Skip to content

Backend-driven UI: Fast A/B testing and unified clients

As a Senior Frontend Engineer at NordLayer, I recently dove into BDUI to see what makes it stand out. In this article, I’ll break down where UI development is now and how adding more server-side power could improve the usual frontend-focused methods.

Frontend-only UI development

Imagine a simple UI feature, like the banner at the top of a page. How does our team create this banner? Let’s take a look at the 6-step development lifecycle for a single feature. 

A basic development cycle for a UI feature.

Development starts with requirement gathering, where the product owner (PO) outlines the desired functionality of the UI element. In this case, we want it to display a static message. So we design the banner, and as it’s a frontend-only feature, we may skip backend development and go straight into frontend development, then testing. After that, there’s only one step left – deployment. That’s it – the job’s done…

… or is it?

Emphasizing the backend’s role

Let’s say this whole process takes a week, depending on your setup. But features don’t simply stay the same indefinitely – we iterate upon them.

For example, we’d like to show a different message for the second iteration. However, realizing that the message will change a lot, we’d move its management to the backend. To ensure a smooth integration between departments, the backend engineers build an API and provide it to the frontend team. After testing and deployment, everything’s ready to go.

Let’s iterate further. Now we want to deliver tailored messages to different user segments, as part of an A/B testing strategy. The beautiful part? No more frontend changes required! The frontend’s role now is simply to call the backend to retrieve the display message. Our UI approach is now effectively ‘backend-driven,’ enabling faster iterations and more flexible content management and delivery.

The goal of backend-driven UI

Simply stated, backend-driven UI aims to make user interfaces a function of state.

Spotify expressed BDUI as UI = fn(state) in one of its early talks on the subject. This distills the idea beautifully. What we’re trying to achieve here is making the interface depend entirely on the state provided to it. Imagine a webpage structured using JSON data objects, which in our case, become the state. Each object represents a component on the frontend client. 

A mobile UI defined by JSON components.

The benefits of backend-driven UI

  • Redesigning our interface becomes streamlined: This can be achieved by simply changing the order of our objects. We can also add components without any frontend redeployment.

  • Backend-driven UI allows us to unify our client approach because this state can be used to populate any client, whether it’s mobile, desktop, or otherwise. This way, users get new features at the same time, regardless of what client they’re using. In terms of development, this helps developers across various teams follow a similar workflow.

  • Easier A/B testing. All we need to focus on is how to deliver different states based on user feedback, and with that, we can get really flexible when conceptualizing and experimenting with new UIs.

The cons of backend-driven UI

Uneven developer distribution

As mentioned before, every useful software development approach will have downsides. Implementing backend-driven UI means migrating all logic from the frontend. Naturally, this will result in higher workloads for backend developers. Keeping that in mind, does the usual developer distribution change when using this approach? Generally, yes, but this ultimately depends on the product/app/service you’re building. Some are already more backend-heavy than others.

Workload will vary depending on the stage of implementation. When starting with backend-driven UI, designing the architecture, agreeing on the contract, and executing the switch is heavily dependent on all engineers. Questions mostly arise when the migration is complete. From then on, backenders will have bigger workloads.

High cost

The upfront cost of introducing backend-driven UI can be significant. When making a UI reliant only on the state provided to it, the implementation can quickly become overcomplicated. This impacts the pace of development. It’s not an easy task, but we’re trading high upfront costs for being faster and more flexible in the future.

You should first consider whether this approach is even useful for your specific business. Spotify popularized this approach because it wanted the ability to experiment fast and flexibly with novel UI features. But if you’re building an admin panel, does it need to be backend-driven? Will the interface change a lot, or will you be conducting A/B tests for the users? Implementing BDUI should align with your tech setup and business goals.

Sanity check: Is BDUI for you?

With the pros and cons in mind, let’s address some common questions:

How much should you commit initially?

Backend-driven UI doesn’t need to replace the entire system. You can also take a modular approach when determining viability. As an example, you can identify specific parts of the application that you could make backend-driven. The banner example that we discussed above could be something to start with. If that works, try it out on a more challenging feature like a table or carousel.

Are we inventing HTML again?

Avoid being too detailed. Taking a simple feature like a text box, we could go overboard and start thinking about allowing different text colors, size changes, or other modifications…  But then we’d come dangerously close to CSS and HTML, which is certainly not the goal! Remember: Enable backend-driven UI using general components, not detailed blocks.

Do we have the foundation to implement a backend-driven UI?

Do you have a design system? As we said above, being too detailed will cause problems. With a design system in place, we have a very clear direction on where to go. Development becomes very logical as long as our frontend can handle our designed components. Everyone uses the same components to describe UIs: Whether you’re a mobile developer, frontender, or designer, we all speak the same language. A button means the same component across different contexts.

