Networking Archives - Page 18 of 64

7 Best Firewall Software Solutions: 2023 Firewall Comparison

BY COLLINS AYUYA MAY 23, 2023

In the fast-paced realm of cyberspace where threats continue to multiply, firewall software represents a critical line of defense for businesses of all sizes.

Such programs function as digital gatekeepers, regulating the flow of inbound and outbound network traffic according to a set of rules defined by the user.

With the continued rise of data breaches, investing in the best firewall software isn’t a mere consideration; it’s a necessity.

That’s why we researched, analyzed, and selected the best firewall software solutions for 2023:

Norton: Best for a comprehensive security suite (Read more)
Fortinet: Best for scalability (Read more)
GlassWire: Best for user-friendly interface (Read more)
Cisco Secure Firewall Management Center: Best for centralized management and control (Read more)
pfSense: Best open source solution (Read more)
Sophos Firewall: Best for cloud-based management (Read more)
ZoneAlarm: Best for personal use (Read more)

Best firewall software comparison

Before delving into each firewall software’s in-depth review, let’s take a quick overview of what each product offers via a comparison chart:

	Comprehensive security suite	Scalability	User-friendly interface	Robust features	Cloud-based management	Open-source	Starting price
Norton	✔	✘	✔	✔	✔	✘	$49.99 for 5 devices for the first year
FortiGate	✔	✔	✘	✔	✔	✘	$250/year for home office
GlassWire	✘	✔	✔	✔	✘	✘	Free, or $2.99/month/license
Cisco Secure Firewall Management Center	✔	✔	✔	✔	✔	✘	Contact Cisco
pfSense	✔	✔	✘	✔	✘	✔	Free
Sophos Firewall	✔	✔	✔	✔	✔	✘	Contact Sophos
ZoneAlarm	✔	✘	✔	✘	✔	✘	Free, or $22.95/year for 1 PC

Jump to:

Norton

Best for a comprehensive security suite

Norton is a household name in cybersecurity that has long been delivering top-tier firewall software that signifies its wealth of experience in the sector.

The standout attribute of Norton is its comprehensive security suite, going beyond basic firewall protection to incorporate a smart firewall and intrusion prevention system (IPS), antivirus capabilities, identity theft protection, and even a VPN offering.

All that adds up to a holistic solution for businesses desiring a single-stop security software.

Pricing

Norton’s Smart Firewall is included in Norton 360, whose pricing plans at the time of writing are:

Deluxe: $49.99 for the first year for 5 PCs, Macs, tablets, or phones.
Select + LifeLock: $99.99 for the first year for 10 PCs, Macs, tablets, or phones.
Advantage + LifeLock: $191.88 for the first year for 10 PCs, Macs, tablets, or phones.
Ultimate Plus + LifeLock: $299.88 for the first year for unlimited PCs, Macs, tablets, or phones.

Features

Advanced smart firewall with customizable rules, allowing businesses to modify access based on their specific needs, thus providing a higher level of personalized security.
Integrated VPN for safe browsing ensures users can access the internet securely without worrying about potential threats or privacy breaches.
Identity theft protection is another vital feature, which helps safeguard sensitive personal and business data from potential hackers.
SafeCam feature prevents unauthorized access to your webcam, thwarting any potential spying or privacy intrusions.
Automatic updates ensure that your protection is always up-to-date, reinforcing defenses against new and evolving threats.

Pros

Norton offers a comprehensive security suite, providing a broad spectrum of protective measures beyond the typical firewall, creating a fortified line of defense against a myriad of cyber threats.
The interface is easy to navigate, making the process of setting up and managing the firewall less complex and more user-friendly, even for those with limited technical knowledge.
It provides 24/7 customer support, ensuring that you’ll have access to assistance whenever you need it, regardless of the hour or day.

Cons

While perfect for small to mid-sized businesses, Norton might not be as scalable for larger businesses with a vast network of devices, potentially limiting its effectiveness in such an environment.
Depending on your requirements, the subscription can become expensive with add-ons, which might be a drawback for businesses on a tight budget.

Fortinet

Best for scalability

Fortinet is a well-regarded player in the cybersecurity arena and its firewall software exemplifies its commitment to delivering high-quality solutions. FortiGate, Fortinet’s firewall offering, is recognized for its advanced firewall solutions that are scalable and robust.

Particularly useful for growing businesses, FortiGate brings forward top-notch features that can effortlessly adapt to the needs of expanding network infrastructures.

Pricing

Fortinet offers a variety of solutions priced broadly to accommodate all business sizes—from $250 for home office to $300,000 for large enterprises. Contact Fortinet for accurate pricing information.

Features

FortiGate offers an advanced firewall with extensive protection against incoming threats, thus maintaining the security of your network.
With scalability at its core, FortiGate can adapt and grow along with your business, addressing increasing security demands seamlessly.
Smooth integration with other Fortinet security solutions, enabling a comprehensive security ecosystem for your business.
FortiGate Cloud-Native Firewall offers high resiliency to ease security delivery across cloud networks and availability zones at scale.
Automatic updates keep the firewall current and equipped to deal with the latest threats, ensuring your network’s protection remains robust.

Pros

Fortinet’s robust firewall features deliver comprehensive security for your network, providing the necessary defenses to ward off potential threats.
With a strong focus on scalability, Fortinet is an ideal choice for rapidly growing businesses that need a security solution to match their expanding network.
The software’s high-performance nature means that it delivers robust security without hampering your network’s speed or efficiency.

Cons

Despite (or because of) offering a wealth of features, Fortinet’s interface may not be as user-friendly as some other options, potentially causing difficulties for those without substantial technical knowledge.
While Fortinet offers a range of pricing options, the cost can quickly escalate for larger networks or when additional features are included, which may not suit budget-conscious businesses.
Pricing information is not transparent and requires negotiation. Your mileage may vary.

GlassWire

Best for user-friendly interface

GlassWire is an elegant and visually appealing firewall software that provides comprehensive network monitoring capabilities.

It uniquely combines a network monitor and firewall, offering users a clear visual representation of their network activity. This functionality helps users to understand their online behavior and potential threats in a way that’s easy to interpret.

Pricing

GlassWire offers a tiered pricing model:

Free: provides limited features, perfect for individual users or small businesses.
Premium: Starts at $2.99 per month per license, paid annually. Its premium tier plans suitable for business range between 10 and 200 licenses.

Features

Real-time and detailed visualization of your current and past network activity, offering an intuitive and easy-to-understand representation of what’s happening on your network.
Built-in firewall that allows users to easily monitor applications using the network and block any suspicious activity, providing a comprehensive network security solution.
A unique “Incognito” mode for users who do not want certain network activities to appear on the network graph, ensuring user privacy.
Firewall profiles to instantly switch between different environments, such as public and private networks.
The network time machine feature allows users to go back in time up to 30 days to see what their computer or server was doing in the past.

Pros

GlassWire offers a beautifully designed, user-friendly interface that presents complex network security information in a visually appealing and understandable way.
Its comprehensive network monitoring capability allows users to understand their online behavior, identify patterns and detect anomalies.
The software’s built-in firewall offers users the flexibility to control which applications can access the network, enhancing the overall security of their systems.

Cons

The software requires a moderate amount of system resources to run efficiently, which might be an issue for systems with limited resources.
Although GlassWire’s visualizations are beautiful and informative, some users may find them overwhelming and would prefer a more traditional interface.

Cisco Secure Firewall Management Center

Best for centralized management and control

The Cisco Secure Firewall Management Center provides a comprehensive solution for centralized control and management of security policies. It enhances the overall efficiency of network administration by offering a unified platform to manage multiple Cisco security appliances.

Businesses that use a variety of Cisco security tools will find this a valuable addition to streamline operations and enhance control.

Pricing

Cisco Secure Firewall Management Center’s pricing depends on the scale of operations and the specific needs of a business. For detailed and customized pricing information, you can directly contact Cisco or its partners.

Features

A unified management console that can control a wide range of Cisco security appliances, reducing the complexity associated with managing multiple devices.
Advanced threat detection and analysis capabilities, enabling administrators to swiftly identify and respond to security incidents.
Flexible deployment options, including on-premises, virtual and cloud-based solutions, catering to various operational needs and preferences.
Comprehensive policy management, allowing administrators to efficiently establish and enforce security policies across their Cisco security infrastructure.
Integration with other Cisco security tools, such as Cisco Threat Response, provides a cohesive and powerful security solution.

Pros

The ability to manage multiple Cisco security appliances from a single platform is a significant advantage, especially for larger enterprises managing complex security infrastructures.
Cisco Secure Firewall Management Center offers advanced threat detection and analysis capabilities, aiding in swift and efficient incident response.
Its flexible deployment options cater to diverse operational needs, providing convenience and ease of setup to businesses of all sizes.

Cons

Although powerful, the platform may require a steep learning curve, particularly for those who are new to Cisco’s ecosystem.
Some users have reported a desire for more customization options within the management interface to meet their specific operational needs.
Pricing information is not transparent and requires negotiation. Your mileage may vary.

pfSense: Best open source solution

pfSense is an open-source firewall software solution that is highly customizable, suitable for tech-savvy businesses that prefer having the flexibility to tailor their firewall to specific needs. It’s built on the FreeBSD operating system, offering a comprehensive range of features for network management and security.

Pricing

As an open-source platform, pfSense is free to download and use. However, Netgate, the company behind pfSense, offers paid support and services, including hardware solutions integrated with pfSense software.

Features

A wide array of networking functionalities, including firewall, VPN, and routing services, ensuring comprehensive network protection.
Being open-source, it offers extensive customization options, allowing businesses to tailor the software to their specific needs.
Supports a large selection of third-party packages for additional features, granting more flexibility in expanding its capabilities.
Detailed network monitoring and reporting tools, allowing for granular insight into network traffic and potential security threats.
It has a community-backed development model, ensuring continuous improvements and updates to its features.

Pros

pfSense’s open-source nature allows for extensive customization, giving businesses control over how they want to configure their firewall.
The software provides a comprehensive set of features, ensuring thorough network protection and management.
Its support for third-party packages allows for the addition of further functionalities, enhancing its overall capabilities.

Cons

The configuration of pfSense can be quite complex, particularly for users without a strong technical background, which could pose a challenge for some businesses.
The user interface, while functional, may not be as polished or intuitive as some commercial firewall solutions.
As with many open-source projects, while there’s a supportive community, professional customer service might not be as accessible as with commercial solutions.

Sophos Firewall

Best for cloud-based management

Sophos Firewall brings a fresh approach to the way you manage your firewall and how you can detect and respond to threats on your network.

Offering a user-friendly interface and robust features, this product provides businesses with an effective and efficient solution for their network security needs. It’s a versatile solution that not only offers traditional firewall capabilities but also integrates innovative technologies to ensure all-round security.

Pricing

Sophos does not publicize pricing information, because their solutions are provided by resellers and can vary depending on the business’s size, needs, and location. You can contact them directly for accurate pricing information.

Features

All-in-one solution by integrating advanced threat protection, IPS, VPN, and web filtering in a single comprehensive platform, thereby providing robust security for your network.
Deep learning technology and threat intelligence, both of which work in synergy to identify and respond to threats before they can cause damage, offering advanced protection against malware, exploits, and ransomware.
User-friendly interface that simplifies configuration and management tasks, making it easier for users to set up security policies and monitor network activities.
Synchronized Security technology that facilitates communication between your endpoint protection and your firewall, creating a coordinated defense against cyber threats.
The Sophos Firewall comes with an effective cloud management platform, allowing administrators to remotely manage the system, configure settings, and monitor network activity.

Pros

A user-friendly interface that simplifies the process of setting up and managing network security policies, making it suitable for businesses with limited technical expertise.
It integrates advanced protection capabilities, such as threat intelligence and deep learning technology, to provide robust defense against sophisticated cyber threats.
This firewall software’s unique Synchronized Security feature offers a coordinated and automated response against threats, enhancing the overall effectiveness of your network security.

Cons

Some users have reported that while the user interface is intuitive, it might take some time to navigate due to the depth of features available.
The initial setup and configuration might require technical expertise, although Sophos provides comprehensive resources and customer support to guide users.
Although Sophos’ site advertises “Simple Pricing,” their costs are not in fact transparent and will require negotiating a quote. Your mileage may vary.

ZoneAlarm

Best for personal use

ZoneAlarm is an excellent choice for personal use and small businesses due to its simplicity and effectiveness.

With a robust set of features and an intuitive interface, it provides robust protection without requiring extensive technical knowledge. Its reputation as a reliable firewall solution makes it an attractive choice for users seeking to safeguard their systems from various threats.

Pricing

ZoneAlarm offers both free and premium versions of their firewall software. The free version provides basic protection, while the Pro Firewall version, which comes at a yearly subscription fee starting from $22.95 for 1 PC, offers advanced features such as zero-day attack protection and full technical support.

Features

Robust two-way firewall protection, preventing unauthorized access to your network while also stopping malicious applications from sending out your data.
Advanced privacy protection feature that protects your personal information from phishing attacks.
Unique ID Lock feature that keeps your personal information safe.
ZoneAlarm boasts an Anti-Phishing Chrome Extension that detects and blocks phishing sites, protecting your information online.
The premium version offers advanced real-time antivirus protection, ensuring that your system is continuously protected from threats.

Pros

ZoneAlarm offers a straightforward interface and setup process, making it an ideal choice for users who lack advanced technical skills.
The software provides a comprehensive suite of features, including robust firewall protection, advanced privacy tools and real-time antivirus capabilities.
ZoneAlarm’s ID Lock feature is a standout, helping to ensure the security of personal data.

Cons

While ZoneAlarm offers robust features, its protection level may not be adequate for large enterprises or businesses with complex network architectures.
Some users have reported that the software can be resource-intensive, potentially slowing down system performance.

