Microsoft 365 CDN is composed of multiple CDNs that allow you to host static assets in multiple locations, or origins, and serve them from global high-speed networks. Depending on the kind of content you want to host in the Microsoft 365 CDN, you can add public origins, private origins or both.

Content in public origins within the Microsoft 365 CDN is accessible anonymously, and can be accessed by anyone who has URLs to hosted assets. Because access to content in public origins is anonymous, you should only use them to cache non-sensitive generic content such as Javascript files, scripts, icons and images. The Microsoft 365 CDN is used by default for downloading generic resource assets like the Microsoft 365 client applications from a public origin.

Private origins within the Microsoft 365 CDN provide private access to user content such as SharePoint Online document libraries, sites and proprietary images. Access to content in private origins is secured with dynamically generated tokens so it can only be accessed by users with permissions to the original document library or storage location. Private origins in the Microsoft 365 CDN can only be used for SharePoint Online content, and you can only access assets through redirection from your SharePoint Online tenant.

The Microsoft 365 CDN service is included as part of your SharePoint Online subscription.

For more information about how to use the Microsoft 365 CDN, see Use the Microsoft 365 content delivery network with SharePoint Online.

To watch a series of short videos that provide conceptual and HOWTO information about using the Microsoft 365 CDN, visit the SharePoint Developer Patterns and Practices YouTube channel.

Other Microsoft CDNs

Although not a part of the Microsoft 365 CDN, you can use these CDNs in your Microsoft 365 tenant for access to SharePoint development libraries, custom code and other purposes that fall outside the scope of the Microsoft 365 CDN.

Azure CDN

Note

Beginning in Q3 2020, SharePoint Online will begin caching videos on the Azure CDN to support improved video playback and reliability. Popular videos will be streamed from the CDN endpoint closest to the user. This data will remain within the Microsoft Purview boundary. This is a free service for all tenants and it does not require any customer action to configure.

You can use the Azure CDN to deploy your own CDN instance for hosting custom web parts, libraries and other resource assets, which allows you to apply access keys to your CDN storage and exert greater control over your CDN configuration. Use of the Azure CDN isn’t free, and requires an Azure subscription.

For more information on how to configure an Azure CDN instance, see Quickstart: Integrate an Azure storage account with Azure CDN.

For an example of how the Azure CDN can be used to host SharePoint web parts, see Deploy your SharePoint client-side web part to Azure CDN.

For information about the Azure CDN PowerShell module, see Manage Azure CDN with PowerShell.

Microsoft Ajax CDN

Microsoft’s Ajax CDN is a read-only CDN that offers many popular development libraries including jQuery (and all of its other libraries), ASP.NET Ajax, Bootstrap, Knockout.js, and others.

To include these scripts in your project, simply replace any references to these publicly available libraries with references to the CDN address instead of including it in your project itself. For example, use the following code to link to jQuery:

HTMLCopy

<script src=https://ajax.aspnetcdn.com/ajax/jquery-2.1.1.js> </script>

For more information about how to use the Microsoft Ajax CDN, see Microsoft Ajax CDN.

How does Microsoft 365 use content from a CDN?

Regardless of what CDN you configure for your Microsoft 365 tenant, the basic data retrieval process is the same.

Your client (a browser or Office client application) requests data from Microsoft 365.
Microsoft 365 either returns the data directly to your client or, if the data is part of a set of content hosted by the CDN, redirects your client to the CDN URL.a. If the data is already cached in a public origin, your client downloads the data directly from the nearest CDN location to your client.b. If the data is already cached in a private origin, the CDN service checks your Microsoft 365 user account’s permissions on the origin. If you have permissions, SharePoint Online dynamically generates a custom URL composed of the path to the asset in the CDN and two access tokens, and returns the custom URL to your client. Your client then downloads the data directly from the nearest CDN location to your client using the custom URL.
If the data isn’t cached at the CDN, the CDN node requests the data from Microsoft 365 and then caches the data for time after your client downloads the data.

The CDN figures out the closest datacenter to the user’s browser and, using redirection, downloads the requested data from there. CDN redirection is quick, and can save users a lot of download time.

How should I set up my network so that CDNs work best with Microsoft 365?

Minimizing latency between clients on your network and CDN endpoints is the key consideration for ensuring optimal performance. You can use the best practices outlined in Managing Microsoft 365 endpoints to ensure that your network configuration permits client browsers to access the CDN directly rather than routing CDN traffic through central proxies to avoid introducing unnecessary latency.

You can also read Microsoft 365 Network Connectivity Principles to understand the concepts behind optimizing Microsoft 365 network performance.

Is there a list of all the CDNs that Microsoft 365 uses?

The CDNs in use by Microsoft 365 are always subject to change and in many cases there are multiple CDN partners configured in the event one is unavailable. The primary CDNs used by Microsoft 365 are:

CDN	Company	Usage	Link
Microsoft 365 CDN	Microsoft Azure	Generic assets in public origins, SharePoint user content in private origins	Microsoft Azure CDN
Azure CDN	Microsoft	Custom code, SharePoint Framework solutions	Microsoft Azure CDN
Microsoft Ajax CDN (read only)	Microsoft	Common libraries for Ajax, jQuery, ASP.NET, Bootstrap, Knockout.js etc.	Microsoft Ajax CDN

What performance gains does a CDN provide?

There are many factors involved in measuring specific differences in performance between data downloaded directly from Microsoft 365 and data downloaded from a specific CDN, such as your location relative to your tenant and to the nearest CDN endpoint, the number of assets on a page that are served by the CDN, and transient changes in network latency and bandwidth. However, a simple A/B test can help to show the difference in download time for a specific file.

The following screenshots illustrate the difference in download speed between the native file location in Microsoft 365 and the same file hosted on the Microsoft Ajax Content Delivery Network. These screenshots are from the Network tab in the Internet Explorer 11 developer tools. These screenshots show the latency on the popular library jQuery. To bring up this screen, in Internet Explorer, press F12 and select the Network tab, which is symbolized with a Wi-Fi icon.

This screenshot shows the library uploaded to the master page gallery on the SharePoint Online site itself. The time it took to upload the library is 1.51 seconds.

The second screenshot shows the same file delivered by Microsoft’s CDN. This time the latency is around 496 milliseconds. This is a large improvement and shows that a whole second is shaved off the total time to download the object.

Is my data safe?

We take great care to protect the data that runs your business. Data stored in the Microsoft 365 CDN is encrypted both in transit and at rest, and access to data in the Microsoft 365 SharePoint CDN is secured by Microsoft 365 user permissions and token authorization. Requests for data in the Microsoft 365 SharePoint CDN must be referred (redirected) from your Microsoft 365 tenant or an authorization token won’t be generated.

To ensure that your data remains secure, we recommend that you never store user content or other sensitive data in a public CDN. Because access to data in a public CDN is anonymous, public CDNs should only be used to host generic content such as web script files, icons, images and other non-sensitive assets.

Note

3rd party CDN providers may have privacy and compliance standards that differ from the commitments outlined by the Microsoft 365 Trust Center. Data cached through the CDN service may not conform to the Microsoft Data Processing Terms (DPT), and may be outside of the Microsoft 365 Trust Center compliance boundaries.

For in-depth information about privacy and data protection for Microsoft 365 CDN providers, visit the following:

Learn more about Microsoft 365 privacy and data protection at the Microsoft Trust Center
Learn more about Akamai’s privacy and data protection at the Akamai Privacy Trust Center
Learn more about Azure privacy and data protection at the Azure Trust Center

How can I secure my network with all these 3rd party services?

Using an extensive set of partner services allows Microsoft 365 to scale and meet availability requirements and enhance the user experience when using Microsoft 365. The 3rd party services Microsoft 365 leverages include both certificate revocation lists; such as crl.microsoft.com or sa.symcb.com, and CDNs; such as r3.res.outlook.com. Every CDN FQDN generated by Microsoft 365 is a custom FQDN for Microsoft 365. If you’re sent to a FQDN at the request of Microsoft 365, you can be assured that the CDN provider controls the FQDN and the underlying content at that location.

For customers that want to segregate requests destined for a Microsoft 365 datacenter from requests that are destined for a 3rd party, we’ve written up guidance on Managing Microsoft 365 endpoints.

Is there a list of all the FQDNs that leverage CDNs?

The list of FQDNs and how they leverage CDNs change over time. Refer to our published Microsoft 365 URLs and IP address ranges page to get up to date on the latest FQDNs that leverage CDNs.

You can also use the Microsoft 365 IP Address and URL Web service to request the current Microsoft 365 URLs and IP address ranges formatted as CSV or JSON.

Can I use my own CDN and cache content on my local network?

We’re continually looking for new ways to support our customers’ needs and are currently exploring the use of caching proxy solutions and other on-premises CDN solutions.

Although it isn’t a part of the Microsoft 365 CDN, you can also use the Azure CDN for hosting custom web parts, libraries and other resource assets, which allows you to apply access keys to your CDN storage and exert greater control over your CDN configuration. Use of the Azure CDN isn’t free, and requires an Azure subscription. For more information on how to configure an Azure CDN instance, see Quickstart: Integrate an Azure storage account with Azure CDN.

I’m using Azure ExpressRoute for Microsoft 365, does that change things?

Azure ExpressRoute for Microsoft 365 provides a dedicated connection to Microsoft 365 infrastructure that is segregated from the public internet. This means that clients will still need to connect over non-ExpressRoute connections to connect to CDNs and other Microsoft infrastructure that isn’t explicitly included in the list of services supported by ExpressRoute. For more information about how to route specific traffic such as requests destined for CDNs, see Implementing ExpressRoute for Microsoft 365.

Can I use CDNs with SharePoint Server on-premises?

Using CDNs only makes sense in a SharePoint Online context and should be avoided with SharePoint Server. This is because all of the advantages around geographic location don’t hold true if the server is located on-premises or geographically close anyway. Additionally, if there’s a network connection to the servers where it’s hosted, then the site may be used without an Internet connection and therefore can’t retrieve the CDN files. Otherwise, you should use a CDN if there’s one available and stable for the library and files you need for your site.

All about the TeamViewer company profile

By JeanK

Last Updated: Jun 23, 2023

A TeamViewer company profile allows the ability within the TeamViewer Management Console to manage user permissions and access centrally.

Company admins can add existing users to the license and create new TeamViewer accounts. Both will allow users to log into any TeamViewer application and license the device so they may make connections.