Big Tech and backend-driven UI

Most of this article’s content is based on findings from Lyft, Spotify, Airbnb, and others. These are huge companies with the resources to make backend-driven UI a reality.

And even though BDUI can be a pricy upfront investment that requires developer redistribution, its long-term benefits – including flexibility and faster adaptation to user feedback – are a huge upside for many teams, products, and apps.

Read more about engineering at Nord Security.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Forgot your Apple ID password? Here is how you can reset it.

Before you reset your Apple ID password

Before you go about resetting or changing your Apple ID password, it’s important to have all the necessary information for the process. Here’s what you’ll need:

  • Email address: Make sure you have access to the email address that you’ve used with your Apple ID.

  • Security questions: Have answers ready to any security questions if required.

  • Multi-factor authentication (MFA): If you’ve enabled MFA, ensure you have access to the trusted device or phone number.

  • Recovery email or phone number: If you’ve set up a recovery email or phone number, ensure you can access it.

On top of that, it is also crucial to note that Apple has a set of specific requirements for passwords, including:

  • A password has to be at least eight characters long.

  • A password must include a number.

  • A password must include both uppercase and lowercase letters.

How to reset your Apple ID password on iPhone and iPad

  1. Go to “Settings” and tap on your name.

  2. Select “Sign-In & Security.”

  3. Tap “Change password.”

  4. Enter your device’s passcode. Then, enter your new password and confirm it.

  5. Tap “Change” or “Change Password.”

How to reset your Apple ID password on a Mac

  1. Click on Apple’s logo at the top left of your screen.

  2. Select “System Preferences” and click on your name.

  3. On the left, select “Sign-In & Security.”

  4. In the next window, select “Change password.”

  5. You will need to enter your device’s password.

  6. You will be able to enter your new password in the next window. Then, select “Change” and “Done.”

How to reset your Apple ID password online

  1. Go to appleid.apple.com

  2. Click “Sign in” and select “Forgot password?”

  3. Enter your email address or phone number, enter the CAPTCHA code, and click “Continue.”

  4. You will receive a prompt to change your password on one of your Apple devices.

If you don’t have the device with you, you will have to either answer security questions or confirm your identity via email. If you are unable to do that, you will be asked to enter the 2FA recovery key to reset your password. You can create a new password only after you’ve confirmed your identity.

How to reset your Apple ID on a new device

  1. During the setup of a new Apple device, you will be asked to enter your Apple ID.

  2. Select “Forgot password or don’t have an Apple ID?”

  3. Finish the setup of a new device.

  4. As soon as the setup is complete, select an app that requires you to sign in to your Apple ID. On iPhone, iPad, or Apple Watch, you can simply select Messages. On a Mac, follow the instructions above.

What to do if the standard Apple ID reset methods haven’t worked for you

In case the outlined methods for resetting or changing your Apple ID password don’t work for you, there are still a few alternative strategies you can try. These methods can help you recover your account and regain access to all your Apple devices and services.

  • Check for devices already signed in with your Apple ID: If you have other Apple devices already signed in with your Apple ID, you can use one of those devices to reset your password. This can often be the quickest solution since it allows you to bypass additional verification steps.

  • Use recovery information: When setting up your Apple ID, you may have provided a recovery email address or phone number. If so, Apple can send you a verification code or reset link to help you regain access to your account.

  • Contact Apple Support: If you’ve tried the above methods without success, reaching out to Apple Support is your next best option. Apple Support can assist you in verifying your identity and recovering your account. While this might take a bit more time, it’s a reliable way to resolve the issue.

Best practices for managing and securing your passwords

To avoid the frustration of forgetting your Apple ID password in the future, we highly recommend adopting strong password management practices.

Create strong, complex passwords

Whenever you’re creating a password for a website, app, or service, remember that a strong password is a password that’s at least eight characters long and includes a healthy mix of uppercase and lowercase letters, numbers, as well as special characters. During password creation, it is also important to avoid using any easily guessable information such as your name or birthdate. If you’re looking for inspiration and practical tips for creating a strong and complex password, check out our Five Strong Password Ideas post.

Enable multi-factor authentication (MFA)

Beyond strong passwords, enabling multi-factor authentication (MFA) can further secure your accounts. MFA provides an extra layer of security by requiring a second form of verification in addition to the traditional username and password combination. This could be a code sent to your phone, a biometric scan, or a prompt on a trusted device.

Use a password manager

Finally, managing multiple strong passwords can be challenging and quite frustrating. This is where a password manager like NordPass can come in handy. NordPass simplifies password management and life online in general by offering a single secure place to safely store it all: passwords, passkeys, credit cards, personal information, secure notes, and more. On top of that, NordPass is designed to automatically save and fill in your credentials when you need to log in, saving you time and reducing the risk of password fatigue. NordPass for iOS even allows you to sync your passwords across all your devices, ensuring you have access to your digital valuables whenever, wherever. Even when you’re offline.