Key features of firewall software

When choosing the best firewall software for your business, there are key features you should consider. These range from the extent of the security suite to scalability and cloud-based management, all of which play a significant role in how effectively the software will serve your needs.

Comprehensive security suite

A comprehensive security suite is more than just a basic firewall. It includes additional layers of security like antivirus capabilities, identity theft protection, and a VPN.

The best firewall software solutions should deliver this kind of comprehensive coverage, protecting against a wide variety of threats and helping you maintain the security of your entire network. Norton, Cisco, and Sophos firewalls excel in this area.

Scalability

Scalability is particularly important for businesses that are growing or plan to grow. As the size of your network increases, your security needs will change and become more complex.

Firewall software like FortiGate and pfSense are designed with scalability in mind, allowing them to adapt to the increasing security demands of your expanding network.

User-friendly interface

A user-friendly interface is crucial, especially for those who may not have a lot of technical expertise. Firewall software should be easy to navigate and manage, making the process of setting up and adjusting the firewall less daunting.

Norton excels in this area, with an intuitive interface that is straightforward to use. GlassWire, while not as intuitive, also offers an attractive and convenient interface.

Robust features

Having robust features in firewall software is key to ensuring comprehensive protection. This includes an advanced firewall with extensive customizable rules, IPS, and threat detection capabilities.

The most robust firewall solutions include Norton, FortiGate, Cisco, and Sophos, as well as pfSense, although you’ll have to do some legwork to program the latter in particular.

Cloud-based management

Cloud-based management is a significant advantage in today’s digital landscape. It allows for the remote configuration and monitoring of your firewall, making it easier to manage and adjust as needed. This feature is particularly beneficial for businesses with remote workers or multiple locations.

Norton, FortiGate, Cisco, Sophos, and ZoneAlarm all provide this capability.

Advanced firewall protection

Advanced firewall protection includes capabilities like deep packet inspection, which examines data packets to detect malware that could otherwise bypass standard firewalls. This kind of advanced protection is vital to secure your network from sophisticated threats. Most of the firewalls in this list offer advanced, next-generation capabilities.

Integration

Integration capabilities are crucial as they allow your firewall software to work in harmony with other security solutions you might have in place. Cisco firewalls, as you might expect, integrate seamlessly with other Cisco solutions, but can falter when trying to integrate with third-party solutions. On the other hand, thanks to its open-source nature, pfSense can be configured to integrate very broadly.

By considering these features when choosing your firewall software, you can ensure that you select a solution that meets the specific needs of your business, provides comprehensive protection and offers room for growth and adaptation as your business evolves.

Benefits of working with firewall software

Employing robust firewall software within your network infrastructure brings along a myriad of benefits that contribute to the overall security and efficiency of your business operations, from enhanced network security and data protection to reduced downtime and regulatory compliance.

Enhanced network security

Perhaps the most fundamental advantage of using firewall software is the enhanced network security it provides. Firewall software acts as the first line of defense against potential threats, including hackers, viruses, and other cyberattacks.

By monitoring and controlling incoming and outgoing network traffic based on predetermined security rules, firewall software ensures that only safe connections are established, thus protecting your network.

Data protection

With the increasing incidence of data breaches and cyber theft, data protection is more crucial than ever. Firewall software plays a pivotal role in safeguarding sensitive data from being accessed or stolen by unauthorized users.

By blocking unauthorized access, it ensures the safety of important information and reduces the risk of data breaches.

Traffic management

Firewall software is not only about protection but also about managing and optimizing the network traffic. Features like bandwidth management can be leveraged to allocate network resources effectively and ensure the smooth functioning of your online operations.

Real-time security updates

With the constantly evolving threat landscape, maintaining up-to-date security measures is vital. Firewall software frequently receives real-time security updates, which help to protect your network against the latest threats. This ensures that your network remains secure against even the most recent forms of cyberattacks.

Reduced downtime

Downtime can be a significant issue for any business, leading to financial losses and damage to reputation. By proactively identifying and preventing potential threats, firewall software can significantly reduce the risk of system outages, leading to increased uptime and reliability.

Scalability

As your business grows, so does the complexity and the scope of your network. Scalable firewall software grows with your business, adjusting to the increased demands and providing consistent protection despite the expanding network size. This makes it a cost-effective solution that can support your business in the long term.

Regulatory compliance

Many industries have regulations in place requiring businesses to protect sensitive data. Firewall software helps meet these regulatory requirements by providing robust security measures that prevent data breaches and protect client and customer information.

Incorporating firewall software into your network infrastructure is a critical step towards securing your business in an increasingly digital world. The benefits it offers are invaluable, providing not just enhanced protection, but also efficiency and adaptability that can significantly contribute to your business’s success.

How to choose the best firewall software for your business

Choosing the best firewall software for your business involves a careful examination of your specific needs and security requirements.

Size and security level: The size and nature of your business, the sensitivity of your data, and the extent of your network operations are crucial factors that determine what kind of firewall software will be the most beneficial.
Comprehensive features: Moreover, you should consider firewall solutions that offer a comprehensive suite of security features, such as VPN services, antivirus protection, and advanced threat detection capabilities.
Scalability: The scalability of a firewall software solution is important, particularly for growing businesses. Opt for software that can seamlessly adapt to the expanding needs of your network, providing reliable protection irrespective of your business size.
Interface: Unless you have a robust, well-trained IT department, the interface of your chosen software will need to be user-friendly and easily manageable, even for those with minimal technical expertise.
Cloud-based management: Features that allow for remote configuration and monitoring are highly beneficial in the current era of remote work. These features offer the flexibility of managing your network’s security from any location, improving overall efficiency.
Integration: Your chosen software should integrate smoothly with your existing security infrastructure to create a comprehensive, effective security system.
Support: Solid customer support from the vendor is also crucial to navigating any issues that may arise during setup or throughout the software’s lifespan.

Choosing firewall software is an investment in your business’s security, so take the time to evaluate each option thoroughly.

Frequently Asked Questions (FAQs)

Who should use firewall software?

Any individual, business, or organization that uses a network or the internet should consider using firewall software. Whether you’re a small business owner, a large corporation, or a home user, a firewall can provide essential protection against unauthorized access and various cyber threats.

Where are firewalls located on a network?

Firewalls are typically located at the edge of a network, serving as a barrier between a trusted internal network and an untrusted external network, such as the internet. They can also be positioned between different parts of an organization’s networks to control access.

Are there any downsides to using a firewall?

While firewalls are essential for network security, they can occasionally block legitimate traffic if the security settings are too restrictive. Additionally, managing and maintaining a firewall can require technical expertise. However, the benefits of using a firewall far outweigh these potential challenges.

How often should a firewall be updated?

Firewall software should be updated regularly to ensure it can protect against the latest threats. Many firewall providers release updates regularly and many firewalls are set to update automatically. However, it’s a good idea to check for updates manually periodically to ensure your firewall is up-to-date.

What is firewall software’s role in regulatory compliance?

For many businesses, especially those in regulated industries like healthcare or finance, firewall software plays a critical role in meeting compliance requirements. Regulations like the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation (GDPR) require robust data protection measures, which includes network security provided by a firewall.

Can firewall software protect against all cyber threats?

While firewall software provides a strong layer of protection, it’s not a panacea for all cyber threats. Some sophisticated threats, like targeted phishing attacks or insider threats, require additional security measures. It’s essential to have a comprehensive security strategy in place that includes firewall software, antivirus software, strong access controls, and user education about safe online practices.

Methodology

To deliver this list, we based our selection on an examination of firewall software features and overall reputation in addition to their ease of use, quality of customer support, and value for money.

This information is available in user reviews as well as official product pages and documentation. Nonetheless, we encourage you to conduct your own research and consider your unique requirements when choosing a firewall software solution.

Bottom line: Choosing the best firewall software for your business

The evolving threat landscape necessitates a robust and reliable firewall solution for both personal use and businesses of all sizes. Based on the products listed, it’s evident that several excellent options exist in the market, each with its own unique strengths and capabilities.

Choosing the best firewall software ultimately depends on your requirements, the nature of the network environment, and the budget at hand. It’s essential to consider each product’s features, pros, and cons, and align them with your individual or business needs.

The chosen solution should provide comprehensive protection, be user-friendly, and ideally offer scalability for future growth. Whether it’s for personal use or to protect a multilayered enterprise network, there’s a firewall solution out there that fits the bill.

Also see

Firewalls come in all shapes and sizes. Here’s a look at eight different types of firewalls.

We also did a review of the best firewalls for small and medium-sized businesses.

And once you’ve selected your firewall, make sure you define and implement a clear, strong firewall policy to back it up—as well as setting robust firewall rules to govern the software.

Source :
https://www.enterprisenetworkingplanet.com/guides/best-firewall-software/

7 Best Firewall Solutions for Enterprises in 2023

BY AMINU ABDULLAHI MAY 26, 2023

Enterprise firewall software is an essential component of network security infrastructure for organizations. These firewalls are designed to provide high availability and scalability to meet the needs of large and complex networks because they can handle high traffic volumes and accommodate the growth of network infrastructure.

By exploring the following top firewall solutions, enterprises can make an informed decision to fortify their network defenses and safeguard critical assets from ever-evolving cyber threats.

Palo Alto Networks: Best all-in-one enterprise firewall solution (Read more)
Check Point Quantum: Best for connected devices (Read more)
Fortinet FortiGate: Best for flexibility and scalability (Read more)
Juniper Networks: Best for logging and reporting (Read more)
Cisco Secure Firewall: Best for centralized management (Read more)
Zscaler: Best for businesses with cloud network infrastructure (Read more)
pfSense: Best open source firewall (Read more)

Best firewall solutions for enterprises: Comparison chart

	Best for	DLP capability	URL filtering	Reporting	Integration with third party solution	DNS filtering	Starting price
Palo Alto Networks	Overall	✔	✔	✔	✔	✔	Available on request
Check Point Quantum	Connected devices	✔	✔	✔	✔	✔	Available on request
Fortinet FortiGate	Flexibility and scalability	✔	✔	✔	✔	✔	Available on request
Juniper Networks	Logging and reporting capability	✔	✔	✔	✔	✔	Available on request
Cisco Secure Firewall	Centralized management	✔	✔	✔	✔	✔	Available on request
Zscaler	Businesses with cloud network infrastructure	✔	✔	✔	✔	✔	$72 per user per year
pfSense	Open source	✔	✔	✔	✔	✔	$0.01 per hour

Jump to:

Palo Alto Networks

Best overall enterprise firewall

Palo Alto is a leading network security provider of advanced firewall solutions and a wide range of network security services.

The company offers various firewall solutions for various enterprise use cases, including cloud next generation firewalls, virtual machine series for public and private clouds, container series for Kubernetes and container engines like Docker, and its PA-series appliances designed for data centers, network edge, service providers, remote branches and retail locations, and harsh industrial sites.

These firewalls provide enhanced visibility, control, and threat prevention capabilities to protect networks from various cyber threats, including malware, viruses, intrusions, and advanced persistent threats (APTs).

Pricing

Palo Alto doesn’t advertise its product pricing on its website. Our research found that the Palo Alto PA-series price range from $2,900 to $200,000 (more or less). To get the actual rates for your enterprise, contact the company’s sales team for custom quotes.

Standout features

Advanced threat prevention.
Advanced URL filtering.
Domain name service (DNS) security.
Medical IoT security.
Enterprise data loss prevention (DLP).
Up to 245 million IPv4 OR IPv6 sessions.

Pros

Provides visibility across IoT and other connected devices.
Provides visibility across physical, virtualized, containerized and cloud environments.
Offers a variety of products for different business sizes, from small businesses to large enterprises.
Easy-to-navigate dashboard and management console.

Cons

Complex initial setup.
Some users reported that the Palo Alto license is pricey.

Check Point Quantum

Best for connected devices

Check Point is an Israeli multinational company that develops and sells software and hardware products related to network, endpoint, cloud, and data security.

Check Point Quantum is designed to protect against advanced cyber threats, targeting Gen V cyber attacks. This solution encompasses various components to safeguard networks, cloud environments, data centers, IoT devices, and remote users.

Check Point’s SandBlast technology employs advanced threat intelligence, sandboxing, and real-time threat emulation to detect and prevent sophisticated attacks, including zero-day exploits, ransomware, and advanced persistent threats.

Pricing

Check Point does not publicly post pricing information on its website. Data from resellers shows that Check Point products can range from around $62 for a basic solution to over $50,000 for an enterprise-level solution. Contact the Check Point sales team for your actual quotes.

Standout features

URL filtering.
DLP.
Full active-active redundancy.
Zero-trust protection for IoT devices.
Check Point Quantum protects against GenV attacks.
Advanced threat protection.

Pros

24/7 customer service and support.
Easy to setup and use.
Management platform with automation features.
Sandblast protection for testing malware.

Cons

Users reported that the Check Point firewall is expensive.
Documentation can be improved.

Fortinet FortiGate

Best for flexibility and scalability

Fortinet offers various firewall products for different organization sizes, from home offices to large enterprises.

The FortiGate 7000 series (FG-7121F, FG-7081F, FG-7081F-2, FIM-7921F, FIM-7941F, and FPM-7620F) is an enterprise firewall product that provides high-performance network security. It is designed for organizations with high network traffic volumes and that have to manage large network infrastructures.

This firewall series is powered by a Security Processing Unit (SPU) of up to 520Gbps and also includes the latest NP7 (Network Processor 7) and CP9 (Content Processor 9).

Pricing

Fortinet’s FortiGate firewall tool pricing is available upon request. Pricing will depend on various factors, including the size of the network, the number of users, and the types of security features needed. Contact a Fortinet representative for pricing and product information.