Before starting

It is highly recommended to utilize a Master Account for a company profile, which will be the account that manages all licenses and users.

Please see the following article: Using a Master Account for the TeamViewer Management Console

This article applies to TeamViewer customers with a Premium, Corporate, or Tensor plan.

Benefits of a company profile

Managing users as the company administrator of a company profile also gives access to:

Connection reports (reports of user connections including date, time, and frequency)
Deactivate or remove a user
Create channel groups
Share groups of contacts and devices and manage group permissions
Change user account passwords
Change user permissions

Licensing

Each company profile must have one TeamViewer Core multi-user license activated; this license can be combined with other licenses of the TeamViewer product family (e.g., Assist AR, Remote Management, IoT, etc. ), but cannot be combined with another TeamViewer Core license.

📌Note: If a company admin attempts to activate a second TeamViewer license, they will need to choose between keeping the existing license or replacing it with the new license.

📌Note: In some cases (with older company profiles and an active perpetual license), multiple core TeamViewer licenses may be activated to one company profile. One subscription license may be added to an existing perpetual license for such company profiles.

License management

Through the TeamViewer Management Console, company admins can manage the licensing of their users directly, including:

Assign/un-assign the license to various members of the company profile.
Reserve one or more channels for specific teams or persons via Channel Groups.

💡Hint: To ensure the license on your company profile best matches your use case, we highly recommend reaching out to our TeamViewer licensing experts. You may find local numbers here.

How to create a company profile

To create a company profile, please follow the instructions below:

Log into the Management Console
On the left-hand side, under the Company header, select User management
In the text box provided, enter the desired company name and click Create.
- 📌Note: The name of a company profile must be unique and cannot be re-used. If another company profile already uses a name, an error will appear, requesting another name be used instead.
Once the company profile is created, User management will load with the user that created the company profile as a company administrator.

How to add a new user

To add a new user, please follow the instructions below:

Under User management, click the icon of a person with a + sign. Click on Add user.
On the General tab, add the user’s name and email address and enter a password for the user and click Add user.
- 💡Hint: Other settings for the user can be adjusted under Advanced, Licenses, and Permissions.
The user will now appear under the User management tab. An email is sent to the user with instructions on activating their account.
- 📌Note: If the user does not activate their account via email, they will receive an error that the account has not yet been activated when trying to sign in.

How to add an existing user

Users that already have an existing TeamViewer account can request to join a company profile using a few simple steps:

Under User management, click the icon of a person with a + sign. Select Add existing account.
A pop-up will appear, including a URL. Please send this URL to the user you want to add: https://login.teamviewer.com/cmd/joincompany
Once the user opens the link within a browser, they must sign in with their TeamViewer account. Once logged in, they will be prompted to enter the email address of the company administrator. Once completed, they must tick the box I allow to transfer my account and click Join Company.
The company admin will receive a join request via email. The user will appear in user management, where the company admin can approve or decline the addition of the user to the company profile

📌Notes:

Every user that joins a company profile will be informed that the company admin will take over full management of their account, including the ability to connect to and control all their devices. It is recommended never to join a company profile the user does not know or fully trust.
A user can only be part of one company profile.

How to set user permissions

Users of a company profile have multiple options that can be set by the current company admin, including promoting other users to administrator or company administrator. Permissions are set for each user individually. To access user permissions:

In the User management tab, hovering the cursor over the desired user’s account will produce a three-dots menu (⋮) to the far right of the account. Click this menu and select Edit user from the drop-down.
Once in Edit user, select the Permissions tab. Overall permissions for the account can be changed using the drop-down under the Role header.

Four options are available:

Company administrator: Can make changes to company settings, other administrator accounts, and user accounts.
User administrator: Can make changes to other user accounts but cannot change company settings or company administrator accounts.
Member: Cannot change the company profile or other users.
Customized permissions: The company admin sets permissions for each aspect of the account.

Once the appropriate role is selected, click Save in the window’s upper-left corner.

📌Note: Changes to user permissions are automatic once saved.

How to remove/deactivate/delete users

Along with adding new or existing accounts, company admins can remove, deactivate, or even delete users from the company profile.

📌Note: A current company admin of that license can only remove a TeamViewer account currently connected to a company profile. TeamViewer Customer Support is unable to remove any account from a company profile.

To remove, deactivate or delete an account, please follow the instructions below:

In the User management tab, hovering the cursor over the desired user’s account will produce a three-dots menu (⋮) to the far right of the account. In the drop-down menu that appears are the three options
Select Delete account, Remove user or Deactivate user.

Consequences of deleting an account

When an account is deleted, the account is not only removed from the company profile but deleted from TeamViewer altogether. The user can no longer use the account or access any information associated with it as it no longer exists.

📌Note: When an account is deleted, the email address associated with the account can be re-used to create a new TeamViewer account.

When a TeamViewer account is deleted from a company profile:

Connection reports, custom modules, and TeamViewer/Remote management policies will be transferred to the current company admin.
Web API Tokens for the deleted user are logged out, and their company functionality is removed
License activations are removed from the deleted user’s account
Shared groups from the deleted user’s account are deleted.

Once the company admin checks the box to confirm that this process cannot be undone, the Delete account button becomes available. Once pressed, the account is deleted.

📌Note: Deletion of any TeamViewer account deletion is irreversible. Only a new account can be created after deletion. All user data will be lost.

Remove user

When an account is removed, the account is removed from the company profile and reverted to a free TeamViewer account. The account is reverted to a free account, and the user is still able to log in with the account. All information associated with the account is still accessible.

When an account is removed from a company profile:

Connection reports, custom modules, and TeamViewer /Remote management policies will be transferred to the current company admin.
Contacts in the contact book are transferred to the current company admin
Web API Tokens for the user’s account are logged out and their company functionality is removed
License activations are removed from the user’s account

📌Note: Groups & devices in the Computers & Contacts of the removed user’s account are not affected. Any groups shared also will remain shared.

Once the company admin checks the box to confirm that this process cannot be undone, the Remove user button becomes available. Once pressed, the account is removed from the company profile and reverted to a free TeamViewer account.

📌Note: Once a user account is removed from the current company profile, it can request to join another company profile.

Deactivate user

When an account is deactivated, the account is reverted to inactive. The deactivated account is still associated with the company profile but cannot be used to log into TeamViewer on a free or licensed device. The account is rendered completely unusable.

📌Note: When an account is deactivated, the email address associated with the account cannot be used to create a new free TeamViewer account.

💡Hint: To view inactivated users within the company profile, select the drop-down menu under User Status and check the box for Inactive. All inactive users will now appear in user management.

How to reactivate inactive users

When Deactivate user is selected, the account disappears from user management. They are, however, still a part of the Company Profile and can be reactivated back to the license instantly at any time.

To view inactivated users within the company profile, select the menu under User Status and check the box for Inactive. All inactive users will now appear in user management.
Once the user is located, hover the cursor over the account. Select the three-dots menu (⋮) to the right of the user’s account and select Activate user
The user’s original permissions status is reverted, and the account can again be used with any TeamViewer device.

Troubleshooting

Below you will find answers to some common issues encountered when interacting with a company profile.

▹User(s) on a company profile show a free license

In some cases, older users on a company profile may appear as ‘free’ users, especially after upgrading or changing a license. The company admin can resolve this:

Log in to the TeamViewer Management Console under https://login.teamviewer.com
Click Company administration on the left-hand side:
Select the Licenses tab and locate the license. Hovering the cursor over the license will produce a three-dots menu (⋮). Click the menu and select Assign from the drop-down.
The users who show ‘free’ will appear in Unassigned. Select the desired users and click the Add button at the bottom of the page.

📌Note: Affected users should log out and then back in to see the licensing changes.

▹Your account is already associated with a company

If a user who is already associated with one company profile attempts to join another company profile, the following pop-up will appear:

The user’s account must be removed from the current company profile to resolve this. The steps required vary depending on whether it is their active or expired company profile or if they are associated with a company profile created by another account.

SCENARIO 1: As company administrator of an active company profile

If a user who created a company profile wishes to delete the company profile associated with their account, they will need to perform the following steps:

Log in to the TeamViewer Management Console under https://login.teamviewer.com
Click User Management in the upper left corner
Remove all other accounts: Before deleting a company profile, the company admin must remove all other accounts. Perform these steps for each user on the company profile
Remove the company admin account: Once all other accounts have been removed, the company admin will remove their account. This will delete the company profile altogether
The user is immediately logged out and can now follow the process to add their account to an existing company profile

SCENARIO 2: As company administrator of an expired company profile

In some cases, the user may have created a company profile on an older license that is no longer used or active. In such cases, the company profile will appear as expired in the Management Console.

In such cases, it is still possible to delete the company profile:

Log in to the TeamViewer Management Console under https://login.teamviewer.com
Click Company administration on the left-hand side.
On the General tab, select Delete company.
A pop-up will appear confirming the request to delete the company profile. Check the box at the bottom to validate, and select Delete company.

SCENARIO 3: The account is a member of a company profile

📌Note: Only a company administrator can remove a user from their company profile – not even TeamViewer can remove a user from a company profile, regardless of the request’s origin.

If the user is a member of another company profile, they will need to contact the company admin of that license to request removal.

Once removed, they can then request to join the correct company profile.

Source :
https://community.teamviewer.com/English/kb/articles/3573-all-about-the-teamviewer-company-profile

Teamviewer Block and allowlist

By .Carol.fg.

Last Updated: May 9, 2023

You have the possibility to restrict remote access to your device by using the Block and Allowlist feature in the TeamViewer full version and the TeamViewer Host.

You can find the feature easily by clicking in your TeamViewer full version on the Gear icon (⚙) in the upper right corner of the TeamViewer (Classic) application, then Security ➜ Block and Allowlist.

Let´s begin with the difference between a blocklist and an allowlist.

This article applies to all TeamViewer (Classic) users.

What is a Blocklist?

The Blocklist generally lets you prevent certain partners or devices from establishing a connection to your computer. TeamViewer accounts or TeamViewer IDs on the blocklist cannot connect to your computer.

📌Note: You will still be able to set up outgoing TeamViewer sessions with partners on the blocklist.

What is an Allowlist?

If you add TeamViewer accounts to the Allowlist, only these accounts will be able to connect to your computer. The possibility of a connection to your computer through other TeamViewer accounts or TeamViewer IDs will be denied

If you have joined a company profile with your TeamViewer account, you can also place the entire company profile on the Allowlist. Thus only the TeamViewer accounts that are part of the company profile can access this device.