Start using passkeys instead of passwords

Passkeys are a new, convenient, and phishing-resistant way to sign up for and access apps, websites, and other various online services. In essence, a passkey is a digital login credential that uses your device—be it a phone, laptop, tablet, or desktop—to authenticate you instead of a traditional combination of a username and password. Cybersecurity experts see passkeys as the future of authentication technology, which will inevitably replace passwords. Tech giants such as Microsoft, Google, and Apple already allow users to opt for passkey-based authentication on their services. If you want to take your access security to the next level, we highly advise moving toward passkey-based authentication. To learn the ins and outs of setting up and using passkeys on your Apple devices, be sure to check out our latest blog entry on that exact topic.

By adopting these practices into your routine, you’ll significantly reduce the risk of unauthorized access to your accounts and minimize the stress of managing multiple passwords. Not only will your Apple ID be more secure, but you’ll also have the peace of mind of knowing that all your online accounts are protected.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Portnox Announces Support for Microsoft External Authentication Methods (EAM), Expanding its Conditional Access for Applications Capabilities

Portnox enhances passwordless risk-based access for Enterprise Applications and improves user experience for Microsoft Entra ID users.

 

Austin, TX — September 24, 2024 — Portnox, a leading provider of cloud-native, zero trust access control solutions, today announced support for Microsoft External Authentication Methods (EAM) for its Conditional Access for Applications solution. This new integration extends Portnox’s commitment to delivering phishing-resistant passwordless authentication with risk-based assessment and compliance validation for enterprise applications.

Microsoft’s EAM capability allows users to authenticate using non-Microsoft solutions, such as certificate-based authentication, FIDO2 keys, and third-party identity providers, further strengthening their access control policies across cloud, hybrid, and on-prem environments.

By incorporating Microsoft EAM into its Conditional Access for Applications solution, Portnox now provides customers with:

  • Enhanced Controls: An added layer of authentication security provided by continuous endpoint risk posture assessment for customers using Microsoft Entra ID.
  • Improved User Experience: A streamlined login experience that allows users to ditch passwords and replace hackable multi-factor methods with certificate-based authentication.

“With our support for Microsoft External Authentication Methods, customers can now improve access control and security across their entire suite of enterprise applications managed through Entra ID,” said Denny LeCompte, CEO at Portnox. “This is just one more way Portnox continues to lead the charge in making passwordless, cloud-native access control accessible, scalable, and secure for the modern enterprise.”

This integration supports Portnox’s broader vision of providing a unified access control platform that meets the security and operational needs of enterprise organizations. As threats to identity and access control continue to evolve, Portnox remains committed to ensuring that its customers can confidently adopt the latest, most secure authentication technologies to protect their critical IT assets.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

10 best network firewall solutions for businesses

Since the first commercial firewall in 1991, network security needs and technology have evolved significantly. While many businesses still use hardware firewalls, the rise of virtual network firewalls has made it easier to achieve the same functionality without the maintenance and complexity of physical firewalls.

Software firewalls offer effective network protection in a simpler, easier-to-manage way compared to hardware options. This article reviews our top 10 picks for software network firewalls to help you choose the best one for your business.

How we chose the best network firewall solutions (in our opinion)

We selected a range of network firewall options, including large enterprise solutions, mid-size businesses with similar features, and smaller companies that may not be as developed but still provide strong functionality. We didn’t go into too many details, but we focused on how well the firewall strengthens network security and how easy it is to set rules relating to the user interface. We also looked at the overall benefits of each firewall vendor and what types of clients they suit. We also considered cost-effectiveness and how comprehensive these solutions are.

We checked reviews and user feedback on sites like Gartner, G2, Reddit, and Capterra. We focused on what users said about cost, performance, next-generation firewalls, feature reliability, and how helpful the support teams were. If we found unusual feedback about a specific firewall provider that users often mention, we included it as well.

Top 10 network firewall solutions, in our opinion

Different solutions suit different business types. Here’s a detailed look at our favorite network firewall solutions available today, listed in no particular order:

  • NordLayer

  • Cato SASE Cloud

  • Fortinet: FortiGate VM

  • Palo Alto VM Series

  • Cloudflare WAF

  • Zscaler Internet Access

  • Appgate SDP

  • Perimeter 81 (Check Point Harmony SASE)

  • Todyl

  • Banyan Security

1. NordLayer

NordLayer

NordLayer is a network security solution that offers secure access to company resources from any location. It helps protect networks, enables remote work, and provides the tools necessary to comply with key regulatory frameworks. Developed by Nord Security, the creators of NordVPN, NordLayer offers a multi-layered defense and features typical of next-generation firewalls (NGFW).