Standout features

Protects IT, IIoT, and OT devices against vulnerability and device-based attack tactics.
FortiGate 7000F series provides NGFW, segmentation, secure SD-WAN, and mobile security for 4G, 5G, and IoT.
Offers various types of firewalls, including container firewalls, virtual firewalls and hardware firewall appliances.
Zero Touch Integration with Fortinet’s Security Fabric Single Pane of Glass Management.

Pros

Integrations with over 500 third-party services.
AI-powered capabilities.
Users reported that the tool is user-friendly.

Cons

Support can be improved.
Its reporting feature can be improved.

Juniper Networks

Best for logging and reporting capability

Juniper Networks’ firewall helps enterprises protect their network edge, data center, and cloud applications.

The company is also known for its Junos operating system (OS), a scalable network OS that powers Juniper Networks devices. Junos provides advanced routing, switching, and security capabilities and allows for seamless integration with third-party software and applications.

Juniper Networks vSRX virtual firewall provides enhanced security for Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, IBM Cloud, and Oracle Cloud environments, while its cSRX Container Firewall offers advanced security services to secure applications running in containers and microservices. The company’s SRX firewalls series is designed for various organization sizes, from small to large enterprises.

Pricing

Juniper Network pricing is available on request. However, they offer different license methods, including Pay-As-You-Go (PAYG) and Bring-Your-Own-License (BYOL) options for public clouds. Contact the company’s sales team for custom quotes.

Standout features

Juniper Network has various types of firewalls, including container firewalls, virtual firewalls and hardware firewall appliances.
Public cloud workload protection, including AWS, Microsoft Azure, and Google Cloud Platform.
Logging and reporting capability.
Supports VMware ESXi, NSX, and KVM (Centos, Ubuntu).

Pros

Advanced threat prevention capability.
Deployable on-premises and cloud environments.

Cons

Support can be improved.
Users report that some Juniper Networks firewall products are expensive.

Cisco Secure Firewall

Best for centralized management

Cisco Secure Firewall combines firewall capabilities with advanced security features to protect networks from various threats, including unauthorized access, malware, and data breaches.

Cisco Secure Firewall integrates with Cisco Talos, a threat intelligence research team. This collaboration enables the firewall to receive real-time threat intelligence updates, enhancing its ability to identify and block emerging threats.

Cisco Secure Firewall can be centrally managed through Cisco Firepower Management Center (FMC). This management console provides a unified interface for configuration, monitoring, and reporting, simplifying the administration of multiple firewalls across the network.

Pricing

Contact Cisco’s sales team for custom quotes.

Standout features

IPS to protect against known threats.
Web filtering.
Network segmentation.
Centralized management.

Pros

Provides comprehensive visibility and control.
Efficient support team.
Highly scalable tool.

Cons

Support can be improved.
Complex initial setup.

Zscaler

Best for businesses with cloud network infrastructure

The Zscaler firewall provides cloud-based security for web and non-web traffic for all users and devices. Zscaler inspects all user traffic, including SSL encrypted traffic, with elastically scaling services to handle high volumes of long-lived connections.

One of the key advantages of Zscaler’s cloud-based approach is that it eliminates the need for on-premises hardware or software installations. Instead, organizations can leverage Zscaler’s infrastructure and services by redirecting their internet traffic to the Zscaler cloud. This makes scaling and managing security easier across distributed networks and remote users.

Pricing

Zscaler doesn’t advertise its rates on its website. However, data from resellers shows that its pricing starts from about $72 per user per year. For your actual rate, contact the Zscaler sales team for quotes.

Standout features

Centralized policy management.
Fully-integrated security services.
Real-time granular control, logging, and visibility.
User-aware and app-aware threat protection.
Adaptive IPS security and control.
File transfer protocol (FTP) control and network address translation (NAT) support.

Pros

Easy to use and manage.
AI-powered cyberthreat and data protection services.
Always-on cloud intrusion prevention system (IPS).
AI-powered phishing and C2 detection.

Cons

Complex initial setup.
Documentation can be improved.

pfSense

Best open-source firewall

pfSense is an open-source firewall and routing platform based on FreeBSD, an open-source Unix-like OS. It is designed to provide advanced networking and security features for small and large networks.

pfSense can be deployed as a physical appliance or as a virtual machine. pfSense offers many capabilities, including firewalling, VPN connectivity, traffic shaping, load balancing, DNS and DHCP services, and more.

Pricing

For pfSense cloud:

pfSense on AWS: Pricing starts from $0.01 per hour to $0.40 per hour.
pfSense on Azure: Pricing starts from $0.08 per hour to $0.24 per hour.

For pfSense software:

pfSense CE: Open source version available to download for free.
pfSense+ Home or Lab: Available at no cost for evaluation purposes only.
pfSense+ W/TAC LITE: Currently available at no charge, but the vendor may increase the rate to $129 per year in the future.
pfSense+ W/TAC PRO: $399 per year.
pfSense+ W/TAC ENT: $799 per year.

pfSense offers three hardware appliances tailored to the needs of large enterprises.

Netgate 8200: Cost $1,395. It has 18.55 Gbps IPERF3 and 5.1 Gbps IMIX traffic speed.
Netgate 1537: Cost $2,199. It has 18.62 Gbps(10k ACLs) IPERF3 and 10.24 Gbps (10k ACLs) IMIX traffic speed.
Netgate 1541: Cost $2,899. It has 18.64 Gbps(10k ACLs) IPERF3 and 12.30 Gbps(10k ACLs) IMIX traffic speed.

Standout features

NAT mapping (inbound/outbound).
Captive portal guest network.
Stateful packet inspection (SPI).

Pros

Free open-source version.
Community support.
Anti-spoofing capability.

Cons

Steep learning curve for administrators with limited experience.
GUI is old-fashioned and could be simplified.

Key features of enterprise firewall software

There’s a wide variety of capabilities that enterprise firewall software can provide, but some of the key features to look for include packet filtering, stateful inspection, application awareness, logging and reporting capabilities, and integration with your existing security ecosystem.

Packet filtering

Firewall software examines incoming and outgoing network packets based on predefined rules and policies. It filters packets based on criteria such as source/destination IP addresses, ports, protocols, and packet attributes. This feature enables the firewall to block or allow network traffic based on the configured rules.

Stateful inspection

Enterprise firewalls employ stateful inspection to monitor network connections’ state and analyze traffic flow context. By maintaining information about the state of each connection, the firewall can make more informed decisions about which packets to allow or block.

Application awareness

Modern firewall software often includes application awareness capabilities. It can identify specific applications or protocols within network traffic, allowing organizations to enforce granular policies based on the application or service used. This feature is handy for managing and securing web applications and controlling the use of specific services or applications.

Logging and reporting

Firewall software logs network events, including connection attempts, rule matches, and other security-related activities. Detailed logging enables organizations to analyze and investigate security incidents, track network usage, and ensure compliance with regulatory requirements. Reporting capabilities help generate comprehensive reports for auditing, security analysis, and compliance purposes.

Integration with the security ecosystem

Firewall software is typically part of a broader security ecosystem within an organization. Integration with other security tools and technologies, such as antivirus software, threat intelligence platforms, Security Information and Event Management (SIEM) systems, and network access control (NAC) solutions, allows for a more comprehensive and coordinated approach to network security.

Benefits of working with enterprise firewalls

Key advantages of enterprise firewall solutions include enhanced network security, threat mitigation, and access control, as well as traffic analytics data.

Network security: Firewalls act as a protective barrier against external threats such as unauthorized access attempts, malware, and other malicious activity. Enforcing access control policies and modifying network traffic helps prevent unauthorized access and protect critical data.
Threat mitigation: By combining intrusion prevention techniques, deep packet monitoring, and threat intelligence, a firewall can detect and block suspicious traffic, reducing the risk there that the network will be corrupted and damaged so
Access control: Firewall software allows administrators to restrict or allow access to network resources, applications, and services based on specific user roles, departments, or needs. This ensures that only authorized people or systems can access the screen and its accessories.
Traffic data and analytics: In addition to protecting your network, firewalls can also provide granular information about traffic and activity passing through your network, as well as its overall performance.

How do I choose the best enterprise firewall solution for my business?

When choosing the best enterprise firewall software for your business, consider the following factors.

Security: Assess your organization’s specific security needs and requirements.
Features: Evaluate the features and capabilities of firewall solutions, such as packet filtering, application awareness, intrusion prevention, VPN support, centralized management, and scalability. Consider the vendor’s reputation, expertise, and support services.
Compatibility: Ensure compatibility with your existing network infrastructure and other security tools.
Hands-on tests: Conduct a thorough evaluation of different firewall solutions through demos, trials, or proofs of concept to assess their performance, ease of use, and effectiveness in meeting your organization’s security goals.
Total cost of ownership (TCO): Consider the cost, licensing models, and ongoing support and maintenance requirements.

By considering these factors, you can make an informed decision and select the best enterprise firewall software that aligns with your business needs and provides robust network security.

Frequently Asked Questions (FAQ)

Is an enterprise firewall different from a normal firewall?

Although they share many characteristics, an enterprise firewall is not the same as a consumer-grade firewall. Enterprise firewalls are designed to meet large organizations’ security needs and network infrastructure challenges. They are robust, scalable, and can handle high network traffic volumes and sophisticated threats, compared to generic firewalls for home or small office environments.

What is the strongest type of firewall?

A firewall’s strength depends on various factors, and no universally dependable firewall exists. A firewall’s effectiveness depends on its materials, configuration, and how well it fits into the organization’s security needs.

That said, next-generation firewalls (NGFWs) provide improved security capabilities and are often considered the ideal firewall solution in today’s enterprise. NGFWs combine traditional firewall features with additional functionality such as application awareness, intrusion prevention, deep packet monitoring, and user-based policies. They provide advanced protection against modern threats with greater visibility and control over network traffic.

How do you set up an enterprise firewall?

Setting up an enterprise firewall involves several steps:

Determine your network topology.
Define security policies.
Plan firewall placement.
Configure firewall rules.
Implement VPN and remote access.
Test and monitor firewall performance.
Perform regular updates and maintenance.

We recommend engaging network security experts or reviewing vendor documentation and support materials for specific guidance in installing and configuring your enterprise firewall.

Methodology

The firewall solutions mentioned in this guide were selected based on extensive research and industry analysis. Factors such as industry reputation, customer reviews, infrastructure, and customer support were considered.

We also assessed the features and capabilities of the firewall solutions, including packet filtering, application awareness, intrusion prevention, DLP, centralized management, scalability, and integration with other security tools.

Also see

If you’re not sure one of the firewalls included here is right for your business, we also determined the best firewalls for SMBs, as well as the best software-based firewalls.

And once your firewall is in place, don’t neglect its maintenance. Here are the best firewall audit tools to keep an eye on its performance.

Source :
https://www.enterprisenetworkingplanet.com/security/enterprise-firewalls/

A Step-by-Step Guide to Export Office 365 Mailbox to PST

April 26, 2023 Thiraviam

As an organization admin, you may encounter situations such as users leaving their position or migrating to another mail service, etc. In such circumstances, you need to export Office 365 mailbox to PST and store them offline for investigation purposes. You can accomplish this in Office 365 without depending on any external third-party tools. You can export individual mailboxes or entire exchange mailboxes as an eDiscovery admin through the Microsoft Purview compliance portal.

This guide will walk you through the steps to export Office 365 mailboxes to PST format using eDiscovery and PowerShell.

Why Do We Need to Export Exchange Online Mailbox to PST?

PST stands for Personal Storage Table file format used by Microsoft Outlook to store email messages, contacts and calendar entries. When you back up your email mailbox to a PST file, that will be saved on your computer.

Here are some reasons why PST files are commonly used for exporting Office 365 mailbox data:

Compatibility: PST files can be opened and accessed by a variety of email clients, including Outlook and some third-party email clients. This makes it easy to share data with others or to access your data from different devices.

Portability: PST files are small in size and can be easily transferred to a different location, such as a hard drive, USB drive, or cloud storage. This makes it easy to create backups of your mailbox data or to move your data to a different computer.

Offline Access: PST files can be accessed even when you are not connected to the internet, making it easy to access your email messages and other data when you are on the go.

Organization: PST files allow you to organize your email messages, contacts, and other data into folders, making it easy to find and retrieve specific items.

Steps to Export Office 365 Mailbox to PST

As an Office 365 admin you can get the Exchange Online mailboxes and their details by exporting them to PST with eDiscovery admin permission. You need to follow the steps listed below.

Assign eDiscovery Administrator

To export Office 365 mailboxes, you must be an eDiscovery Administrator. By default, this role is not assigned to a global administrator. Follow the steps to assign user(s) to eDiscovery admin role.

Login to the Microsoft Purview compliance portal with your global administrator account.
Navigate to ‘Roles & Scopes’ tab and select ‘Permissions’ option.
Select ‘Roles’ under ‘Microsoft Purview Solutions’ category.
Click on ‘eDiscovery Manager’ role and select ‘Edit’ option in the popup window.
Navigate to ‘Manage eDiscovery Administrator’ page by clicking on ‘Next’ button.
Select ‘Choose users’ and select the user(s) who you want to make as eDiscovery admin. Then click on the ‘Select’ button in the popup and select ‘Next’ button.
Finally, click ‘Save’ on the ‘Review and finish’ page.

Content Search to Export Office365 Mailbox to PST

In Office 365, before exporting a mailbox, it’s necessary to perform a content search that collects all the mail of the specified user(s) or all the contents of a mailbox. Once you complete the search, you can use the Export option to export the results to a PST file.

Note: An informational alert will trigger, and you will receive mail when an eDiscovery search started or exported.