📌Note: To work with a company profile you will need a TeamViewer Premium or Corporate license

How to set up a Blocklist?

If you would like to deny remote access to your device to specific persons or TeamViewer IDs, we recommend setting up a Blocklist.

A new window will open. Activate the first option Deny access for the following partners and click on Add

📌Note: If you activate the Also apply for meetings check box, these settings will also be applied to meetings. Contacts from your blocklist are excluded from being able to join your meetings.

After clicking on Add, you can either choose partners saved on your Computers & Contacts list or add TeamViewer IDs/contacts manually to your blocklist.

How to set up an Allowlist?

If you would like to allow only specific TeamViewer accounts or TeamViewer IDs remote access to your device, we recommend setting up an Allowlist.

A new window will open. Activate the second option Allow access only for the following partners and click on Add

📌Note: If you activate the Also apply for meetings check box, these settings will also be applied to meetings. Only contacts from your allowlist will then be able to join your meetings.

After clicking on Add, you can either choose partners saved on your Computers & Contacts list, add TeamViewer IDs/contacts manually to your blocklist, or add the whole company you are part of (only visible if you are part of a company profile).

How to delete blocklisted/allowlisted partners?

If you no longer wish to have certain partners block or allowlisted, you can easily remove them from the list.

To do so navigate in your TeamViewer full version to the Gear icon (⚙) in the upper right corner of the TeamViewer (Classic) application, then Security ➜ Block and Allowlist ➜ Click on Configure… and choose whether you would like to remove partners from the Blocklist or from the Allowlist by choosing either Deny access for the following partners (Blocklist) or Allow access only for the following partner (Allowlist). Now click on the partners you would like to remove and finally click Remove ➜ OK

📌Note: You can choose multiple partners at once by pressing CTRG when clicking on the different partners.

Learn more about how you can benefit from a Master Allowlist: Why Master Allowlists are So Effective to Secure Customers

Source :
https://community.teamviewer.com/English/kb/articles/29739-block-and-allowlist

Ubiquiti Unifi reset to Factory Defaults

Updated on 27 giu 2023

A factory reset is useful for a creating fresh setup of a UniFi Console, or device that was already configured in a managed state.

Restoring with the Reset Button

All UniFi devices have a Reset button. You can return a device to a factory-default state by holding this for 5-10 seconds (depending on the device), or until the LEDs indicate the restore has begun. Your device must remain powered during this process.

UniFi PoE Adapters also have a Reset button that can be used if the actual device is mounted and out of reach.

Example: The diagram below illustrates how to locate this button on the UDM Pro.

Restoring From Your UniFi Application

UniFi Devices

All UniFi devices can be restored to their factory defaults via their respective web or mobile applications. This is located in the Manage section of a device’s settings. Depending on the application, this may be referred to as Forget (UniFi Network) or Unmanage (UniFi Protect).

Selecting this option will unmanage the device from your UniFi Console and restore the device to a factory default state.

UniFi Consoles

A UniFi Console admin with Owner privileges has the ability to restore their console using the “Factory Reset” button located in the UniFi OS System settings.

Frequently Asked Questions

Why does my device still appear in my application after I restored it using the physical Reset button?

Why does my device say “Managed by Other”?

This will occur if the device was managed by another instance of a UniFi application. This includes cases where the UniFi Console (e.g., Dream Machine Pro, or Cloud Key) was factory restored, because the UniFi device still considers itself as being managed by the ‘old’ application console, prior to restoration.

There are several options to resolve this:

Restore the UniFi Console from a backup in which the device was already managed.
Factory restore the UniFi device and then re-adopt it.
Reassign the device using the UniFi Network mobile app.
Note: This can only be done by the account owner and requires them to have previously signed into the mobile app while the device was managed.

Note: If you are self-hosting the Network application, you should only ever download the UniFi software on a single machine which will act as the UniFi Console. Some users mistakenly download this multiple times because they believe it is a requirement to manage their Network Application from other devices, but this is actually creating a completely new instance. To manage your network from another device, you can type in the IP address of the UniFi Console while connected to the same local network. Alternatively, you can enable Remote Access to manage your network anywhere. See Connecting to UniFi to learn more.

Why is my UniFi Device not factory restoring?

Ensure that your device remains powered on during the restoration process, otherwise it will not occur.

It is also possible that you held the button for too short of a time (resulting in a reboot), or too long of a time (resulting in entering TFTP Recovery Mode). Refer to our UniFi Device LED Status guide for more information.

Source:
https://help.ubnt.com/hc/en-us/articles/205143490-UniFi-How-to-Reset-the-UniFi-Access-Point-to-Factory-Defaults

How to use CHATGPT to write a blog post: easy step-by-step guide

By Emily Brookes
Last updated: May 5, 2023

In this article, we’re going to show you how to use ChatGPT to write a blog post. If you’re new to using AI content generators, don’t worry. We will be walking you through the entire process step-by-step.

ChatGPT is a game-changer for marketers and bloggers—in fact, pretty much anyone that does anything online, in fact, ChatGPT can even help you brainstorm. And although it might sound like AI will take everyone’s jobs, we should embrace AI technology and use it to create better content more quickly.

Before we jump into this topic, it’s worth noting here that it is highly likely that OpenAI will be adding a digital watermark to content generated by ChatGPT.

If you intend to publish this content online, you should either rewrite the output in your own words or use a more comprehensive AI writing tool like Jasper to write or rewrite the paragraphs for you, based on the outline and ideas generated by ChatGPT (and check out our thoughts on the future of white-collar work in the age of AI here)

You Can Try Jasper for Free Right Here

CONTENTS[SHOW]

HOW TO USE CHAT GPT TO WRITE A BLOG POST

Writing a blog post is somewhere ChatGPT can excel. But the thing is, it won’t simply produce the perfect blog post at the click of a button. ChatGPT needs detailed instructions to produce good content.

And of course, when it comes to creativity and original ideas, you will still need to add a human touch.

That being said, ChatGPT can be used for pretty much every part of the writing process when guided carefully by a human writer.

Often, blog articles are relatively short and focused pieces that center primarily around one topic. Because of this, Chat GPT will happily suffice for short blog posts on simple topics.

However, a higher standard can often be achieved by augmenting the process with Jasper’s AI writing capabilities.

Here’s how to use ChatGPT to write a blog post.

BRAINSTORM TOPICS AND TITLE IDEAS

Chat GPT has emerged as a useful brainstorming tool. It’s becoming increasingly popular with bloggers and copywriters to help them with writer’s block.

It offers a quick and convenient way of generating relevant topics and title suggestions. To get started, you must create a free account with OpenAI. There is a paid version available, too—ChatGPT Plus.

In this guide, we’re going to be using the free version, but you can use either.

Once you’re signed in, you can enter a prompt in the chat box at the bottom of the page. For example: “Generate 12 new topic ideas and titles for a dog training blog.”

If you’re happy with the generated text, you can move on to the next step. Alternatively, you can also ask ChatGPT to regenerate the response for more ideas.

USE CHATGPT TO HELP YOU WRITE A SOLID OUTLINE

Once you have established a topic, the next step is to use ChatGPT to write an outline for your blog post.

Doing this manually can be a time-consuming process. But the good news is, ChatGPT will make it a lot easier.

It will provide you with a detailed outline which you can then edit or add to yourself with your own ideas.

First, you will need to enter your command into ChatGPT.

Command example: Create a detailed outline for a blog post titled “Mastering Recall: Tips and Techniques for Training Your Dog to Come When Called”.

ChatGPT will then provide you with a detailed outline that you can tweak as needed.

Now that you’ve got an outline, you can either use ChatGPT, or another tool like Jasper to create content for each section of your blog post.

HOW TO USE CHATGPT TO HELP WRITE EACH SECTION OF YOUR BLOG POST

If you want to use ChatGPT to write a blog post, you’re going to need to break down what you want into different sections and categories. That way, you can ask ChatGPT to write each section for you as you go.

After that, you can piece them all together at the end to create a long-form blog post you can publish.

If you’re writing a shorter piece of content of up to 500 words, then technically, you could just ask it to write a whole blog post in one go.

However, in general, breaking this down into sections is the best way to go about this. This will ensure that the topic is covered thoroughly and in the appropriate order.

Doing this is also essential if you want to create long-form content.

ASK CHATGPT TO WRITE YOUR INTRODUCTION

A strong start to any blog post is a must. This is why you want to start by asking ChatGPT to write your introduction for you.

Ask ChatGPT to write an introduction to your blog post.

Example prompt:

Write an introduction for a blog post titled “Mastering Recall: Tips and Techniques for Training Your Dog to Come When Called”.

And here’s what ChatGPT generated based on that prompt:

As you can see, it has done a pretty good job in just a few seconds.

You can now tweak this introduction if required. This is a good time to add your own expertise and introduce yourself as an authority on the topic.

ENTER EACH SUBHEADING IN CHATGPT AS A QUESTION

The next step is to create content for each subheading detailed in your outline.

ChatGPT is designed to be an AI chatbot rather than exclusively an article writer. Because of this, it works well if you enter your prompts as questions.

If you make the headings within your article a question, then you can ask GPT to answer this question for you. Then you can use the answer it generates as a basis for each paragraph of your blog post.

So for the first subheading, “Explanation of the importance of recall training”, you would enter a prompt of “Explain the importance of recall training for dogs”.

ChatGPT will then respond to this prompt, providing another section of your blog post.

Note: If you intend to publish this content online, you should either rewrite the output in your own words. You could also use a more comprehensive tool like Jasper to write or rewrite the paragraphs for you, based on the outline created by ChatGPT.

Try Jasper Here Free

ASK CHATGPT TO WRITE A CONCLUSION PARAGRAPH

Ending any blog post on a high is a great idea. Once you are certain your blog post has thoroughly covered the topic at hand, it’s time to close things off.

Simply ask ChatGPT to create a conclusion based on the topic you’re already writing about. You can even go one step further and ask it to include things like a call to action or next steps.

You might want to change things a little to ensure your brand and/or name is mentioned. However, asking ChatGPT to write you a conclusion paragraph gives you a solid starting point.

When you start by asking ChatGPT to write you a conclusion, it will tell you that it needs to know the topic of the blog and the main points you have mentioned in the post, so it can conclude your blog post accurately.