Login to the Microsoft Purview compliance portal with the user account with which you have assigned an eDiscovery Administrator role.
Go to ‘Content search’ tab in the solutions menu and click on ‘New Search’ option.
Type the preferred name and description in the ‘Name and description’ page and click on ‘Next’.
Turn ‘Exchange mailboxes’ on and click on ‘Choose users, groups, or Teams’ to select the users from the list.
Select the required users whose mailbox is to be exported or leave this option to export all user’s mailboxes and click on the ‘Next’ button.
Leave the conditions empty if you want to export the complete mailbox and click on ‘Next’. You can also define your conditions if you want filtered results.
Check the details in ‘Review your search’ page and click on ‘Submit’.
A message ‘New search created. Soon you will be able to review estimates and preview results for your search’ will show in the portal.
Click on ‘Done’ and wait for the status to change to ‘Completed’ in the content search page.

Note: The waiting time may differ with respect to the size of the mailboxes you have performed a content search.

You can also perform Content search using the PowerShell with ‘New-ComplianceSearch’ cmdlet. First, connect to the compliance center ‘Connect-IPPSSession‘ cmdlet.

Connect-IPPSSession

Now run the cmdlet below by providing the name for the content search and Exchange location that you want to do content search.

New-ComplianceSearch <SearchName> -ExchangeLocation <UPN>| Start-ComplianceSearch

Export Office 365 Mailbox to PST

Once you have successfully created a mailbox content search, the next step is to export the search results. To do this, simply follow the steps below, which will guide you through the process.

Click on the content search ‘Mailbox Export’ that you have created in the previous steps.
Select ‘Actions’ and choose ‘Export results’.
Select the appropriate ‘Output options’ and the ‘Export Exchange Content as’ options. Then click on ‘Export’. If you are not sure about the options, leave it as default.
A message box with a message “A job has been created” is displayed. Click on ‘OK’. It will take some time to complete the export.

You can also perform export using the PowerShell with ‘New-ComplianceSearchAction’ cmdlet.

Run the below cmdlet with the content search name to export the mailbox.

New-ComplianceSearchAction <SearchName> -Export -Format Fxstream

You can also get the properties related to the export by using the following cmdlet.

Get-ComplianceSearchAction "<SearchName>_export" -IncludeCredential | FL

Download Exported PST File From Office 365 Mailbox

With the help of Microsoft Office 365 eDiscovery Export Tool, you can download the exported mailbox results as a PST file.

Note: It’s important to note that this can only be done using the Microsoft Edge browser.

Make sure that the status of the export is completed by clicking on the export job name in the ‘Export’ tab.
Copy the ‘Export key’ by clicking on the ‘Copy to clipboard’ option and click on the ‘Download results’ option.
If this is the first time you are downloading a .pst file, you are prompted to install Microsoft Office 365 eDiscovery Export Tool. If you have already installed, skip this step and go to the next step.
Click ‘Open’ button in the upcoming popup and paste the export key.
Select the required location to store the download file by clicking on the ‘Browse’ button and click ‘Start’.
You can be able to see the “Processing has completed” message after the download. Go to the specified location in your PC to view the downloaded PST file(s).

Office 365 Export PST File Size Limit

When exporting PST files, the default file size limit is 10 GB. However, you have the ability to change this limit depending on your specific needs by increasing or decreasing the file size. Additionally, if the exported mailbox exceeds the PST size limit, the tool will automatically split the PST file into sequentially numbered files to accommodate the larger size.

The main reason to do this is so PST files can fit on removable media, such a DVD, a compact disc, or a USB drive. You can adhere to the following steps to change the PST export file size limit.

Before proceeding, make sure to check whether the eDiscovery Export tool is open, and if so, be sure to close it before continuing.
Type the following text in a notepad and save the following text to a filename suffix of .reg. For example, Pst.reg.

Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\eDiscovery\ExportTool] 
"PstSizeLimitInBytes"="1073741824"

In the example above, the PstSizeLimitInBytes value is set to 1,073,741,824 bytes or approximately 1 GB. However, if you need to change this limit, you can easily do so by replacing the existing value with your desired limit in bytes.

Once you have created the .reg file by following the previous steps, it’s time to open it and proceed with the next steps.
In the User Access Control window, choose ‘Yes’ to grant permission to the Registry Editor to make the change.
When asked to confirm, select ‘Yes’.

The Registry editor will then display a confirmation message indicating that the “keys and values was successfully added to the registry”.

Limitations in Exporting PST File in Office 365

When exporting an Office 365 mailbox to a PST file, it is important to be aware of the limitations involved. Here is a list of the limitations you may encounter during the export process.

Browser Restrictions: You need to use Microsoft Edge browser. It’s not possible to export mailboxes to PST using other browsers without any extensions.
File Corruption Issues: Increasing the default size of PST files larger than 10 GB might have corruption issues.
Mailbox count limitation: You cannot download more than 100,000 mailboxes for search results using the eDiscovery Export Tool.
Export Data Size Constraint: An organization can export 2TB data per day through content search.
Output Display Restriction: Only 1,000 exports or reports will be displayed in Content search.

Thus, exporting Office 365 mailbox to PST is a simple process that can be done in a few clicks. You can have a clear understanding of how to complete this task efficiently by following the above steps. Feel free to leave a comment below if you encounter any difficulties or need any assistance.

Source :
https://m365scripts.com/microsoft365/a-step-by-step-guide-to-export-office-365-mailbox-to-pst/

Group Policy Assignments Using Microsoft Teams PowerShell

May 30, 2023 Shan

Unmanaged devices, external file-sharing, and email integration impose a big question mark on the security posture of Microsoft Teams. In order to secure and manage Microsoft Teams, policies are used under various sections like messaging, meetings, calling, conferencing, and many more. Usually, these Teams policies for users, groups, and batches are managed in the Microsoft Teams admin center or using the Teams PowerShell Module (TPM). But now Microsoft extends the managing capability of additional Office 365 group policies using the Teams PowerShell Module as per MC557818.

According to this latest update, group policy assignments for Microsoft 365 groups, distribution lists, mail-enabled security groups, and security groups support additional policies in the Teams PowerShell Module. Apart from action control, policy assignments also set way for security controls like restricting anonymous access in meetings.

Let us see how to assign group policies using Microsoft Teams PowerShell Module and their functionalities under this blog.

What are Group Policy Assignments?

As the name suggests, assigning a policy to a particular group of users is known as a group policy assignment. The groups can be managed in Microsoft 365 admin center whereas group policies can be managed under the single roof of the Teams PowerShell Module.

Policy assignments are applied only to the direct members of a group and not to the nested group. That too, they are applied according to the precedence rules. And at the time of addition or deletion of users from a group, the policy assignments are updated which is also applicable when a policy is unassigned. Before jumping into group policy assignments, let us look through the precedence rules and ranking of policies.

What are Microsoft Teams Policy Precedence Rules?

Policy precedence determines the user’s effective policy when a user is assigned two or more of the same policy types. The precedence rules of policies are listed below for deeper insights into how an assigned policy will be deployed according to these rules.

If a user is directly assigned a policy, the same type of policy can’t be inherited from the group. Therefore, the directly assigned policy takes precedence over the same policy type defined by the group.
Also, if a user doesn’t contain a directly assigned policy, the user inherits the highest-ranking policy from the same type of policies applied by two or more groups.
Finally, if the user is not assigned a policy directly or by group, then the global (organization-wide) policy takes precedence.

The user policy is updated under the following circumstances.

Especially when a user is added or removed from the policy assigned group.
And when a group policy is unassigned.
At last, if a directly assigned policy is removed from a user.

What is Group Policy Assignment Rank in Teams?

As an admin, you are asked to define the rank of policy while assigning the policy. Primarily this ranking weighs the priority of the same type of policies assigned from two or more groups for a common user. Finally, the highest-ranking group policy is assigned as the effective policy to the end user after weighing the priority. Because a policy type can be assigned to a maximum number of 64 groups in Office 365.

NOTE: If the rank value is undefined, then the lowest ranking is given to the policy assignment.

How to Assign Policy to a Group in Teams Admin Center?

Follow the below steps to configure group policies in the Teams admin center where it majorly supports Teams calling policy, Teams call park policy, Teams policy, Teams live events policy, Teams meeting policy, and Teams messaging policy.

Navigate using the path below.

Microsoft Teams admin center 🡢 Messaging Policies (Select the desired policy type page) 🡢 Group policy assignment 🡢 Add group 🡢 Assign policy to group

Group Policy Assignments in the Teams admin center

2. Then, select a group to which you want to assign a policy.
3. Set the ranking value for the group policy assignment through the select rank option.
4. After that, select a policy from the available policy types in the drop-down list and click Apply.

Unfortunately, all policy types can’t be managed under the Microsoft Teams admin center since it supports only certain policy types. Without a second thought, PowerShell is the go-to solution! Yes, managing policies using PowerShell is easy and efficient as it is the primary automation tool that ensures the deployment of objects in multiple tenants. Also, it is a place where error handling and logging are more flexible compared to the native admin center. Thus, let us deeply look through the next section of the blog to manage group policy assignments using Microsoft Teams PowerShell.

Manage Group Policy Assignments Using Teams PowerShell Module

As per the new update, Teams PowerShell Module now helps to manage group policies of Microsoft 365 groups, mail-enabled security groups, distribution lists, and security groups including Teams-related policies. Thus, create & manage groups in Microsoft 365 admin center and manage their policies in Teams PowerShell. Before getting started with PowerShell cmdlets, make sure to connect to the Teams PowerShell Module.

Assign Policy to Group Using Teams PowerShell Module

By defining group policies, you can control user-specific actions like allowing them to schedule meetings, edit sent messages, etc. You can assign the available policies or create and assign custom policies depending on your requirements.
Execute the following cmdlet after replacing the unique group identifier, policy type, policy name, and expected rank to assign a new policy for a group.

New-CsGroupPolicyAssignment -GroupId d8ebfa45-0f28-4d2d-9bcc-b158a49e2d17 -PolicyType TeamsMeetingPolicy -PolicyName AllOn -Rank 1

This “New-CsGroupPolicyAssignment” cmdlet is basically used to create new policy assignments for security groups and distribution lists. In which the group ID, policy type, policy name, and rank must be mentioned as mandatory parameters. Here with the rank value as one, the ‘AllOn’ policy under TeamsMeetingPolicy type is created for the given group.

The rank of the policy must be defined to determine the precedence. The recommended group membership size is 50,000 users per group while assigning a group policy. Also, it takes 24 hours or more to propagate the policy to all members of the larger groups.

Get Group Policy Assignments Using MS Teams PowerShell

Knowing all the available policy assignments allows you to understand the working conditions and their precedence levels better. Using this you can remove unnecessary policies, alter the desired ranking for policies and efficiently manage teams & groups around your Office environment.

The “Get-CsGroupPolicyAssignment” cmdlet primarily returns all the group policy assignments with some optional parameters to filter the results.

Primarily, list all the policy-assigned groups by running the following command.

Get-CsGroupPolicyAssignment

Group Policy Assignments Using Microsoft Teams PowerShell

2. However, you can also retrieve all the policies assigned to a particular group using the below cmdlet.

Get-CsGroupPolicyAssignment -GroupId e050ce51-54bc-45b7-b3e6-c00343d31274

Here the cmdlet is mentioned with group ID so that retrieving only the policy assignments of that particular group.

3.Also, you can list the groups based on their policy type by executing the below command.

Get-CsGroupPolicyAssignment -PolicyType TeamsMeetingPolicy

In this case, the policy type is mentioned as TeamsMeetingPolicy. Hence this cmdlet returns only the groups assigned with this policy.

Get Group Policy Assignments Using Microsoft Teams PowerShell Module

Remove Policy Assignment from a Group Using TPM

Remove the unnecessary policies found in your organization that are interrupting the ranking and slowing down the work progress. Most importantly, the removal of policies will update the ranking value of the same type policies where the policies in the list will be ranked consecutively after the removal.

Run the following cmdlet to remove a specific group policy assignment in Microsoft 365 environment.

Remove-CsGroupPolicyAssignment -PolicyType TeamsMeetingPolicy -GroupId f985e013-0826-40bb-8c94-e5f367076044

The” Remove-CsGroupPolicyAssignment” cmdlet removes the given policy type in mentioned group ID.

Remove Group Policy Assignment Using Teams PowerShell Module

Modify Group Policy Assignment Using Teams PowerShell Module

Directly altering the policy assignment ranking value is not possible in the Teams admin center. The policy assignments should be removed and newly assigned again with a new rank value to change the ranking. To take away this hassle, PowerShell lends you a hand with a simple and reusable cmdlet which is described below.

Set-CsGroupPolicyAssignment -GroupId 566b8d39-5c5c-4aaa-bc07-4f36278a1b38 -PolicyType TeamsMeetingPolicy -PolicyName SupportCallPark -Rank 3

The “Set-CsGroupPolicyAssignment” cmdlet can be used to make the following alterations in group policy assignments based on the given attributes.

Change policy assignment ranking.
Change the policy under the existing policy type.
Change policy assignment ranking value and policy of a given policy type.

In this example, the policy is changed to ‘SupportCallPark’ policy, and the rank value is assigned to 3.

NOTE: The “Set-CsGroupPolicyAssignment” cmdlet is currently not released for use. So, for now, you need to remove policies and add new policies to change the policy or ranking. But you can easily alter the policy settings once after the availability of this cmdlet.

New Group Policy Assignment Support in Teams PowerShell Module

Microsoft rolls out group policy assignment support for additional policies in Teams PowerShell Module as a new update. So that admins can manage their groups in the M365 admin center and group policies in Teams PowerShell with a breeze. This feature will allow you to configure custom policies to groups for all Microsoft commercial licenses. With this update, dependency on global or direct policy assignments through manual methods is eliminated. In addition to the core policies such as meeting policies, calling policies, and messaging policies, the following policies are now expected to be available in Teams PowerShell by late May 2023.

Application Access Policy
Call Hold Policy
Carrier Emergency Call Routing Policy
Cortana Policy
Dial Out Policy
Education Assignments App Policy
Emergency Calling Policy
Enhanced Encryption Policy
Events Policy
External Access Policy
Feedback Policy
Files Policy
IPPhone Policy
Media Logging Policy
Meeting Branding Policy
Meeting Template Permission Policy
Mobility Policy
Notification And Feeds Policy
Room Video Tele Conferencing Policy
Synthetic Automated Call Policy
Teams Branch Survivability Policy
Template Permission Policy
VDI Policy
Video Interop Service Policy
Voice Routing Policy
Voicemail Policy

In conclusion, ultimately manage all group policies including Teams using PowerShell cmdlets. Take charge of the user-specific actions and security controls through this group policy assignment. Not only policies, you can also manage your Teams using PowerShell for effective administration. Rather than performing numerous repetitive tasks in the Teams admin center, automate them with just a few cmdlets in PowerShell.

I hope that this blog provides you with deeper insights into group policy assignments using Teams PowerShell. For any clarifications feel free to reach us through comments.

Source :
https://m365scripts.com/microsoft365/group-policy-assignments-using-microsoft-teams-powershell/

8 Best Network Scanning Tools & Software for 2023

BY KIHARA KIMACHIA
MAY 30, 2023

Network scanning tools are a critical investment for businesses in this era of increasing cyber threats. These tools perform an active examination of networks to identify potential security risks and help IT administrators maintain the health and security of their networks.

As businesses become more digital and interconnected, the demand for such tools has significantly increased. To help businesses sort through the plethora of these solutions available on the market, we’ve narrowed down the list to eight top products and their ideal use cases.

Here are our picks for the top network scanning software:

Burp Suite: Best for comprehensive web vulnerability scanning (Read more)
Detectify: Best for ease of use and automation (Read more)
Intruder: Best for cloud-based network security (Read more)
ManageEngine OpManager: Best for real-time network monitoring (Read more)
Tenable Nessus: Best for vulnerability analysis (Read more)
Pentest Tools: Best for penetration testing (Read more)
Qualys VMDR: Best for cloud security compliance (Read more)
SolarWinds ipMonitor: Best for large-scale enterprise networks (Read more)

Top network scanning tools and software comparison

	Vulnerability Scanning	Real-time Network Monitoring	Penetration Testing	Compliance Assurance	Integration with Other Tools	Ease of Use	Range of Vulnerabilities Detected	Scalability	Pricing (Starting)
Burp Suite	✔	✘	✔	✔	✔	Moderate	High	High	$1,999/yr
Detectify	✔	✔	✘	✔	✔	High	Moderate	High	$89/mo.
Intruder	✔	✔	✔	✔	✔	High	High	High	$160/mo.
Manage Engine OpManager	✔	✔	✘	✔	✔	Moderate	Moderate	High	$245
Tenable Nessus	✔	✘	✔	✔	✔	High	High	High	$4,990/yr
Pentest Tools	✔	✔	✔	✔	✔	Moderate	High	Moderate	$72/mo.
Qualys VMDR	✔	✔	✘	✔	✔	Moderate	High	High	$6,368/yr
SolarWinds ipMonitor	✔	✔	✘	✔	✔	High	Moderate	High	$1,570/yr

Jump to:

Burp Suite

Best for comprehensive web vulnerability scanning

Burp Suite is a trusted tool among IT professionals for its robust web vulnerability scanning capabilities. It identifies security holes in web applications and is particularly well-suited for testing complex applications.

Pricing

The vendor has three enterprise pricing options as follows:

Pay as you scan: This tier starts at $1,999 per year plus $9 per hour scanned. It includes unlimited applications and users.
Classic: This tier is priced at $17,380 per year and includes 20 concurrent scans, unlimited applications and unlimited users.
Unlimited: This is the superior plan and is priced at $49,999 per year. It includes unlimited concurrent scans, applications, and users.

Features

Out-of-band Application Security Testing (OAST) added to dynamic scans for accurate identification of vulnerabilities.
Easy setup with point-and-click scanning or trigger via CI/CD.
Recurring scanning options for daily, weekly, or monthly scans.
Out-of-the-box configurations for fast crawl or critical vulnerability audits.
API security testing for increased coverage of microservices.
JavaScript scanning to uncover more attack surfaces in Single Page Applications (SPAs).
Scalable scanning with the ability to adjust the number of concurrent scans.
Custom configurations available, including crawl maximum link depth and reported vulnerabilities.
Burp Scanner, a trusted dynamic web vulnerability scanner used by over 16,000 organizations.
Integration with major CI/CD platforms such as Jenkins and TeamCity.
API-driven workflow for initiating scans and obtaining results via the REST API.
Integration with vulnerability management platforms for seamless scanning and security reporting.
Burp extensions allow customization of Burp Scanner to meet specific requirements.
Multiple deployment options including interactive installer and Kubernetes deployment.
Integration with bug tracking systems like Jira with auto ticket generation and severity triggers.
GraphQL API for initiating, scheduling, canceling, and updating scans.
Role-based access control for multi-user functionality and control.
Compatible configurations from Burp Suite Pro can be manually integrated into the Enterprise environment.
Reporting features include graphical dashboards, customizable HTML reports, scan history metrics, intuitive UI, rich email reporting, security posture graphing, aggregated issue reporting, and compliance reporting for PCI DSS and OWASP Top 10.

Pros

Extensive vulnerability detection.
Can handle complex web applications.
Integration with popular CI/CD tools.

Cons

Steep learning curve for beginners.
Relatively higher pricing.

Detectify

Best for ease of use and automation

Detectify is a fully automated External Attack Surface Management (EASM) solution powered by a world-leading ethical hacker community. It can help map out a company’s security landscape and find vulnerabilities that other scanners may miss.

Pricing

The vendor has several pricing options as follows:

The full EASM package comes with a 2-week free trial. Pricing is custom and based on the number of domains, sub-domains, and web applications of the attack surface.
For organizations with a small attack surface, the vendor offers two pricing tiers that also come with a free 2-week trial:
- Surface Monitoring: Pricing starts from $289 per month (billed annually). This package includes up to 25 subdomains.
- Application Scanning: Pricing starts from $89 per month per scan profile (billed annually).

Features

The features of the full EASM solution are:

Continuous 24/7 coverage for discovering and monitoring your modern tech stack.
Crawling and fuzzing engine that surpasses traditional DAST scanners.
Ability to monitor large enterprise products and protect sensitive organizational data.
Accurate results with 99.7% accuracy in vulnerability assessments through payload-based testing.
SSO, API access, automatic domain verification, custom modules, and attack surface custom policies.
Identify risks before they are exploited by enriching assets with critical information like open ports, DNS record types, and technologies.
Integrates with popular tools such as Slack, Jira, and Splunk, and comes with an API that allows users to export results in the manner that best suits their workflows.

Pros

Simple and clean interface, easy to use.
Continuous automatic updates and scans.
Customizable reports and notifications.

Cons

Limited manual testing capabilities.
May generate false positives.

Intruder

Best for cloud-based network security

Intruder is a powerful cloud-based network security tool that helps businesses prevent security breaches by automating routine security checks. Each threat found is classified according to severity and a remediation plan proposed.

Pricing

Pricing is based on the number of applications and infrastructure targets with three pricing tiers: Essential, Pro and Premium. The Pro plan comes with a 14-day free trial.
Example pricing for 1 application and 1 infrastructure target is as follows:
- Essential: $160 per month, billed annually.
- Pro: $227 per month, billed annually.
- Premium: From $3,737 per year.

Features

Easy-to-use yet powerful online vulnerability tool.
Comprehensive risk monitoring across your stack, including publicly and privately accessible servers, cloud systems, websites, and endpoint devices.
Detection of vulnerabilities such as misconfigurations, missing patches, encryption weaknesses, and application bugs, including SQL injection, Cross-Site Scripting, and OWASP Top 10.
Ongoing attack surface monitoring with automatic scanning for new threats and alerts for changes in exposed ports and services.
Intelligent results that prioritize actionable findings based on context, allowing you to focus on critical issues like exposed databases.
Compliance and reporting with high-quality reports to facilitate customer security questionnaires and compliance audits such as SOC2, ISO27001, and Cyber Essentials.
Continuous penetration testing by security professionals to enhance coverage, reduce the time from vulnerability discovery to remediation, and benefit from vulnerability triage by certified penetration testers.
Seamless integration with your technical environment, with no lengthy installations or complex configurations required.

Pros

Cloud-based, eliminating the need for on-site servers.
Comprehensive vulnerability coverage.
Automated, regular security checks.

Cons

Dependency on automated scanning engines may result in occasional false positives or false negatives.

ManageEngine OpManager

Best for real-time network monitoring

ManageEngine OpManager is a comprehensive network monitoring application, capable of providing intricate insights into the functionality of various devices such as routers, switches, firewalls, load balancers, wireless LAN controllers, servers, virtual machines, printers, and storage systems. This software facilitates in-depth problem analysis to identify and address the core source of network-related issues.

Pricing

The vendor offers three editions with starting prices as follows:

Standard: $245 for up to 10 devices.
Professional: $345 for up to 10 devices.
Enterprise: $11,545 for 250 up to 250 devices.

Features

Capable of monitoring networks using over 2,000 performance metrics, equipped with user-friendly dashboards, immediate alert systems, and intelligent reporting features.
Provides crucial router performance data including error and discard rates, voltage, temperature, and buffer statistics.
Enables port-specific traffic control and switch port mapping for device identification.
Continuous monitoring of WAN link performance, latency, and availability, leveraging Cisco IP SLA technology.
Active monitoring of VoIP call quality across WAN infrastructure, facilitating the troubleshooting of subpar VoIP performance.
Automatic generation of L1/L2 network mapping, aiding in the visualization and identification of network outages and performance issues.
Provides monitoring for both physical and virtual servers across various operating systems such as Windows, Linux, Solaris, Unix, and VMware.
Detailed, agentless monitoring of VMware-virtualized servers with over 70 VMware performance monitors.
Utilizes WMI credentials to monitor Microsoft Hyper-V hosts and guest performance with over 40 in-depth metrics.
Enables monitoring and management of Host, VMs, and Storage Repositories of Citrix Hypervisor, providing the necessary visibility into their performance.
Allows for monitoring and management of processes running on discovered devices through SNMP/WMI/CLI.
Uses protocols like SNMP, WMI, or CLI for monitoring system resources and gathering performance data.
Provides immediate notifications on network issues via email and SMS alerts.
Facilitates the orchestration and automation of initial network fault troubleshooting steps and maintenance tasks.
Provides a centralized platform for identifying network faults, allowing for visualization, analysis, and correlation of multiple monitor performances at any instant.
Enables network availability, usage trend, and performance analysis with over 100 ready-made and customizable reports.
Employs a rule-based approach for syslog monitoring to read incoming syslogs and assign alerts.
Includes a suite of OpManager’s network monitoring tools to assist in first and second-level troubleshooting tasks.

Pros

In-depth network monitoring.
Easy-to-understand performance dashboards.
Supports both physical and virtual servers.

Cons

May be complex for beginners.
Cost can quickly escalate based on number of devices.

Tenable Nessus

Best for vulnerability analysis

Tenable Nessus is a vulnerability assessment tool that enables organizations to actively detect and rectify vulnerabilities throughout their ever-evolving attack surface. It is formulated to evaluate contemporary attack surfaces, expanding beyond conventional IT assets to ensure the security of cloud infrastructure and provide insights into internet-connected attack surfaces.

Pricing

Nessus offers a free 7-day trial. Customers can scan up to 32 IPs per scanner during the trial period.
After the trial, the product is available at a starting fee of $4,990 per year for an unlimited number of IPs per scanner.
Nessus Enterprise pricing is dependent on business requirements.

Features

Evaluates contemporary attack surfaces, extends beyond conventional IT assets, and provides insights into internet-connected environments.
Built with an understanding of security practitioners’ work, aiming to make vulnerability assessment simple, intuitive, and efficient.
Provides a reporting feature that prioritizes the top ten significant issues.
Nessus is deployable on a range of platforms, including Raspberry Pi, emphasizing portability and adaptability.
Ensures precise and efficient vulnerability assessment.
Offers visibility into your internet-connected attack environments.
Ensures the security of cloud infrastructure before deployment.
Focuses on the most significant threats to enhance security efficiency.
Provides ready-to-use policies and templates to streamline vulnerability assessment.
Allows for customization of reports and troubleshooting procedures.
Provides real-time results for immediate response and rectification.
Designed for straightforward and user-friendly operation.
Provides an organized view of vulnerability assessment findings for easy interpretation and analysis.

Pros

Broad vulnerability coverage.
Easy integration with existing security systems.
User-friendly interface.

Cons

Relatively higher pricing.

Pentest Tools

Best for penetration testing

Pentest Tools is a suite of software designed to assist with penetration testing. Pentest Tools provides the necessary capabilities to effectively carry out penetration tests, offering insights into potential weak points that may be exploited by malicious actors.

Pricing

The vendor offers four pricing plans as follows:

Basic: $72 per month, billed annually, for up to 5 assets and up to 2 parallel scans.
Advanced: $162 per month, billed annually, for up to 50 assets and up to 5 parallel scans.
Teams: $336 per month, billed annually, for up to 500 assets and up to 10 parallel scans.
Enterprise: For more than 500 assets and more than 10 parallel scans, plan pricing varies.