REVIEW AND EDIT YOUR BLOG POST

Just because ChatGPT (or indeed any AI writing software) has created a post for you, that doesn’t mean you should use it as it is. It’s important to thoroughly review and edit the content. Make sure that it reads well and keeps in line with your existing brand voice.

Most people won’t respond well to content they think has been auto-generated, so putting across your voice and ensuring that it sounds in line with the rest of your content is essential.

This is something that you should be double-checking in the review stage of your blog post.

FACT-CHECKING

ChatGPT’s knowledge generally ends in the latter part of 2021. This means that some of the facts it gives may be outdated and, therefore, inaccurate.

Before you publish a post, while you’re reviewing it, you should make sure that any facts mentioned are accurate and edit them if they’re not.

It’s all well and good having a well-written article, but if the information within it is inaccurate, it could destroy any trust you have built with your readers or audience.

Instead, spend some time checking all of the facts for yourself. This way, you can be sure that the content you are putting out there is going to be well received by its intended audience.

CHECK FOR PLAGIARISM WITH GRAMMARLY

While your text should be unique when generated with ChatGPT, that’s not always true. It’s always a good idea to double-check it. Grammarly is a popular free tool for checking spelling and grammar in written content, and it has a built-in plagiarism checker.

It’s worth spending a couple of minutes copying and pasting your AI-generated content into Grammarly’s Plagiarism Checker just to give it the once over before it goes live.

Get Grammarly Here

IS CHATGPT GOOD FOR BLOGGING?

Overall, ChatGPT is a super useful tool for digital marketers and bloggers to have as part of their content creation toolkit.

You can use it for everything from blog writing to writing a meta description and even generating social media captions. It can also be used for keyword research and to help you generate new keyword ideas.

The main thing to bear in mind is that it’s likely that content generated with ChatGPT is watermarked or soon will be.

This means that Google and other search engines, along with AI content detection tools like Originality.ai, will usually be able to tell if your content is AI-generated.

However, that doesn’t mean you should dismiss ChatGPT altogether. But it does mean you need to be savvy and do what you can to get the most out of the tool.

Teaming up ChatGPT with other tools like Jasper can be a great way to get the most out of your content marketing efforts. This can also help you to get around the potential ‘Watermarking’ issues that you may come across in the future with Chat GPT.

ChatGPT isn’t really designed for long-form content writing, so you probably won’t use it to create entire blog posts in one go. However, there’s nothing to say that facility won’t come in the future. And there are already awesome courses like AI for blogging that are helping students profit from this new technology.

What it does is offer a quick and easy way to get blog post ideas, expand on ideas you already have, and even get an idea of what other people might be writing about within your niche.

You can then use the information you have gathered from ChatGPT in Jasper to create a unique, high-quality long-form blog post that you would be proud to publish on your platform.

Try Jasper Here Free

Source :
https://www.nichepursuits.com/how-to-use-chatgpt-to-write-a-blog-post/

10 Best Firewalls for Small & Medium Business Networks in 2023

BY AMINU ABDULLAHI MAY 16, 2023

Small and medium-sized businesses (SMBs) are increasingly becoming targets for cyber attacks. According to Verizon, about 61 percent of SMBs reported at least one cyber attack in 2021. Worse, Joe Galvin, chief research officer at Vistage, reported that about 60 percent of small businesses fold within six months of a cyber attack.

To protect your network from potential threats, you need a reliable and effective firewall solution. This tool will act as the first line of defense against unauthorized access and can help prevent malicious attacks from infiltrating a business’s network.

We reviewed the top SMB firewall solutions to help you determine the best one for your business.

Perimeter 81: Best overall (Read more)
pfSense: Best open-source-driven firewall (Read more)
Comodo Free Firewall: Best firewall for Windows PCs (Read more)
ManageEngine Firewall Analyzer: Best for log, policy, and firewall configuration management (Read more)
Fortinet FortiGate: Best for hybrid workforces (Read more)
SonicWall TZ400 Security Firewall: Best for advanced threat protection (Read more)
Cisco Meraki MX68: Best for small branches with up to 50 users (Read more)
Sophos XGS Series: Best for remote workers (Read more)
Protectli Vault – 4 Port: Best for building your own OPNsense or pfSense router and firewall (Read more)
OPNSense: Best for flexibility (Read more)

Top SMB firewall software comparison

	Best for	IPS	Content filtering	Starting price
Perimeter 81	Best overall	Yes	Yes	$8 per user per month, billed annually
pfSense	Open source	Yes	Yes	$0.01 per hour
Comodo Free Firewall	Windows PCs	Yes	Yes	Free
ManageEngine Firewall Analyzer	Log, policy, and firewall configuration management	Yes	Yes	$395 per device
Fortinet FortiGate	Hybrid workforces	Yes	Yes	Approx. $335
SonicWall TZ400 Security Firewall	Advanced threat protection	Yes	Yes	Approx. $1,000–$1,500
Cisco Meraki MX68	Small branches with up to 50 users	Yes	Yes	Approx $640
Sophos XGS Series	Remote workers	Yes	Yes	Approx. $520
Protectli Vault – 4 Port	Building your own OPNsense or pfSense router and firewall	Yes	Yes	$269 for FW4B – 4x 1G Port Intel J3160
OPNSense	Flexibility	Yes	Yes	Free, or $170.46/yr for business ed.

Jump to:

Perimeter 81

Best overall

Founded in 2018, Perimeter 81 is a cloud and network security company that provides organizations with a secure and unified platform for accessing and managing their applications and data.

It provides many security solutions, including firewall as a service (FWaaS), secure web gateway (SWG), zero trust network access (ZTNA), malware protection, software-defined perimeter, VPN-alternative and secure access service edge (SASE) capabilities, to ensure that data is secure and accessible to authorized personnel. It also provides centralized management and user access monitoring, enabling organizations to monitor and control user activity across the network.

Perimeter 81 provides granular access control policies that enable organizations to define and enforce access rules for their network resources based on the user’s identity, device type, and other contextual factors—making it easy for employees to access the company’s resources without compromising security.

Pricing

Pricing plans	Minimum users	Cost per month, plus gateway cost	Cost per year, plus gateway cost	Cloud firewall	Agentless application access	Device posture check
Essential	10	$10 per user, plus $50 per month per gateway	$8 per user, plus $40 per month per gateway	No	2 applications	No
Premium	10	$12 per user, plus $50 per month per gateway	$15 per user, plus $40 per month per gateway	10 policies	10 applications	3 profiles
Premium Plus	20	$16 per user, plus $50 per month per gateway	$20 per user, plus $40 per month per gateway	100 policies	100 applications	20 profiles
Enterprise	50	Custom quotes	Custom quotes	Unlimited	Unlimited	Unlimited

Features

Identity-based access for devices and users.
Network segmentation.
OS and application-level security and mutual TLS encryption.
Enable traffic encryption enforcement, 2FA, Single Sign-On, DNS filtering, and authentication.

Pros

Provides visibility into the company network.
Allows employee access from on-premise.
Automatic Wi-Fi security.
30-day money-back guarantee.

Cons

Low and mid-tiered plans lack phone support.
Limited support for Essential, Premium, and Premium Plus.

pfSense

Best open-source-driven firewall

pfSense is an open-source firewall/router network security solution based on FreeBSD. Featuring firewall, router, VPN, and DHCP servers, pfSense is a highly customizable tool that can be used in various network environments, from small home networks to large enterprise networks.

The tool supports multiple WAN connections, failover and load balancing, and traffic shaping, which can help optimize network performance. pfSense can be used on computers, network appliances, and embedded systems to provide a wide range of networking services.

Pricing

pfSense pricing varies based on your chosen medium—cloud, software, or hardware appliances.

For pfSense cloud:

pfSense on AWS: Pricing starts from $0.01 per hour to $0.40 per hour.
pfSense on Azure: Pricing starts from $0.08 per hour to $0.24 per hour.

For pfSense software:

pfSense CE: Open source version available to download for free.
pfSense+ Home or Lab: Available at no cost for evaluation purposes only.
pfSense+ W/TAC LITE: Currently available at no charge, but vendor may increase rate to $129 per year in the future.
pfSense+ W/TAC PRO: $399 per year.
pfSense+ W/TAC ENT: $799 per year.

For pfSense appliances:

pfSense+ appliances	Device cost	Best for	Firewall speed (IPERF3 TRAFFIC)	Firewall speed (IMIX TRAFFIC)
Netgate 1100	$189	Home	607 Mbps(10k ACLs)	191 Mbps(10k ACLs)
Netgate 2100	$349	Home Home Pro Branch/Small Business	964 Mbps(10k ACLs)	249 Mbps(10k ACLs)
Netgate 4100	$599	Home Pro Branch/Small Business Medium Business	4.09 Gbps(10k ACLs)	1.40 Gbps(10k ACLs)
Netgate 6100	$799	Home Pro Branch/Small Business Medium Business	9.93 Gbps(10k ACLs)	2.73 Gbps(10k ACLs)
Netgate 8200	$1,395	Branch/Small Business Medium Business Large Business	18.55 Gbps	5.1 Gbps
Netgate 1537	$2,199	Medium Business Large Business Data Center	18.62 Gbps(10k ACLs)	10.24 Gbps(10k ACLs)
Netgate 1541	$2,899	Medium Business Large Business Data Center	18.64 Gbps(10k ACLs)	12.30 Gbps(10k ACLs)

Features

Stateful packet inspection (SPI).
IP/DNS-based filtering.
Captive portal guest network.
Time-based rules.
NAT mapping (inbound/outbound).

Pros

Anti-spoofing capability.
Connection limits option.
Community support.

Cons

The tool’s open-source version support is limited to community or forum. It lacks remote login support, private login support, a private support portal, email, telephone, and tickets.
Complex initial setup for inexperienced users.

Comodo Free Firewall

Best for Windows PCs

Comodo Firewall is a free firewall software designed to protect computers from unauthorized access and malicious software by monitoring all incoming and outgoing network traffic.

The firewall features packet filtering, intrusion detection and prevention, and application control. It also includes a “sandbox” feature that allows users to run potentially risky applications in a protected environment without risking damage to the underlying system.

The software works seamlessly with other Comodo products, such as Comodo Antivirus and Comodo Internet Security.