Features

Initially built on OpenVAS, now includes proprietary technology to assess network perimeter and evaluate a company’s external security posture.
Uses proprietary modules, like Sniper: Auto Exploiter, for a comprehensive security scan.
Provides a simplified and intuitive interface for immediate scanning.
Conducts in-depth network vulnerability scans using over 57,000 OpenVAS plugins and custom modules for critical CVEs.
Includes a summarized report of vulnerabilities found, their risk rating, and CVSS score.
Each report offers recommendations for mitigating detected security flaws.
Prioritizes vulnerabilities based on risk rating to optimize manual work and time.
Generates customizable reports with ready-to-use or custom templates.
Provides a complete view of “low hanging fruit” vulnerabilities, enabling focus on more advanced tests.
Allows testing of internal networks through a ready-to-use VPN, eliminating the need for time-consuming scripts and configurations.
Identifies high-risk vulnerabilities such as Log4Shell, ProxyShell, ProxyLogon, and others.
Assists in running vulnerability assessments necessary to comply with various standards like PCI DSS, SOC II, HIPAA, GDPR, ISO, the NIS Directive, and others.
Facilitates thorough infrastructure tests, detecting vulnerabilities ranging from weak passwords to missing security patches and misconfigured web servers.
Third-party infrastructure audit that’s useful for IT services or IT security companies, providing reports for client assurance on implemented security measures.

Pros

Broad coverage of penetration testing scenarios.
Easy to use, with detailed reports.
Regular updates and enhancements.

Cons

Proprietary technology can also limit interoperability with other tools or platforms.
New users may experience a steep learning curve.

Qualys VMDR

Best for cloud security compliance

Qualys VMDR is a top choice for businesses looking for cloud-based network security software. It provides automated cloud security and compliance solutions, allowing businesses to identify and fix vulnerabilities.

Pricing

Prospective customers can try out the tool for free for 30 days.
Pricing starts at $199 per asset with a minimum quantity of 32 (i.e., $6,368 total starting cost).
Flexible pricing for larger packages based on business needs.

Features

Qualys is a strong solution for businesses seeking cloud-based network security software, providing automated cloud security and compliance solutions.
Utilizes TruRisk™ to quantify risk across vulnerabilities, assets, and asset groups, enabling proactive mitigation and risk reduction tracking.
Automates operational tasks for vulnerability management and patching with Qualys Flow, saving valuable time.
Leverages insights from over 180,000 vulnerabilities and 25+ threat sources to provide preemptive alerts on potential attacks with the Qualys Threat DB.
Detects all IT, OT, and IoT assets for a comprehensive, categorized inventory with detailed information such as vendor lifecycle.
Automatically identifies vulnerabilities and critical misconfigurations per Center for Internet Security (CIS) benchmarks, by asset.
Integrates with ITSM tools like ServiceNow and Jira to automatically assign tickets and enable orchestration of remediation, reducing Mean Time To Resolution (MTTR).

Pros

Cloud-based, reducing on-premise hardware needs.
Comprehensive vulnerability and compliance coverage.
Powerful data analytics capabilities.

Cons

Can be complex for small businesses.
Pricing is high and can be prohibitive for smaller organizations.

SolarWinds ipMonitor

Best for large-scale enterprise networks

SolarWinds ipMonitor is an established network monitoring solution ideal for monitoring servers, VMware hosts, and applications on large-scale enterprise networks. It offers deep performance insights and customizable reports.

Pricing

SolarWinds ipMonitor has three pricing editions, each with a 14-day free trial:

500 monitors for $1,570
1000 monitors for $2,620
2500 monitors for $5,770

Features

The monitoring tool provides over a dozen notification types including alerts via email, text message, or directly to Windows Event Log files.
Facilitates the monitoring of common ports with key protocols.
Ensures IT environment functionality by continuously monitoring database availability.
Enhances end user network experience monitoring capabilities.
Offers monitoring of network equipment health in tandem with network infrastructure.
Confirms the ability of a web server to accept incoming sessions.
Provides critical insights into the overall IT environment.
Offers an affordable tool for network monitoring.
Utilizes VM ESXi host monitors to track the health and performance of your virtual environment.
Enables monitoring of Windows services and applications..

Pros

Extensive scalability for large networks.
Deep insights and comprehensive reporting.
Wide range of integrated applications.

Cons

Can be overly complex for smaller networks.
The pricing model may not suit smaller businesses.

Key features of network scanning tools and software

Vulnerability scanning is central to all network scanning tools, but other features, such as real-time monitoring, penetration testing, and integrability, should not be overlooked.

Vulnerability scanning

This is the most critical feature buyers typically look for in network scanning tools. Vulnerability scanning helps identify potential security threats and weak spots within the network.

The tools do this by scanning the network’s devices, servers, and systems for known vulnerabilities such as outdated software, open ports, or incorrect configurations.

This feature matters because it provides an overview of the network’s security posture, enabling users to take corrective measures promptly.

Real-time network monitoring

Real-time network monitoring allows for continuous observation of the network’s performance, detecting any issues or anomalies as they occur.

This feature is vital because it can significantly reduce downtime and address performance issues before they impact business operations.

Penetration testing

Penetration testing (or pentesting) simulates cyberattacks on your network to test the effectiveness of your security measures and identify potential vulnerabilities that may not be detectable through standard vulnerability scanning.

Penetration testing is essential for businesses as it offers a more proactive approach to cybersecurity than standard vulnerability scans.

Compliance assurance

Compliance assurance ensures that the organization’s network aligns with various regulatory standards, such as HIPAA for healthcare or PCI DSS for businesses that handle credit card information.

Compliance assurance is critical because non-compliance can result in hefty fines and damage to the company’s reputation.

Integration with other tools

Integration capabilities are an often overlooked but essential feature of network scanning tools. The ability to integrate with other IT management and security tools allows for a more streamlined and efficient workflow.

For example, integrating a network scanning tool with a ticketing system could automatically create a ticket when a vulnerability is detected.

This feature is vital as it enables businesses to enhance their overall IT infrastructure management and improve response times to potential threats.

How to choose the best network scanning software for your business

Selecting the best network scanning tool for your business involves several key considerations:

Identify your needs: The first step is to understand what you need from a network scanning tool. Do you require real-time network monitoring, pentesting, compliance assurance, or more? The type of network you’re operating and the size of your business can heavily influence your needs.
Consider the ease of use: The usability of the software is an important factor depending on the size and expertise of your IT team. If it’s too complex, it may be challenging for your team to use effectively. Look for software that has a user-friendly interface and offers good customer support.
Examine the features: Look for software that offers the features that match your specific requirements. If you’re unsure what features you might need, consulting with an IT professional can be beneficial.
Evaluate scalability: Your business is likely to grow, and so will your network. The network scanning tool you choose should be able to scale along with your business without losing efficiency.
Check for regular support and updates: Good network scanning software should provide reliable support and regular updates to address emerging security threats. Check whether the software is frequently updated and if technical support is readily available.
Review pricing: Lastly, consider the pricing and your budget. Keep in mind that while some software might be more expensive, it could offer more features or better support, leading to better value for your business in the long run.

Frequently Asked Questions (FAQs)

What are the benefits of network scanning tools?

Network scanning tools offer a multitude of benefits, including:

Security enhancement: Network scanning tools identify vulnerabilities and security risks within a network, allowing businesses to address these issues proactively and bolster their security posture.
Compliance assurance: Many of these tools help ensure that your network aligns with various regulatory and industry standards, reducing the risk of non-compliance penalties.
Real-time monitoring: By providing real-time network monitoring, these tools allow for immediate detection and mitigation of issues, thereby reducing network downtime and improving performance.
Resource optimization: Network scanning can identify underutilized resources, aiding in more efficient resource allocation and cost savings.
Improved network management: With a thorough understanding of the network infrastructure, administrators can make more informed decisions regarding network planning and expansion.

Who should use network scanning software?

Network scanning software is beneficial for a variety of roles and industries, including:

Network administrators: These professionals can use network scanning tools to monitor and manage the health of the network, consistently optimizing its performance.
IT security professionals: These tools are crucial for IT security staff in identifying potential vulnerabilities and mitigating security risks.
Managed Service Providers (MSPs): MSPs can utilize network scanning tools to manage and monitor their clients’ networks, ensuring they are secure and comply with relevant regulations.
Regulated industries: Businesses within industries that must adhere to strict data security standards, such as healthcare, finance, and e-commerce, can benefit significantly from these tools to ensure compliance and protect sensitive data.

What are the types of network scanning?

Network scanning can be categorized into several types based on their function:

Port scanning: This type identifies open ports and services available on a network host. It can help detect potential security vulnerabilities.
Vulnerability scanning: This process involves identifying known vulnerabilities in the network, such as outdated software or misconfigurations, that could be exploited.
Network mapping: This type of scanning identifies the various devices on a network, their interconnections, and topology.
Performance scanning: This form of scanning monitors network performance, identifying potential issues that could affect the speed or reliability of the network.
Compliance scanning: This type checks the network’s compliance with certain regulatory or industry standards, helping avoid potential legal issues.

Methodology

The selection, review, and ranking of the network scanning tools in this list was carried out through a comprehensive and structured methodology, which involved several key steps: namely, requirement identification, market research, feature evaluation, user reviews and feedback, ease of use, pricing, and scalability.

By combining these steps, we have aimed to provide a balanced and comprehensive overview of the top network scanning tools of 2023, thereby enabling potential buyers to make an informed decision that best suits their specific needs and circumstances.

Bottom line: Managing vulnerabilities with network scanning tools

Network scanning tools are essential for any organization striving to maintain a secure and efficient IT environment. From identifying vulnerabilities to ensuring compliance and enhancing overall network performance, these tools play a pivotal role in successful network management.

The eight tools discussed in this article offer a variety of features and capabilities, catering to different needs and business sizes. However, choosing the right tool should be guided by an organization’s unique requirements, budget, and the tool’s ability to scale alongside the growth of the business.

By doing so, businesses can foster a more secure, compliant, and reliable IT network, boosting operational efficiency and business resilience.

Knowing your network’s vulnerabilities is just the beginning. Here are the best vulnerability management tools to keep your data locked up safe.

Source :
https://www.enterprisenetworkingplanet.com/security/network-scanning-tools/

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

stván Márton May 31, 2023

On May 20, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in WPDeveloper’s ReviewX plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible for an authenticated attacker to grant themselves administrative privileges via a user meta update.

Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on May 22, 2023. Sites still using the free version of Wordfence will receive the same protection on June 21, 2023.

We contacted WPDeveloper on May 20, 2023, and received a response the next day. After providing full disclosure details, the developer released a patch on May 22, 2023. We would like to commend the WPDeveloper development team for their prompt response and timely patch, which was released in just one day.

We urge users to update their sites with the latest patched version of ReviewX, which is version 1.6.14 at the time of this writing, as soon as possible.

Vulnerability Summary from Wordfence Intelligence

Description: ReviewX <= 1.6.13 – Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
Affected Plugin: ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug: reviewx
Affected Versions: <= 1.6.13
CVE ID: CVE-2023-2833
CVSS Score: 8.8 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Researcher/s: Lana Codes
Fully Patched Version: 1.6.14

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the ‘rx_set_screen_options’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role via the ‘wp_screen_options[option]’ and ‘wp_screen_options[value]’ parameters during a screen option update.

Technical Analysis

ReviewX is a plugin that primarily enables customers to add ratings and reviews to WooCommerce stores, but it is also possible to use it with custom post types.

The reviews are listed on the WordPress admin page, which includes a screen option for how many reviews should be displayed per page for the admin user. Unfortunately, this feature was implemented insecurely, allowing all authenticated users to modify their capabilities, including granting themselves administrator capabilities.

Upon closer examination of the code, we see that the ‘rx_set_screen_options’ function, which updates a user’s per-page screen option, is hooked to the ‘admin_init’ action.

971	`add_filter(` `'admin_init',` `'rx_set_screen_options');`

This hook is triggered on every admin page without any post type or page restrictions. This means that the ‘rx_set_screen_options’ hooked function is invoked on all admin pages, allowing users who otherwise do not have access to the plugin to also access the function, as the function itself does not contain any restrictions.

This makes it possible for any authenticated user with an account, such as a subscriber, to invoke the ‘rx_set_screen_options’ function.

972973974975976977978979980981982983984985986987988989990 functionrx_set_screen_options() { if( isset( $_POST['wp_screen_options'] ) && is_array( $_POST['wp_screen_options'] ) ) { check_admin_referer( 'screen-options-nonce', 'screenoptionnonce'); $user= wp_get_current_user(); if( ! $user) { return; } $option= $_POST['wp_screen_options']['option']; $value= $_POST['wp_screen_options']['value']; if( sanitize_key( $option) != $option) { return; } update_user_meta( $user->ID, $option, $value); }}

The function includes a nonce check, but it uses a general nonce that is available on every admin page where there is a screen option.

The most significant problem and vulnerability is caused by the fact that there are no restrictions on the option, so the user’s metadata can be updated arbitrarily, and there is no sanitization on the option value, so any value can be set, including an array value, which is necessary for the capability meta option.

This made it possible for authenticated users, such as subscribers, to supply the ‘wp_capabilities’ array parameter with any desired capabilities, such as administrator, during a screen option update.

As with any Privilege Escalation vulnerability, this can be used for complete site compromise. Once an attacker has gained administrative user access to a WordPress site they can then manipulate anything on the targeted site as a normal administrator would. This includes the ability to upload plugin and theme files, which can be malicious zip files containing backdoors, and modifying posts and pages which can be leveraged to redirect site users to other malicious sites.

Disclosure Timeline

May 20, 2023 – Discovery of the Privilege Escalation vulnerability in ReviewX.
May 20, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.
May 21, 2023 – The vendor confirms the inbox for handling the discussion.
May 21, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.
May 22, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability.
May 23, 2023 – A fully patched version of the plugin, 1.6.14, is released.
June 21, 2023 – Wordfence Free users receive the same protection.