Pricing

Comodo is free to download and use. The vendor recommends adding its paid antivirus product (Comodo Internet Security Pro) to its firewall for added security. The antivirus costs $29.99 per year for one PC or $39.99 per year for three PCs.

Features

Auto sandbox technology.
Cloud-based behavior analysis.
Cloud-based allowlisting.
Supports all Windows OS versions since Windows XP (Note: Windows 11 support forthcoming).
Website filtering.
Virtual desktop.

Pros

Monitors in/out connections.
Learn user behavior to deliver personalized protection.
Real-time malware protection.

Cons

Lacks modern user interface.
Pop-up notifications—some users may find the frequent alerts generated by the software annoying and intrusive.

ManageEngine Firewall Analyzer

Best for log, policy, and firewall configuration management

ManageEngine Firewall Analyzer is a web-based log analytics and configuration management software for firewall devices.

It provides real-time visibility into network activity and helps organizations identify network threats, malicious traffic, and policy violations. It supports various firewalls, including Cisco ASA, Palo Alto, Juniper SRX, Check Point, SonicWall, and Fortinet.

Firewall Analyzer helps monitor network security, analyze the security posture of the network, and ensure compliance with security policies. It also provides reports, dashboards, and automated alerting to ensure the network remains secure.

Pricing

The amount you will pay for this tool depends on the edition you choose and the number of devices in your organization.

You can download the enterprise edition’s 30-day free trial to test-run it and learn more about its capabilities. It’s available in two versions: Windows OS or Linux. You can also download it for mobile devices, including iPhone devices and Android phones or tablets.

Standard Edition: Starts at $395 per device, up to 60 devices.
Professional Edition: Starts at $595 per device, up to 60 devices.
Enterprise Edition: Starts at $8,395 for 20 devices, up to 1,200 devices.

Feature

Firewall rules report and firewall device audit report.
Regulatory compliance with standards such as ISO, PCI-DSS, NERC-CIP, SANS, and NIST.
Network behavioral anomaly alert.
Security reports for viruses, attacks, spam, denied hosts, and event summaries.
Historical configuration change tracking.
Bandwidth report for live bandwidth, traffic analyzer, URL monitor, and employee internet usage.
Compatible with over 70 firewall versions.

Pros

Excellent technical support.
Users praise its reporting capability.
In-depth auditing with aggregated database entries capability.
VPN and security events analysis.

Cons

Complex initial setup.
Users reported that the tool is occasionally slow.

Fortinet FortiGate

Best for hybrid workforces

Fortinet FortiGate is a network security platform that offers a broad range of security and networking services for enterprises of all sizes. It provides advanced threat protection, secure connectivity, and secure access control. It also provides advanced firewall protection, application control, and web filtering.

Business owners can use Fortinet’s super-handy small business product selector to determine the best tool for their use cases.

Small and mid-sized businesses may find the following FortiGate’s model suitable for their needs:

	IPS	NGFW	Threat Protection	Interfaces	Series
FortiGate 80F	1.4 Gbps	1 Gbps	900 Mbps	Multiple GE RJ45 \| Variants with PoE, DSL,3G4G, WiFi and/or storage	FG-80F, FG-80F-PO, FG-80F-Bypass, FG-81F, FG-81F-PO, FG-80F-DSL, FWF-81F-2R-POE, FWF-81, F-2R-3G4G-POE, FWF-80F/81F-2R, and FWF-80F/81F-2R-3G4G-DSL
FortiGate 70F	1.4 Gbps	1 Gbps	800 Mbps	Multiple GE RJ45 \| Variants with internalstorage	FG-70F and FG-71F
FortiGate 60F	1.4 Gbps	1 Gbps	700 Mbps	Multiple GE RJ45 \| Variants with internalstorage \| WiFi variants	FG-60F, FG-61F, FWF-60F, and FWF-61F
FortiGate 40F	1 Gbps	800 Mbps	600 Mbps	Multiple GE RJ45 \| WiFi variants	FG-40F, FG-40F-3G4G, FWF-40F, FWF-40F-3G4G

Fortinet FortiGate is compatible with several operating systems and can easily be integrated into existing networks.

Pricing

Unfortunately, Fortinet doesn’t publish their prices. Reseller prices start around $335 for the FortiGate 40F with no support. Contact Fortinet’s sales team for quotes.

Features

Offers AI-powered security services, including web, content, and device security, plus advanced tools for SOC/NOC.
Continuous risk assessment.
Threat protection capability.

Pros

Top-rated firewall by NSS Labs.
Intrusion prevention.

Cons

According to user reviews, the CLI is somewhat complex.
Complex initial setup.

SonicWall TZ400 Security Firewall

Best for advanced threat protection

The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe.

The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Pricing

This product’s pricing is not available on the Sonicwall website. However, resellers such as CDW, Staples, and Office Depot typically sell it in the $1,000–$1,500 range. You can request a quote for your particular use case directly from Sonicwall.

Features

Deep memory inspection.
Single-pane-of-glass management and reporting.
SSL/TLS decryption and inspection.
SD-WAN and zero-touch deployment capabilities.

Pros

Optional PoE and Wi-Fi options.
DDoS attack protection (UDP/ICMP/SYN flood).
Fast performance with gigabit and multi-gigabit Ethernet interfaces.
Protects against intrusion, malware, and ransomware.
High-performance IPS, VPN, and threat prevention throughput.
Efficient firewall inspection and application inspection throughput.

Cons

Support can be improved.
It can be difficult to configure for inexperienced users.

Cisco Meraki MX68

Best for small branches with up to 50 users

The Cisco Meraki MX68 is a security appliance designed for SMBs. It’s part of the Cisco Meraki MX series of cloud-managed security appliances that provide network security, content filtering, intrusion prevention, and application visibility and control.

The MX68 is equipped with advanced security features such as a stateful firewall, VPN, and intrusion prevention system (IPS) to protect your network from cyber attacks. The MX68 has a variety of ports and interfaces, including LAN and WAN ports and a USB port for 3G/4G failover. It also supports multiple WAN uplinks, providing redundancy and failover options to ensure your network remains online and available.

Pricing

The Cisco Meraki MX68 pricing isn’t listed on the company’s website, but resellers typically list it starting around $640. You can request a demo, free trial, or quotes by contacting the Cisco sales team.

Features

Centralized management via web-based dashboard or API.
Intrusion detection and prevention (IDS/IPS).
Next-generation layer 7 firewalls and content filtering.
SSL decryption/inspection, data loss prevention (DLP), and cloud access security broker (CASB).
Instant wired failover with added 3G/4G failover via a USB modem.

Pros

Remote browser isolation, granular app control, and SaaS tenant restrictions.
Support for native IPsec or Cisco AnyConnect remote client VPN.
Provides unified management for security, SD-WAN, Wi-Fi, switching, mobile device management (MDM), and internet of things (IoT)

Cons

The license cost is somewhat high.
Support can be improved.

Sophos XGS Series

Best for remote workers

Sophos XGS Series Desktop is a range of network security appliances designed to provide comprehensive protection for SMBs. These appliances combine several security technologies, including firewall, intrusion prevention, VPN, web filtering, email filtering, and application control, to provide a robust and integrated security solution.

Here’s a comparison table of the Sophos XGS series firewalls:

	Firewall	TLS inspection	IPS	IPSEC VPN	NGFW	Firewall IMIX	Threat protection	Latency (64 byte UDP)
XGS Desktop Models	3,850 Mbps	375 Mbps	1,200 Mbps	3,000 Mbps	700 Mbps	3,000 Mbps	280 Mbps	6 µs
XGS 107 / 107w	7,000 Mbps	420 Mbps	1,500 Mbps	4,000 Mbps	1,050 Mbps	3,750 Mbps	370 Mbps	6 µs
XGS 116 / 116w	7,700 Mbps	650 Mbps	2,500 Mbps	4,800 Mbps	2,000 Mbps	4,500 Mbps	720 Mbps	8 µs
126/126w	10,500 Mbps	800 Mbps	3,250 Mbps	5,500 Mbps	2,500 Mbps	5,250 Mbps	900 Mbps	8 µs
136/136w	11,500 Mbps	950 Mbps	4,000 Mbps	6,350 Mbps	3,000 Mbps	6,500 Mbps	1,000 Mbps	8 µs

The Sophos XGS Series Desktop appliances are available in several models with varying performance capabilities, ranging from entry-level models suitable for small offices to high-performance models suitable for large enterprises. They are designed to be easy to deploy and manage, with a user-friendly web interface and centralized management capabilities.

Pricing

Sophos doesn’t advertise the pricing for their XGS Series Desktop appliances online, but they typically retail starting at about $520 from resellers.

Potential customers are encouraged to request a free trial and pricing information by filling out a form on the “Get Pricing” page of their website.

Features

Centralized management and reporting.
Wireless, SD-WAN, application aware routing, and traffic shaping capability.
SD-WAN orchestration.
Advanced web and zero-day threat protection.

Pros

Zero-touch deployment.
Lateral movement protection.
Users find the tool scalable.

Cons

Performance limitations.
Support can be improved.

Protectli Vault – 4 Port

Best for building your own OPNsense or pfSense router and firewall

The Protectli Vault is a small form-factor network appliance designed to act as a firewall, router, or other network gateway. The 4-Port version has four gigabit Intel Ethernet NIC ports, making it ideal for SMB or home networks.

The device is powered by a low-power Intel processor and can run a variety of open-source firewall and router operating systems, such as pfSense, OPNsense, or Untangle. It comes with 8GB DDR3 RAM and up to 32GB DDR4 RAM.

The Protectli Vault is designed to be fanless, silent, and compact, making it ideal for use in the home or office environments where noise and space may be an issue. It’s also designed to be energy-efficient, consuming only a few watts of power, which can save businesses considerable amounts of money on energy costs over time.

Pricing

The amount you will pay for this tool depends on the model you select and your desired configuration. The rates below are starting prices; your actual rate may vary based on your configuration. Note that all these items ship free to U.S. addresses.

VP2410 – 4x 1G Port Intel J4125: Starts at $329.
VP2420 – 4x 2.5G Port Intel J6412: Starts at $379.
FW4B – 4x 1G Port Intel J3160: Starts at $269.
FW4C – 4x 2.5G Port Intel J3710: Starts at $289.

Features

Solid-state and fanless tool.
Provides 2.5 GB ports unit.
AES-NI, VPN, and coreboot options.

Pros

A 30-day money-back guarantee.
Transparent pricing.
Coreboot support.
CPU supports AES-NI.