Conclusion

In this blog post, we detailed a Privilege Escalation vulnerability within the ReviewX plugin affecting versions 1.6.13 and earlier. This vulnerability allows authenticated threat actors with subscriber-level permissions or higher to elevate their privileges to that of a site administrator which could ultimately lead to complete site compromise. The vulnerability has been fully addressed in version 1.6.14 of the plugin.

We encourage WordPress users to verify that their sites are updated to the latest patched version of ReviewX.

If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.

For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

Did you enjoy this post? Share it!

Source :
https://www.wordfence.com/blog/2023/05/wpdeveloper-addresses-privilege-escalation-vulnerability-in-reviewx-wordpress-plugin/

Dell SonicWALL TZ400 and Firebox BOVPN Virtual Interface Integration Guide – Tunnel Interface

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

This integration guide describes how to configure a BOVPN virtual interface tunnel between a WatchGuard Firebox and a Dell SonicWALL® TZ400.

Integration Summary

The hardware and software used in this guide include:

WatchGuard Firebox M400
- Fireware v12.8.2.B668649
Dell SonicWALL TZ400
- SonicOS Enhanced Version 6.5.4.11-97n

Topology

This diagram shows the topology for a BOVPN virtual interface connection between a Firebox and a Dell SonicWall TZ400.

Configure the Firebox

To configure a BOVPN virtual interface connection on the Firebox:

Log in to Fireware Web UI.
Select VPN > BOVPN Virtual Interfaces.
The BOVPN Virtual Interfaces configuration page opens.
Click Add.

In the Interface Name text box, type a name to identify this BOVPN virtual interface.
From the Remote Endpoint Type drop-down list, select Cloud VPN or Third-Party Gateway.
From the Gateway Address Family drop-down list, select IPv4 Addresses.
In the Credential Method section, select Use Pre-Shared Key.
In the adjacent text box, type the pre-shared key.
From the drop-down list, select String-Based .
In the Gateway Endpoint section, click Add.
The Gateway Endpoint Settings dialog box opens.

From the Physical drop-down list, select External.
From the Interface IP Address drop-down list, select Primary Interface IPv4 Address.
The Primary Interface IP Address is the primary IP address you configured on the selected external interface.
Select By IP Address.
In the adjacent text box, type the primary IP address of the External Firebox interface.
Select the Remote Gateway tab.

Select Static IP Address.
In the adjacent text box, type the IP address of your SonicWALL WAN connection.
Select By IP Address.
In the adjacent text box, type the IP address of your SonicWALL WAN connection.
Click OK.

Screen shot of the completed Gateway Endpoint settings

In the Gateway Endpoint section, select Start Phase 1 tunnel when it is inactive.
Select Add this tunnel to the BOVPN-Allow policies.
Select the VPN Routes tab.

Click Add.

From the Choose Type drop-down list, select Network IPv4.
In the Route To text box, type the Network IP address of a route that will use this virtual interface.
Click OK.

Screen shot of the completed VPN Route settings

Select the Phase 1 Settings tab.

From the Version drop-down list, select IKEv2.
Keep all other Phase 1 settings as the default values.
Keep Phase 2 Settings as the default values.

Click Save.

For more information about BOVPN virtual interface configuration on the Firebox, see BOVPN Virtual Interfaces

Configure the Dell SonicWALL TZ400

Zone and Interface Settings

Log in to the Dell SonicWALL TZ400 Web UI at https://<IP address of TZ400>. The default IP address is 192.168.168.168.
Configure interfaces and zones. For information about how to configure interfaces and zones, see the Dell SonicWALL TZ400 documentation.

Screen shot of the Dell SonicWALL interface settings

Screen shot of the Dell SonicWALL zone settings

IPSec VPN Settings

To configure IPSec VPN settings:

Select Manage > Policies > Objects > Address Objects.
To add a new object, click Add.

Screen shot of the Dell SonicWALL address object settings

In the Name text box, type the object name. In our example, the name is WGINT.
From the Zone Assignment drop-down list, select VPN.
From the Type drop-down list, select Network.
In the Network text box, type the network address.
In the Netmask/Prefix Length text box, type the netmask.
Click Add.
Click Close.

Select Manage > Connectivity > VPN > Base Settings.
In the VPN Policies section, click Add.

Screen shot of the Dell SonicWALL General tab

From the Policy Type drop-down list, select Tunnel Interface.
From the Authentication Method drop-down list, select IKE using Preshared Secret.
In the Name text box, type a descriptive name for this VPN. In our example, the name is VPN with WG.
In the IPsec Primary Gateway Name or Address text box, type the peer IP address.
Select Mask Shared Secret.
In the Shared Secret and Confirm Shared Secret text boxes, type the pre-shared secret key.
From the Local IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the SonicWALL outgoing public IP address.
From the Peer IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the WatchGuard Firebox public IP address.
Select the Proposals tab.

Screen shot of the Dell SonicWALL Proposals tab.

In the IKE (Phase 1) Proposal section, from the Exchange drop-down list, select IKEv2 Mode.
From the DH Group drop-down list, select Group 14.
From the Encryption drop-down list, select AES-256.
From the Authentication drop-down list, select SHA256.
In the Ipsec (Phase 2) Proposal section, from the Protocol drop-down list, select ESP.
From the Encryption drop-down list, select AES-256.
From the Authentication drop-down list, select SHA256.
Select the Enable Perfect Forward Secrecy check box.
From the DH Group drop-down list, select Group 14.
For all other settings, keep the default values.
Click OK.

Screen shot of the Dell SonicWALL base settings

Keep all default settings in Advanced VPN Settings.

Route Policy Settings

To configure Route Policy settings:

Select Manage > System Setup > Network > Routing.
In the Route Policies section, click Add.

Screen shot of the Dell SonicWALL route policy settings

In the Name text box, type the object name. In our example, the name is policy.
From the Source drop-down list, select X2 subnet. In our example, the X2 subnet is 192.168.13.0/24.
From the Destination drop-down list, select WGINT.
From the Service drop-down list, select Any.
From the Interface drop-down list, select VPN with WG.
For all other settings, keep the default values.
Click OK.

Screen shot of Dell SonicWALL route policies

Test the Integration

Log in to the Firebox Web UI.
Select System Status > VPN Statistics.
Verify the VPN tunnel is active.
Log in to the Dell SonicWALL TZ400 Web UI.
Verify the VPN tunnel is active.
Verify the hosts behind the Firebox and behind the SonicWALL can successfully ping each other.

Source :
https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/dell_sonicwall_BOVPN_virtual_interface.html

Dell SonicWALL TZ400 and Firebox Branch Office VPN Integration Guide – Site To Site

Deployment Overview

This integration guide describes how to configure a Branch Office VPN (BOVPN) tunnel between a WatchGuard Firebox and a Dell SonicWALL® TZ400.

Integration Summary

The hardware and software used in this guide include:

WatchGuard Firebox M400
- Fireware v12.8.2.B668649
Dell SonicWALL TZ400
- SonicOS Enhanced Version 6.5.4.11-97n

Topology

This diagram shows the topology for a BOVPN connection between a Firebox and a SonicWALL TZ400.

Configure the Firebox

To configure a Branch Office VPN (BOVPN) connection on the Firebox:

Log in to Fireware Web UI.
Select VPN > Branch Office VPN.
The Branch Office VPN configuration page opens.
In the Gateways section, click Add.

In the Gateway Name text box, type a name to identify this BOVPN gateway.
From the Address Family drop-down list, select IPv4 Addresses.
In the Credential Method section, select Use Pre-Shared Key.
In the adjacent text box, type the pre-shared key.
From the drop-down list, select String-Based .
In the Gateway Endpoint section, click Add.
The Gateway Endpoint Settings dialog box opens.

Screen shot of the Local Gateway settings

From the External Interface drop-down list, select External.
From the Interface IP Address drop-down list, select Primary Interface IPv4 Address.
The Primary Interface IP Address is the primary IP address you configured on the selected external interface.
Select By IP Address.
In the adjacent text box, type the primary IP address of the External Firebox interface.
Select the Remote Gateway tab.

Screen shot of the Remote Gateway settings

Select Static IP Address.
In the adjacent text box, type the IP address of your SonicWALL WAN connection.
Select By IP Address.
In the adjacent text box, type the IP address of your SonicWALL WAN connection.
Keep the default settings for all other options.
Click OK.

Screen shot of the completed Gateway Endpoint configuration

In the Gateway Endpoint section, select the Start Phase 1 tunnel when Firebox starts check box.
Select the Phase 1 Settings tab.

From the Version drop-down list, select IKEv2.
Keep all other Phase 1 settings as the default values.
Click Save.

Screen shot of the Gateways and Tunnels lists

In the Tunnels section, click Add.

From the Gateway drop-down list, select the gateway that you configured.
In the Addresses section, click Add.

In the Local IP section, from the Choose Type drop-down list, select Network IPv4.
In the Network IP text box, type the local IP segment. This the local network protected by the Firebox.
In the Remote IP section, from the Choose Type drop-down list, select Network IPv4.
In the Network IP text box, type the remote IP segment. This the local network protected by the Dell SonicWALL device.
Click OK.

Keep the default Phase 2 Settings.
Click Save.

Configure the Dell SonicWALL TZ400

Zone and Interface Settings

Log in to the Dell SonicWALL TZ400 Web UI at https://<IP address of TZ400>. The default IP address is 192.168.168.168.
Configure interfaces and zones. For information about how to configure interfaces and zones, see the Dell SonicWALL TZ400 documentation.

Screen shot of the SonicWALL network interface settings

Screen shot of the SonicWALL zone settings

IPSec VPN Settings

To configure IPSec VPN settings:

Select Manage > Policies > Objects > Address Objects.
To add a new object, click Add.

Screenshot of sonicwall. picture3, address object settings

In the Name text box, type the object name. In our example, the name is WGINT.
From the Zone Assignment drop-down list, select VPN.
From the Type drop-down list, select Network.
In the Network text box, type the network address.
In the Netmask/Prefix Length text box, type the netmask.
Click Add.
Click Close.

Screenshot of sonicwall, pictuer4, the address objects page

Select Manage > Connectivity > VPN > Base Settings.
In the VPN Policies section, click Add.

Screenshot of sonicwall, picture5, vpn policy, general settings

From the Policy Type drop-down list, select Site to Site.
From the Authentication Method drop-down list, select IKE using Preshared Secret.
In the Name text box, type a descriptive name for this VPN. In our example, the name is VPN with WG.
In the IPsec Primary Gateway Name or Address text box, type the peer IP address.
Select Mask Shared Secret.
In the Shared Secret and Confirm Shared Secret text boxes, type the pre-shared secret key.
From the Local IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the SonicWALL outgoing public IP address.
From the Peer IKE ID drop-down list, select IPv4 Address. In the adjacent text box, type the WatchGuard Firebox public IP address.
For all other settings, keep the default values.
Select the Network tab.

Screenshot of sonicwall, picture6, vpn policy, network settings

In the Local Networks section, select Choose local network from list. From the adjacent drop-down list, select X2 Subnet.
In the Remote Networks section, select Choose destination network from list. From the adjacent drop-down list, select WGINT.
Select the Proposals tab.

Screenshot of sonicwall, picture7, vpn policy, proposal settings.

In the IKE (Phase 1) Proposal section, from the Exchange drop-down list, select IKEv2 Mode.
From the DH Group drop-down list, select Group 14.
From the Encryption drop-down list, select AES-256.
From the Authentication drop-down list, select SHA256.
In the Ipsec (Phase 2) Proposal section, from the Protocol drop-down list, select ESP.
From the Encryption drop-down list, select AES-256.
From the Authentication drop-down list, select SHA256.
Select the Enable Perfect Forward Secrecy check box.
From the DH Group drop-down list, select Group 14.
For all other settings, keep the default values.
Select the Advanced tab.

Screenshot of sonicwall, picture8, vpn policy, advanced settings.

In the Advanced Settings section, select the Enable Keep Alive check box.
For VPN Policy bound to, from the adjacent drop-down list, select Interface X1.
For all other settings, keep the default values.
Click OK.

Screenshot of sonicwall, picture9, vpn, base settings, currently active VPN tunnels.

Keep all default settings in Advanced VPN Settings.

Test the Integration

Log in to the Firebox Web UI.
Select System Status > VPN Statistics.
Verify the VPN tunnel is active.
Log in to the Dell SonicWALL TZ400 Web UI.
Verify the VPN tunnel is active.
Verify the hosts behind the Firebox and behind the SonicWALL can successfully ping each other.

Source :
https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/dell_sonicwall_BOVPN.html

CrowdSec Engine 1.5 is officially here!

MAY 23, 2023

The biggest release since 1.0, CrowdSec Engine 1.5 brings you new features, major enhancements, and more control of your security management. Discover all that is new in 1.5 and how to get started in this article.

We launched a private preview of the CrowdSec Engine 1.5 to our community members in March to allow them to test it out and give us feedback. After a few months of testing, it was clear that the CrowdSec Engine 1.5 was ready for its debut by the end of May. So here it is, new features, major enhancements and more ways to manage your security. Check out all the updates and what’s new below. You can also read about the increased performance and faster response times when processing high volumes of logs that our community members experienced with the CrowdSec Engine 1.5.

“We are delighted to announce the launch of CrowdSec Engine 1.5 today. Following our last release in February 2022, we have been busy listening to our users to deliver a new version with significant enhancements, including the ability to receive “orders” from the console. We have also developed several new features, including compliance and post-exploitation scenarios to the engine. We are also hugely grateful to the CrowdSec community that has been busy testing the release over the last few months to ensure a smooth and successful roll-out for all our users. ” – Thibault Koechlin, Chief Technology Officer, CrowdSec‍‍

Polling API Integration

With the polling API, the Console can now send orders to the CrowdSec instances. Allowing users to manage their decisions (banned IPs at a given time). Let’s dive into what that means.