Cons

Steep learning curve.

OPNSense

Best for flexibility

OPNsense is a free and open-source firewall and routing platform based on the FreeBSD OS. It was forked from the popular pfSense and m0n0wall project in 2014 and was officially released in January 2015.

OPNsense provides a modular design that allows users to easily add or remove functionality based on their needs.

OPNsense is popular among IT professionals and network administrators who need a flexible and customizable firewall and routing platform that they can tailor to their specific needs. It’s also a good choice for small businesses and home users who want to improve their networks’ security without spending a lot of money on commercial solutions.

Pricing

OPNSense is a free, open source tool. It is available in two editions: Community edition and business edition. You can download the community version at no cost. For the business version, a one-year subscription costs $170.46 per year.

Features

High availability and hardware failover.
Intrusion detection and prevention.
Captive portal.
VPN (site-to-site and road warrior, IPsec, OpenVPN, and legacy PPTP support).
Built-in reporting and monitoring tools, including RRD Graphs.

Pros

Free, open source.
Traffic shaper.
Support for plugins.
Multi-language support, including English, Czech, Chinese, French, German, Italian, Japanese, Portuguese, Russian, and Spanish.

Cons

Reporting capability can be improved.
The interface can be improved.

Key features of SMB firewalls

Firewalls designed for SMBs share many of the same characteristics as their enterprise-grade cousins—such as firewall rule and policy configuration, content filtering, reporting and analytics—while placing additional emphasis on affordability and ease of use.

Firewall rules and policies

Administrators should be able to set up firewall rules and policies that control traffic flow and block or permit traffic based on various criteria, such as source/destination IP addresses, ports, and protocols.

These rules and policies can be used to control the types of applications, services, and data that are allowed to traverse the network, as well as create restrictions on access.

Firewall rules and policies are essential to the security of a network, as they provide the first line of defense against malicious attacks.

Content filtering

Content filtering is the process of blocking or restricting certain types of content from entering or leaving a network. It can be used to block websites, applications, or data that may contain malicious or unwanted content, such as malware, viruses, or pornographic material.

Content filtering is typically implemented using a combination of hardware and software solutions. Hardware solutions, such as routers and switches, can be configured to block certain types of traffic or data or to restrict access to certain websites or applications. Software solutions, such as firewall rules and policies, can also be used to block or restrict certain types of content.

Reporting and analytics

Reporting and analytics are essential for any business network, as they provide important insights into the health and security of the network. Firewall reporting and analytics features allow network administrators to identify trends, detect potential threats, and analyze the performance of the network over time.

Reporting and analytics can also be used to identify any areas of the network that may be vulnerable to attack, as well as identify any areas where the network may not be performing optimally.

Affordability

For SMBs, affordability is a key factor when it comes to purchasing a firewall. SMB firewalls are typically more affordable than enterprise firewalls and can be purchased for as little as a few hundred dollars, so it is important to consider your budget when selecting a firewall.

Some SMB firewalls offer additional features for a fee, so consider what features are necessary for your network and the ones you can do without, as this will help you decide on the most cost-effective firewall solution. At the same time, be careful not to cut corners—your business’s data is too important to be insufficiently protected.

Ease of use and support

For SMBs, finding a firewall solution that is easy to use and has good support is essential. Firewalls should be easy to configure and manage so the network administrator can quickly and easily make changes as needed.

Additionally, good support should be available for any issues or questions that arise. This support should include an online knowledge base and access to technical support staff that can assist with any questions or problems, ideally 24/7.

How to choose the best SMB firewall software for your business

When shopping for the best SMB firewall software for your business, look for software that offers the features you need, easy installation and management, scalability to grow with your business, minimal impact on network performance, and an affordable price.

It’s also important to choose a vendor with a good reputation in the industry, backed up by positive reviews and customer feedback.

Frequently asked questions (FAQs)

What is an SMB firewall?

An SMB firewall is a type of network security device that is designed specifically for small and medium-sized businesses. It’s used to protect networks from unauthorized access, malicious attacks, and other security threats.

What features should I look for in an SMB firewall?

Above all you need a solution with a strong security profile. Look for specific security measures such as:

Intrusion prevention
Content filtering
Malware protection
Application control
Traffic shaper

Other factors to consider include ease of management, scalability, and cost.

Do small businesses need a firewall?

Yes, small businesses need a firewall. It provides an essential layer of network security that helps protect against unauthorized access, malware, and other security threats. Without a firewall, small businesses are vulnerable to attacks that could compromise sensitive data, cause network downtime, and damage their reputation.

How much does a firewall cost for SMBs?

The cost of an SMB firewall can vary widely depending on the features, capabilities, and brand of the firewall. Generally, SMB firewalls can range in price from a few hundred to several thousand dollars.

How many firewalls do you need for a small business?

The number of firewalls needed for a small business will depend on the size and complexity of the network. In many cases, a single firewall may be sufficient to protect the entire network. However, in larger networks, it may be necessary to deploy multiple firewalls to provide adequate protection.

Factors such as network segmentation, geographic location, and compliance requirements may also influence the number of firewalls needed. It’s best to consult with a network security expert to determine the appropriate number of firewalls for your small business.

Methodology

We analyzed dozens of SMB firewall software and narrowed down our list to the top ten. We gathered primary data—including pricing details, features, support, and more—from each tool provider’s website, as well as third-party reviews. We selected each software based on five key data points: security, ease of use, affordability, quality of service, and user satisfaction.

Bottom line: Choosing an SMB firewall

The solutions we evaluated are some of the best SMB firewalls currently available on the market. They are designed to provide SMBs with advanced security features, easy management, and scalability at affordable rates.

If your business is growing fast and you need an enterprise-grade network firewall solution, we also reviewed the best firewall software for enterprise networks.

Read our complete guide to designing and configuring a firewall policy for your organization, complete with a free, downloadable template.

Source :
https://www.enterprisenetworkingplanet.com/guides/best-firewalls-for-small-medium-business/

7 Best Firewall Software Solutions: 2023 Firewall Comparison

BY COLLINS AYUYA MAY 23, 2023

In the fast-paced realm of cyberspace where threats continue to multiply, firewall software represents a critical line of defense for businesses of all sizes.

Such programs function as digital gatekeepers, regulating the flow of inbound and outbound network traffic according to a set of rules defined by the user.

With the continued rise of data breaches, investing in the best firewall software isn’t a mere consideration; it’s a necessity.

That’s why we researched, analyzed, and selected the best firewall software solutions for 2023:

Norton: Best for a comprehensive security suite (Read more)
Fortinet: Best for scalability (Read more)
GlassWire: Best for user-friendly interface (Read more)
Cisco Secure Firewall Management Center: Best for centralized management and control (Read more)
pfSense: Best open source solution (Read more)
Sophos Firewall: Best for cloud-based management (Read more)
ZoneAlarm: Best for personal use (Read more)

Best firewall software comparison

Before delving into each firewall software’s in-depth review, let’s take a quick overview of what each product offers via a comparison chart:

	Comprehensive security suite	Scalability	User-friendly interface	Robust features	Cloud-based management	Open-source	Starting price
Norton	✔	✘	✔	✔	✔	✘	$49.99 for 5 devices for the first year
FortiGate	✔	✔	✘	✔	✔	✘	$250/year for home office
GlassWire	✘	✔	✔	✔	✘	✘	Free, or $2.99/month/license
Cisco Secure Firewall Management Center	✔	✔	✔	✔	✔	✘	Contact Cisco
pfSense	✔	✔	✘	✔	✘	✔	Free
Sophos Firewall	✔	✔	✔	✔	✔	✘	Contact Sophos
ZoneAlarm	✔	✘	✔	✘	✔	✘	Free, or $22.95/year for 1 PC

Jump to:

Norton

Best for a comprehensive security suite

Norton is a household name in cybersecurity that has long been delivering top-tier firewall software that signifies its wealth of experience in the sector.

The standout attribute of Norton is its comprehensive security suite, going beyond basic firewall protection to incorporate a smart firewall and intrusion prevention system (IPS), antivirus capabilities, identity theft protection, and even a VPN offering.

All that adds up to a holistic solution for businesses desiring a single-stop security software.

Pricing

Norton’s Smart Firewall is included in Norton 360, whose pricing plans at the time of writing are:

Deluxe: $49.99 for the first year for 5 PCs, Macs, tablets, or phones.
Select + LifeLock: $99.99 for the first year for 10 PCs, Macs, tablets, or phones.
Advantage + LifeLock: $191.88 for the first year for 10 PCs, Macs, tablets, or phones.
Ultimate Plus + LifeLock: $299.88 for the first year for unlimited PCs, Macs, tablets, or phones.

Features

Advanced smart firewall with customizable rules, allowing businesses to modify access based on their specific needs, thus providing a higher level of personalized security.
Integrated VPN for safe browsing ensures users can access the internet securely without worrying about potential threats or privacy breaches.
Identity theft protection is another vital feature, which helps safeguard sensitive personal and business data from potential hackers.
SafeCam feature prevents unauthorized access to your webcam, thwarting any potential spying or privacy intrusions.
Automatic updates ensure that your protection is always up-to-date, reinforcing defenses against new and evolving threats.

Pros

Norton offers a comprehensive security suite, providing a broad spectrum of protective measures beyond the typical firewall, creating a fortified line of defense against a myriad of cyber threats.
The interface is easy to navigate, making the process of setting up and managing the firewall less complex and more user-friendly, even for those with limited technical knowledge.
It provides 24/7 customer support, ensuring that you’ll have access to assistance whenever you need it, regardless of the hour or day.

Cons

While perfect for small to mid-sized businesses, Norton might not be as scalable for larger businesses with a vast network of devices, potentially limiting its effectiveness in such an environment.
Depending on your requirements, the subscription can become expensive with add-ons, which might be a drawback for businesses on a tight budget.

Fortinet

Best for scalability

Fortinet is a well-regarded player in the cybersecurity arena and its firewall software exemplifies its commitment to delivering high-quality solutions. FortiGate, Fortinet’s firewall offering, is recognized for its advanced firewall solutions that are scalable and robust.

Particularly useful for growing businesses, FortiGate brings forward top-notch features that can effortlessly adapt to the needs of expanding network infrastructures.

Pricing

Fortinet offers a variety of solutions priced broadly to accommodate all business sizes—from $250 for home office to $300,000 for large enterprises. Contact Fortinet for accurate pricing information.

Features

FortiGate offers an advanced firewall with extensive protection against incoming threats, thus maintaining the security of your network.
With scalability at its core, FortiGate can adapt and grow along with your business, addressing increasing security demands seamlessly.
Smooth integration with other Fortinet security solutions, enabling a comprehensive security ecosystem for your business.
FortiGate Cloud-Native Firewall offers high resiliency to ease security delivery across cloud networks and availability zones at scale.
Automatic updates keep the firewall current and equipped to deal with the latest threats, ensuring your network’s protection remains robust.

Pros

Fortinet’s robust firewall features deliver comprehensive security for your network, providing the necessary defenses to ward off potential threats.
With a strong focus on scalability, Fortinet is an ideal choice for rapidly growing businesses that need a security solution to match their expanding network.
The software’s high-performance nature means that it delivers robust security without hampering your network’s speed or efficiency.

Cons

Despite (or because of) offering a wealth of features, Fortinet’s interface may not be as user-friendly as some other options, potentially causing difficulties for those without substantial technical knowledge.
While Fortinet offers a range of pricing options, the cost can quickly escalate for larger networks or when additional features are included, which may not suit budget-conscious businesses.
Pricing information is not transparent and requires negotiation. Your mileage may vary.

GlassWire

Best for user-friendly interface

GlassWire is an elegant and visually appealing firewall software that provides comprehensive network monitoring capabilities.

It uniquely combines a network monitor and firewall, offering users a clear visual representation of their network activity. This functionality helps users to understand their online behavior and potential threats in a way that’s easy to interpret.

Pricing

GlassWire offers a tiered pricing model:

Free: provides limited features, perfect for individual users or small businesses.
Premium: Starts at $2.99 per month per license, paid annually. Its premium tier plans suitable for business range between 10 and 200 licenses.

Features

Real-time and detailed visualization of your current and past network activity, offering an intuitive and easy-to-understand representation of what’s happening on your network.
Built-in firewall that allows users to easily monitor applications using the network and block any suspicious activity, providing a comprehensive network security solution.
A unique “Incognito” mode for users who do not want certain network activities to appear on the network graph, ensuring user privacy.
Firewall profiles to instantly switch between different environments, such as public and private networks.
The network time machine feature allows users to go back in time up to 30 days to see what their computer or server was doing in the past.

Pros

GlassWire offers a beautifully designed, user-friendly interface that presents complex network security information in a visually appealing and understandable way.
Its comprehensive network monitoring capability allows users to understand their online behavior, identify patterns and detect anomalies.
The software’s built-in firewall offers users the flexibility to control which applications can access the network, enhancing the overall security of their systems.

Cons

The software requires a moderate amount of system resources to run efficiently, which might be an issue for systems with limited resources.
Although GlassWire’s visualizations are beautiful and informative, some users may find them overwhelming and would prefer a more traditional interface.

Cisco Secure Firewall Management Center

Best for centralized management and control

The Cisco Secure Firewall Management Center provides a comprehensive solution for centralized control and management of security policies. It enhances the overall efficiency of network administration by offering a unified platform to manage multiple Cisco security appliances.

Businesses that use a variety of Cisco security tools will find this a valuable addition to streamline operations and enhance control.

Pricing

Cisco Secure Firewall Management Center’s pricing depends on the scale of operations and the specific needs of a business. For detailed and customized pricing information, you can directly contact Cisco or its partners.

Features

A unified management console that can control a wide range of Cisco security appliances, reducing the complexity associated with managing multiple devices.
Advanced threat detection and analysis capabilities, enabling administrators to swiftly identify and respond to security incidents.
Flexible deployment options, including on-premises, virtual and cloud-based solutions, catering to various operational needs and preferences.
Comprehensive policy management, allowing administrators to efficiently establish and enforce security policies across their Cisco security infrastructure.
Integration with other Cisco security tools, such as Cisco Threat Response, provides a cohesive and powerful security solution.

Pros

The ability to manage multiple Cisco security appliances from a single platform is a significant advantage, especially for larger enterprises managing complex security infrastructures.
Cisco Secure Firewall Management Center offers advanced threat detection and analysis capabilities, aiding in swift and efficient incident response.
Its flexible deployment options cater to diverse operational needs, providing convenience and ease of setup to businesses of all sizes.

Cons

Although powerful, the platform may require a steep learning curve, particularly for those who are new to Cisco’s ecosystem.
Some users have reported a desire for more customization options within the management interface to meet their specific operational needs.
Pricing information is not transparent and requires negotiation. Your mileage may vary.

pfSense: Best open source solution

pfSense is an open-source firewall software solution that is highly customizable, suitable for tech-savvy businesses that prefer having the flexibility to tailor their firewall to specific needs. It’s built on the FreeBSD operating system, offering a comprehensive range of features for network management and security.

Pricing

As an open-source platform, pfSense is free to download and use. However, Netgate, the company behind pfSense, offers paid support and services, including hardware solutions integrated with pfSense software.

Features

A wide array of networking functionalities, including firewall, VPN, and routing services, ensuring comprehensive network protection.
Being open-source, it offers extensive customization options, allowing businesses to tailor the software to their specific needs.
Supports a large selection of third-party packages for additional features, granting more flexibility in expanding its capabilities.
Detailed network monitoring and reporting tools, allowing for granular insight into network traffic and potential security threats.
It has a community-backed development model, ensuring continuous improvements and updates to its features.

Pros

pfSense’s open-source nature allows for extensive customization, giving businesses control over how they want to configure their firewall.
The software provides a comprehensive set of features, ensuring thorough network protection and management.
Its support for third-party packages allows for the addition of further functionalities, enhancing its overall capabilities.

Cons

The configuration of pfSense can be quite complex, particularly for users without a strong technical background, which could pose a challenge for some businesses.
The user interface, while functional, may not be as polished or intuitive as some commercial firewall solutions.
As with many open-source projects, while there’s a supportive community, professional customer service might not be as accessible as with commercial solutions.

Sophos Firewall

Best for cloud-based management

Sophos Firewall brings a fresh approach to the way you manage your firewall and how you can detect and respond to threats on your network.

Offering a user-friendly interface and robust features, this product provides businesses with an effective and efficient solution for their network security needs. It’s a versatile solution that not only offers traditional firewall capabilities but also integrates innovative technologies to ensure all-round security.

Pricing

Sophos does not publicize pricing information, because their solutions are provided by resellers and can vary depending on the business’s size, needs, and location. You can contact them directly for accurate pricing information.

Features

All-in-one solution by integrating advanced threat protection, IPS, VPN, and web filtering in a single comprehensive platform, thereby providing robust security for your network.
Deep learning technology and threat intelligence, both of which work in synergy to identify and respond to threats before they can cause damage, offering advanced protection against malware, exploits, and ransomware.
User-friendly interface that simplifies configuration and management tasks, making it easier for users to set up security policies and monitor network activities.
Synchronized Security technology that facilitates communication between your endpoint protection and your firewall, creating a coordinated defense against cyber threats.
The Sophos Firewall comes with an effective cloud management platform, allowing administrators to remotely manage the system, configure settings, and monitor network activity.

Pros

A user-friendly interface that simplifies the process of setting up and managing network security policies, making it suitable for businesses with limited technical expertise.
It integrates advanced protection capabilities, such as threat intelligence and deep learning technology, to provide robust defense against sophisticated cyber threats.
This firewall software’s unique Synchronized Security feature offers a coordinated and automated response against threats, enhancing the overall effectiveness of your network security.

Cons

Some users have reported that while the user interface is intuitive, it might take some time to navigate due to the depth of features available.
The initial setup and configuration might require technical expertise, although Sophos provides comprehensive resources and customer support to guide users.
Although Sophos’ site advertises “Simple Pricing,” their costs are not in fact transparent and will require negotiating a quote. Your mileage may vary.

ZoneAlarm

Best for personal use

ZoneAlarm is an excellent choice for personal use and small businesses due to its simplicity and effectiveness.

With a robust set of features and an intuitive interface, it provides robust protection without requiring extensive technical knowledge. Its reputation as a reliable firewall solution makes it an attractive choice for users seeking to safeguard their systems from various threats.

Pricing

ZoneAlarm offers both free and premium versions of their firewall software. The free version provides basic protection, while the Pro Firewall version, which comes at a yearly subscription fee starting from $22.95 for 1 PC, offers advanced features such as zero-day attack protection and full technical support.

Features

Robust two-way firewall protection, preventing unauthorized access to your network while also stopping malicious applications from sending out your data.
Advanced privacy protection feature that protects your personal information from phishing attacks.
Unique ID Lock feature that keeps your personal information safe.
ZoneAlarm boasts an Anti-Phishing Chrome Extension that detects and blocks phishing sites, protecting your information online.
The premium version offers advanced real-time antivirus protection, ensuring that your system is continuously protected from threats.

Pros

ZoneAlarm offers a straightforward interface and setup process, making it an ideal choice for users who lack advanced technical skills.
The software provides a comprehensive suite of features, including robust firewall protection, advanced privacy tools and real-time antivirus capabilities.
ZoneAlarm’s ID Lock feature is a standout, helping to ensure the security of personal data.

Cons

While ZoneAlarm offers robust features, its protection level may not be adequate for large enterprises or businesses with complex network architectures.
Some users have reported that the software can be resource-intensive, potentially slowing down system performance.

Key features of firewall software

When choosing the best firewall software for your business, there are key features you should consider. These range from the extent of the security suite to scalability and cloud-based management, all of which play a significant role in how effectively the software will serve your needs.

Comprehensive security suite

A comprehensive security suite is more than just a basic firewall. It includes additional layers of security like antivirus capabilities, identity theft protection, and a VPN.

The best firewall software solutions should deliver this kind of comprehensive coverage, protecting against a wide variety of threats and helping you maintain the security of your entire network. Norton, Cisco, and Sophos firewalls excel in this area.

Scalability

Scalability is particularly important for businesses that are growing or plan to grow. As the size of your network increases, your security needs will change and become more complex.

Firewall software like FortiGate and pfSense are designed with scalability in mind, allowing them to adapt to the increasing security demands of your expanding network.

User-friendly interface

A user-friendly interface is crucial, especially for those who may not have a lot of technical expertise. Firewall software should be easy to navigate and manage, making the process of setting up and adjusting the firewall less daunting.