Real-time decisions management

The new Polling API gives you the ability to complete real-time decision management within the console. For users with many instances, you can now ban IPs on all of your instances at once, all from the comfort of a single page, rather than running an automation script to update all instances. A great timesaver for SecOps teams.

Teaser: Secure and custom configure the fleet of instances from the Console

In the future, the polling API feature will allow users to set up parsers and scenarios directly from the CrowdSec Console.

New Blocklist API and Premium Blocklists

We recently announced the external IP blocklists which allow all of our users to subscribe to at least 2 (new) additional blocklists created by the CrowdSec team, in addition to our community fuelled blocklist to better protect your instances.

Viktoria Rei Bauer (@ToeiRei on Discord, Twitch, and Twitter), CrowdSec Ambassador, saw a 190% increase in blocked IP addresses after implementing CrowdSec’s new Blocklist API and subscribing to 2 new blocklists.

“My average number of IP blocks was 2,000 per day. The day isn’t even over and I’ve already blocked 6,000 IPs.”

The chart below shows the impact the blocklist subscription made to Rei’s CrowdSec pfSense deployment. The red line shows the implementation of the blocklists that resulted in a 183% increase of malicious IPs blocked, peaking at a 400% increase.

‍

Kubernetes audit acquisition

The feature we presented at Kubehuddle UK 2022 is finally here:

Kubernetes Cluster Monitoring now gives our users the ability to monitor and protect their whole K8s cluster, and not just the services running on it.

S3 audit acquisition

CrowdSec now supports reading logs stored in S3 bucket, allowing you to process logs generated by AWS services (such as ALB access logs or Cloudfront logs).

Auditd support

Allows for the detection of “Post Exploitation Behaviors”, including:

base64 + interpreter (perl/bash/python)
curl/wget and exec
pkill execve bursts
rm execve bursts
exec from suspicious locations

CrowdSec CTI API helpers

You can now query CrowdSec’s Cyber Threat Intelligence (CTI) from your parsers and behavior scenario thanks to our new CTI API, allowing you to react to each threat differently according to each IPs reputation and classification.

This new CTI API allows CrowdSec and the CTI to be more interactive with each other, allowing users to query more information around a specific IP. For example, you can now query the machine’s usage, as well as the type of attack it relates to. CrowdSec is now able to query all this data in real-time, helping users to detect false positives, and also reducing alert fatigue.

AWS Cloudtrail Scenarios

Thanks to 1.5’s new behavior detection capabilities, we were able to create an advanced AWS Cloudtrail scenario helping you to detect and better understand what’s happening on your cloud. Below you can see a list of activities you are now able to detect.

Detect AWS CloudTrail configuration change
Detect AWS Config configuration change
Detect AWS console authentication failure
Detect AWS IAM policy change
Detect AWS KMS key deletion
Detect login without MFA to the AWS console
Detect AWS NACL change
Detect AWS Network Gateway change
Detect AWS root account usage
Detect AWS route table change
Detect AWS S3 bucket policy change
Detect AWS Security Group change
Detect AWS API unauthorized calls
Detect AWS VPC change

Feature flag support

This new feature allows us to have some features within the Security Engine that are disabled by default but can be activated manually by the user.

This will facilitate the inclusion of beta features safely and give more chances to the community to preview what’s coming and help us test the features in a range of use cases.

Detection Engine improvements

Conditional buckets: an improvement of our behavior detection system allows for more complex expression for the alert triggering mechanism
Event data stash: allows parsers to capture data for future enrichment. Adding the capability to detect advanced malicious behaviors

CAPI Whitelist

While the community blocklist is highly curated, and designed to avoid false positives, sometimes a shared IP used by both innocent and malicious actors will end up in it, so we’ve added the capability to create whitelists that can also be applied to the community-powered blocklist.

Conclusion

We would like to thank our community of users who have helped us reach this major milestone! Thanks to your feedback we have been able to create a release that truly caters to your needs and enhances your use of CrowdSec.

Interested in using CrowdSec Engine 1.5? If you haven’t already, install the CrowdSec Security Engine and then, sign-up for the CrowdSec Console. We will also be hosting a live webinar to go over all the new features and enhancements!

Source :
https://www.crowdsec.net/blog/crowdsec-engine-1-5-is-officially-here

ChatGPT vs. Bing Chat: Which AI chatbot should you use?

By Elena Alston · May 16, 2023

I’ve been using ChatGPT ever since OpenAI launched it in 2022. It’s helped me write meta descriptions for blog posts, create simple code snippets, and generate outlines. Heck, I’ve even used it to plan a trip to Portugal.

Try Zapier’s new ChatGPT plugin

Learn more

But I’ve been keen to try out Microsoft’s new Bing AI chatbot to see if it lives up to the hype. With Bing Chat, you’re able to chat, compose content, generate images, and get summarized answers to complex questions—all in one interface. It’s supposed to be a far more advanced version of ChatGPT, so I was excited to see how their features stack up.

Here are the main differences I discovered while comparing ChatGPT vs. Bing Chat.

ChatGPT vs. Bing Chat at a glance

If you want free access to GPT-4 (OpenAI’s most advanced and more powerful language model), Bing Chat is currently the way to go. You can access GPT-4 via ChatGPT Plus, which is a paid subscription, but Bing Chat gives you free access via Microsoft Edge. Beyond that, here’s the main difference:

Bing Chat is built into Microsoft Edge, so it’s a more integrated, tailored way of searching for answers. That makes it a powerful research assistant.
ChatGPT—though a more isolated experience—can be accessed on any browser and has more powerful integrations and plugins. It’s better suited as a personal assistant than a research assistant.

I’ll walk through some of the core differences between ChatGPT and Bing Chat in depth in the coming sections, but here’s a quick breakdown of how they compare.

	Bing Chat	ChatGPT
Language model	OpenAI’s GPT-4	OpenAI’s GPT-3.5 (ChatGPT Plus: GPT-4)
Platform	Integrated with Microsoft’s search engine	Standalone website or API
Internet access	Can perform web searches and offer links and recommendations	Browsing feature for ChatGPT Plus users
Image generation	Can generate creative content, including images using DALL·E	Can only generate text
Best used as	A research assistant	A personal assistant
Usage limits	Users get to ask 20 chats per session and 200 total chats per day	Unlimited conversations per day; ChatGPT Plus users get 25 GPT-4 messages every 3 hours
Pricing	Free	Free; ChatGPT Plus available for $20/month

Bing Chat is part of search, while ChatGPT is an isolated interface

Both ChatGPT and Bing Chat use OpenAI’s language models, which means that, for the most part, they generate very similar results.

The biggest difference between them is that Bing Chat is also powered by Microsoft’s Prometheus, a model that integrates Bing Search with the AI tool.

Marketed as a “co-pilot” for the web, Bing Chat distills the latest information from across the web and summarizes it when answering your prompts. It even cites its sources and generates a list of relevant links (as well as pulling in visuals). This is what it looks like within the Bing Chat web interface.

ChatGPT, on the other hand, doesn’t pull in current results from the internet as it’s only been trained on information up until 2021. There’s a simple workaround, though: you can access OpenAI’s native web browser plugin, available on ChatGPT Plus.

The web browser can look through web results and share them with you like Bing can, but I’ve found that it doesn’t integrate visuals like Bing does. The result is a more text-heavy experience, but no less effective.

The downside is that when it comes to researching facts, news stories, or historical events, ChatGPT doesn’t always cite its sources. It doesn’t seem to have a problem citing weather reports, but for other information, it can be a bit hit or miss—unless you specifically instruct it to provide sources. (Which, by the way, I’d recommend, given its tendency to hallucinate.)

In addition to being more reliable with its citations, Bing offers recommendations on what to search for next.

Bing Chat's suggestions for what to search next

And, if you scroll down on the chat page, Microsoft will return you to its regular search page, with a link to the most recent question you asked the chat.

Bing Chat showing your recent chats in the search

ChatGPT, on the other hand, feels more mechanical: it doesn’t offer follow-up recommendations, and the web browser you’re using ChatGPT with will have no memory of what you’ve been asking it.

As a whole, Bing AI feels a lot more like a search tool that’ll summarize complex answers for you—giving you the sources if you want to dig deeper into any topic. All without having to search through multiple pages yourself.

You get that same ease with ChatGPT, but it’s a much more isolated experience—it definitely feels like a chatbot, not a search tool.

Bing is integrated into a web browser, which allows for more tailored outputs based on what you’re doing

Bing is integrated into a sidebar, called Discover, on the Microsoft Edge browser, and it includes a few features, called Chat, Composition, and Insights.

Chat

You can chat with Bing Chat directly from the sidebar, without having to go to the Bing Chat webpage. The best part is that when you’re on a website full of information, it answers questions from that page contextually.

Reading a complex article and want the key takeaways? Done. Need to understand a complex concept in simpler terms? Done.

Bing Chat showing takeaways from the current web page you're on

This can be pretty helpful when you need an AI assistant while going through information-dense internet research.

You can still do this with ChatGPT Plus—just feed it a link and ask it to summarize the information—but it’s not seamlessly integrated into the same page you’re on.

ChatGPT summarizing an article based on a link

The difference just depends on how you like to search for information. But if you don’t mind doing your research in Microsoft Edge, Bing AI is hard to beat for a tailored AI experience.

Insights

Bing has an Insights tab that’ll give you even more information about the page you’re on. It surfaces things like a Q&A, key points, page topics, and related articles.

Scroll all the way down, and you can also get a quick overview of analytics about the website you’re visiting (like domain name, hosting service, and even traffic rank). This is something that ChatGPT doesn’t have, as it’s primarily focused on text generation.

Composition

With ChatGPT, you have to be extremely specific in your prompts; otherwise, the output will be pretty vague and most likely won’t tick all your boxes.

Bing’s Composition feature steers you more toward getting the specific output you want, by giving you ready-made options. Inside the text box, you can write out your prompt, set the tone you’re after, select the format (blog post, email, etc.), and set the length. It feels more like an AI writing generator in that way.

This is pretty handy if you’re not sure how to create prompts that will get you what you’re after, but you can just tell ChatGPT these same things in your prompt, and it’ll do a decent job.

ChatGPT has more powerful integrations and plugins, transforming it into a highly efficient assistant

While Bing Chat is a powerful search tool and a more sophisticated web browser, ChatGPT offers a whole suite of plugins that let you combine AI with other apps to unlock more varied use cases.

For example, with the Expedia plugin, I just tell ChatGPT about a trip I’m thinking of booking, and it’ll immediately surface the cheapest flights it can find via the travel site, along with the link, airport details, duration of flight, and most importantly, the pricing.

It’s so much easier than going through travel sites yourself, adjusting filters, and comparing sites side-by-side. (The hassle.)

Not only that, but the AI will also offer lodgings or other area-specific activities for you to explore. It’s a completely different ballgame compared to its web browser plugin, which refuses to offer any follow-up recommendations.

ChatGPT offering more suggestions from the Expedia plugin

The best part is you can install a number of ChatGPT plugins to work in tandem. For example, you can ask the AI for a recipe recommendation, get an accurate count of calories (using the Wolfram plugin), and then ask it to create a shopping list (with the Instacart plugin).

Using the Wolfram and Instacart plugins on ChatGPT

It’s practically like having a personal assistant—ideal for those who hate planning ahead for anything. (Ahem.)

Travel and food aside, you can also install the Zapier plugin to automate workflows directly inside the ChatGPT interface. Need the AI to write an email, then save it as a draft? It’ll do it within a matter of seconds.

ChatGPT also integrates with Zapier outside of the plugin, so you can connect it to thousands of other apps and access ChatGPT from the apps you use most. Here are some examples of tasks you can automate.

Create Notion tasks using ChatGPT conversations generated from new Slack reactions

Try it

Slack, ChatGPT, Notion

Slack + ChatGPT + NotionMore details

Start a conversation with ChatGPT when a prompt is posted in a particular Slack channel

Try it

Slack, ChatGPT

Slack + ChatGPTMore details

Zapier is the leader in no-code automation—integrating with 5,000+ apps from partners like Google, Salesforce, and Microsoft. Build secure, automated systems for your business-critical workflows across your organization’s technology stack. Learn more.

Bing AI can generate images using DALL·E, but ChatGPT is better at generating long-form content

One of the best—and most surprising—things about Bing is that it can generate images for you inside the chat function. That’s without you having to go through another AI image generator, so you can literally do everything—search, create copy, get images—all in the same interface.

Imagine you’re a travel writer. This could be a workflow you follow: You ask Bing about popular spots in New York using the chat feature. Then you ask the composition feature to create a blog post about New York. After that, you can ask Bing to create a blog hero image. That’s not a super nuanced example, but you get the gist.

Bing Image Creator making a picture of New York in a cartoon style

In that regard, ChatGPT can’t really compare, as it’s purely text-based.

But while we’re talking about strengths, ChatGPT is a lot better at providing longer-form content like articles or case studies. No matter how I tweaked the prompt, whenever I asked Bing to create a 1,000-word blog post, it repeatedly ignored those instructions and created a piece under 500 words.

ChatGPT doesn’t have that problem. It’s a good listener.

Bing Chat vs. ChatGPT: Which should you use?

Both ChatGPT and Bing can be handy writing tools and informative chatbots—but the better one depends on your actual use case.

If you want a powerful research tool that’s integrated with a web browser (and which shines in terms of in-depth page insights, image generation, and citing reputable sources), Bing Chat is your best bet.

If, however, you want to have an AI-powered personal assistant that can perform actions for you in different apps, there’s no contest: ChatGPT wins because of its suite of plugins.

The best way to know what works for you? Try them both out.