Norton excels in this area, with an intuitive interface that is straightforward to use. GlassWire, while not as intuitive, also offers an attractive and convenient interface.

Robust features

Having robust features in firewall software is key to ensuring comprehensive protection. This includes an advanced firewall with extensive customizable rules, IPS, and threat detection capabilities.

The most robust firewall solutions include Norton, FortiGate, Cisco, and Sophos, as well as pfSense, although you’ll have to do some legwork to program the latter in particular.

Cloud-based management

Cloud-based management is a significant advantage in today’s digital landscape. It allows for the remote configuration and monitoring of your firewall, making it easier to manage and adjust as needed. This feature is particularly beneficial for businesses with remote workers or multiple locations.

Norton, FortiGate, Cisco, Sophos, and ZoneAlarm all provide this capability.

Advanced firewall protection

Advanced firewall protection includes capabilities like deep packet inspection, which examines data packets to detect malware that could otherwise bypass standard firewalls. This kind of advanced protection is vital to secure your network from sophisticated threats. Most of the firewalls in this list offer advanced, next-generation capabilities.

Integration

Integration capabilities are crucial as they allow your firewall software to work in harmony with other security solutions you might have in place. Cisco firewalls, as you might expect, integrate seamlessly with other Cisco solutions, but can falter when trying to integrate with third-party solutions. On the other hand, thanks to its open-source nature, pfSense can be configured to integrate very broadly.

By considering these features when choosing your firewall software, you can ensure that you select a solution that meets the specific needs of your business, provides comprehensive protection and offers room for growth and adaptation as your business evolves.

Benefits of working with firewall software

Employing robust firewall software within your network infrastructure brings along a myriad of benefits that contribute to the overall security and efficiency of your business operations, from enhanced network security and data protection to reduced downtime and regulatory compliance.

Enhanced network security

Perhaps the most fundamental advantage of using firewall software is the enhanced network security it provides. Firewall software acts as the first line of defense against potential threats, including hackers, viruses, and other cyberattacks.

By monitoring and controlling incoming and outgoing network traffic based on predetermined security rules, firewall software ensures that only safe connections are established, thus protecting your network.

Data protection

With the increasing incidence of data breaches and cyber theft, data protection is more crucial than ever. Firewall software plays a pivotal role in safeguarding sensitive data from being accessed or stolen by unauthorized users.

By blocking unauthorized access, it ensures the safety of important information and reduces the risk of data breaches.

Traffic management

Firewall software is not only about protection but also about managing and optimizing the network traffic. Features like bandwidth management can be leveraged to allocate network resources effectively and ensure the smooth functioning of your online operations.

Real-time security updates

With the constantly evolving threat landscape, maintaining up-to-date security measures is vital. Firewall software frequently receives real-time security updates, which help to protect your network against the latest threats. This ensures that your network remains secure against even the most recent forms of cyberattacks.

Reduced downtime

Downtime can be a significant issue for any business, leading to financial losses and damage to reputation. By proactively identifying and preventing potential threats, firewall software can significantly reduce the risk of system outages, leading to increased uptime and reliability.

Scalability

As your business grows, so does the complexity and the scope of your network. Scalable firewall software grows with your business, adjusting to the increased demands and providing consistent protection despite the expanding network size. This makes it a cost-effective solution that can support your business in the long term.

Regulatory compliance

Many industries have regulations in place requiring businesses to protect sensitive data. Firewall software helps meet these regulatory requirements by providing robust security measures that prevent data breaches and protect client and customer information.

Incorporating firewall software into your network infrastructure is a critical step towards securing your business in an increasingly digital world. The benefits it offers are invaluable, providing not just enhanced protection, but also efficiency and adaptability that can significantly contribute to your business’s success.

How to choose the best firewall software for your business

Choosing the best firewall software for your business involves a careful examination of your specific needs and security requirements.

Size and security level: The size and nature of your business, the sensitivity of your data, and the extent of your network operations are crucial factors that determine what kind of firewall software will be the most beneficial.
Comprehensive features: Moreover, you should consider firewall solutions that offer a comprehensive suite of security features, such as VPN services, antivirus protection, and advanced threat detection capabilities.
Scalability: The scalability of a firewall software solution is important, particularly for growing businesses. Opt for software that can seamlessly adapt to the expanding needs of your network, providing reliable protection irrespective of your business size.
Interface: Unless you have a robust, well-trained IT department, the interface of your chosen software will need to be user-friendly and easily manageable, even for those with minimal technical expertise.
Cloud-based management: Features that allow for remote configuration and monitoring are highly beneficial in the current era of remote work. These features offer the flexibility of managing your network’s security from any location, improving overall efficiency.
Integration: Your chosen software should integrate smoothly with your existing security infrastructure to create a comprehensive, effective security system.
Support: Solid customer support from the vendor is also crucial to navigating any issues that may arise during setup or throughout the software’s lifespan.

Choosing firewall software is an investment in your business’s security, so take the time to evaluate each option thoroughly.

Frequently Asked Questions (FAQs)

Who should use firewall software?

Any individual, business, or organization that uses a network or the internet should consider using firewall software. Whether you’re a small business owner, a large corporation, or a home user, a firewall can provide essential protection against unauthorized access and various cyber threats.

Where are firewalls located on a network?

Firewalls are typically located at the edge of a network, serving as a barrier between a trusted internal network and an untrusted external network, such as the internet. They can also be positioned between different parts of an organization’s networks to control access.

Are there any downsides to using a firewall?

While firewalls are essential for network security, they can occasionally block legitimate traffic if the security settings are too restrictive. Additionally, managing and maintaining a firewall can require technical expertise. However, the benefits of using a firewall far outweigh these potential challenges.

How often should a firewall be updated?

Firewall software should be updated regularly to ensure it can protect against the latest threats. Many firewall providers release updates regularly and many firewalls are set to update automatically. However, it’s a good idea to check for updates manually periodically to ensure your firewall is up-to-date.

What is firewall software’s role in regulatory compliance?

For many businesses, especially those in regulated industries like healthcare or finance, firewall software plays a critical role in meeting compliance requirements. Regulations like the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation (GDPR) require robust data protection measures, which includes network security provided by a firewall.

Can firewall software protect against all cyber threats?

While firewall software provides a strong layer of protection, it’s not a panacea for all cyber threats. Some sophisticated threats, like targeted phishing attacks or insider threats, require additional security measures. It’s essential to have a comprehensive security strategy in place that includes firewall software, antivirus software, strong access controls, and user education about safe online practices.

Methodology

To deliver this list, we based our selection on an examination of firewall software features and overall reputation in addition to their ease of use, quality of customer support, and value for money.

This information is available in user reviews as well as official product pages and documentation. Nonetheless, we encourage you to conduct your own research and consider your unique requirements when choosing a firewall software solution.

Bottom line: Choosing the best firewall software for your business

The evolving threat landscape necessitates a robust and reliable firewall solution for both personal use and businesses of all sizes. Based on the products listed, it’s evident that several excellent options exist in the market, each with its own unique strengths and capabilities.

Choosing the best firewall software ultimately depends on your requirements, the nature of the network environment, and the budget at hand. It’s essential to consider each product’s features, pros, and cons, and align them with your individual or business needs.

The chosen solution should provide comprehensive protection, be user-friendly, and ideally offer scalability for future growth. Whether it’s for personal use or to protect a multilayered enterprise network, there’s a firewall solution out there that fits the bill.

Also see

Firewalls come in all shapes and sizes. Here’s a look at eight different types of firewalls.

We also did a review of the best firewalls for small and medium-sized businesses.

And once you’ve selected your firewall, make sure you define and implement a clear, strong firewall policy to back it up—as well as setting robust firewall rules to govern the software.

Source :
https://www.enterprisenetworkingplanet.com/guides/best-firewall-software/

In this article

What exactly is a CDN?

How do CDNs make services work faster?

The Microsoft 365 CDN

Other Microsoft CDNs

Azure CDN

Microsoft Ajax CDN

How does Microsoft 365 use content from a CDN?

How should I set up my network so that CDNs work best with Microsoft 365?

Is there a list of all the CDNs that Microsoft 365 uses?

What performance gains does a CDN provide?

Is my data safe?

How can I secure my network with all these 3rd party services?

Is there a list of all the FQDNs that leverage CDNs?

Can I use my own CDN and cache content on my local network?

I’m using Azure ExpressRoute for Microsoft 365, does that change things?

Can I use CDNs with SharePoint Server on-premises?

See also

Before starting

Benefits of a company profile

Licensing

License management

How to create a company profile

How to add a new user

How to add an existing user

How to set user permissions

How to remove/deactivate/delete users

Consequences of deleting an account

Remove user

Deactivate user

How to reactivate inactive users

Troubleshooting

▹User(s) on a company profile show a free license

▹Your account is already associated with a company

SCENARIO 1: As company administrator of an active company profile

SCENARIO 2: As company administrator of an expired company profile

SCENARIO 3: The account is a member of a company profile

What is a Blocklist?

What is an Allowlist?

How to set up a Blocklist?

How to set up an Allowlist?

How to delete blocklisted/allowlisted partners?

Restoring with the Reset Button

Restoring From Your UniFi Application

UniFi Devices

UniFi Consoles

Frequently Asked Questions

Why does my device still appear in my application after I restored it using the physical Reset button?

Why does my device say “Managed by Other”?

Why is my UniFi Device not factory restoring?

HOW TO USE CHAT GPT TO WRITE A BLOG POST

BRAINSTORM TOPICS AND TITLE IDEAS

USE CHATGPT TO HELP YOU WRITE A SOLID OUTLINE

HOW TO USE CHATGPT TO HELP WRITE EACH SECTION OF YOUR BLOG POST

ASK CHATGPT TO WRITE YOUR INTRODUCTION

ENTER EACH SUBHEADING IN CHATGPT AS A QUESTION

ASK CHATGPT TO WRITE A CONCLUSION PARAGRAPH

REVIEW AND EDIT YOUR BLOG POST

FACT-CHECKING

CHECK FOR PLAGIARISM WITH GRAMMARLY

IS CHATGPT GOOD FOR BLOGGING?

Top SMB firewall software comparison

Perimeter 81

Pricing

Features

Pros

Cons

pfSense

Pricing

Features

Pros

Cons

Comodo Free Firewall

Pricing

Features

Pros

Cons

ManageEngine Firewall Analyzer

Pricing

Feature