NordLayer enables organizations to implement Firewall as a Service (FWaaS) along with Zero Trust Network Access (ZTNA), and Secure Web Gateway (SWG) principles.

How NordLayer Cloud Firewall works

Five ways NordLayer Cloud Firewall can help:

  1. Prevent data leaks. Network segmentation is key in access control. Without it, data leaks are more likely.

  2. Achieve compliance. Many standards focus on network access control and protection of network and encrypted traffic.

  3. Implement security strategy. Best practices include secure access service edge (SASE), FWaaS, SWG, and ZTNA.

  4. Unify security across hybrid setups. Securing a mix of data centers, cloud, and on-premise systems can be challenging, but NordLayer helps simplify this.

  5. Support hybrid work models. NordLayer strengthens security for remote teams while managing network firewalls across locations.

NordLayer’s flexibility makes it ideal for businesses of all sizes that need scalable network protection. It provides secure internet access, resource protection, and compliance with major cybersecurity regulations.

Apart from Cloud Firewall, NordLayer offers other security features like:

  • Quantum-safe encryption

  • Dedicated servers with Fixed IP

  • Device Posture Security

  • IP allowlisting

  • Web protection (formerly ThreatBlock)

  • DNS filtering

  • NordLynx VPN protocol

  • Browser extension for secure browsing

Benefits:

  • Transparent pricing, starting at $7 per user per month

  • Proactive setup support

  • 24/7 live support with dedicated account managers

  • Direct user feedback influences product development

Drawbacks:

  • Less known compared to other competitors

  • Fewer security features than large enterprise firewall vendors

  • Possible slowdowns with the use of VPN

  • Reducing team size requires reaching out to support

  • Occasional confusion between NordVPN and NordLayer

Disclaimer: This product review is based on information provided on our website, VPN review sites and social networking forums such as Gartner, G2, and TechRadar, as well as customer feedback shared on these platforms, accessed on September 6, 2024.

2. Cato SASE Cloud

Cato SASE Cloud

Cato Networks is an Israeli company that offers Secure Access Service Edge (SASE) technology. The platform combines communication and security in a cloud-based solution. Founded in 2015, Cato Networks now employs over 900 people globally. When it comes to the firewall, users frequently mention that the solution is easy to set up, with straightforward firewall rule management and affordability. It simplifies firewall management and offers features typical of NGFW.

Most mentioned overall product benefits:

  • Comprehensive security features

  • Complete management panel for easy user control

  • Low-latency performance through numerous points of presence (PoPs)

  • Reliable, with no impact on internet speed or application performance

  • Automatic firewall updates

  • Agile and scalable solution

Drawbacks:

  • Can be difficult to implement

  • License costs are high

  • Logs and reports are hard to interpret

  • VPN licenses must be purchased in packs of 10

  • Sometimes the app fails to log in

  • Upgrading bandwidth capacity for a site can be costly

Disclaimer: This product review is based on information provided on the company’s website, VPN review sites and social networking forums such as Gartner and G2, and it assesses customer feedback shared on these platforms, accessed on September 6, 2024.

3. Fortinet: FortiGate VM

FortiGate VM

Fortinet, founded over 20 years ago in Sunnyvale, California, provides cybersecurity solutions for a wide range of users. FortiGate VM—a virtual firewall—offers network protection in private, public, and telco cloud environments. Running on the same OS as FortiGate hardware, it enforces consistent security policies across hybrid setups.

Most mentioned overall product benefits:

  • User-friendly interface

  • Straightforward setup and management of virtual machines

  • Easy integration in virtual environments

  • Works well with multivendor environments, including IaaS and public clouds

Drawbacks:

  • More advanced tutorials or documentation needed

  • Complex configurations

  • Some interface complexities

  • High entry pricing

  • Logging and reporting issues

  • Problems integrating with certain XDR solutions

  • Sizing virtual environments could be clearer

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as G2, and it assesses customer feedback shared on these platforms, accessed on September 6, 2024.

4. Palo Alto VM Series

Palo Alto VM Series

Palo Alto Networks is a multinational cybersecurity company based in Santa Clara, California. Its platform includes advanced network firewalls and cloud-based solutions that cover various aspects of security. The company serves over 70,000 organizations worldwide. Users praise the firewall’s strong security features, ease of use, and flexibility, which are on par with those of on-premises network firewalls.

Most mentioned overall product benefits:

  • Easy deployment

  • Flexible and scalable

  • Effective for disaster recovery

  • Centralized management

  • User-friendly interface

Drawbacks:

  • High pricing

  • Licensing complexity

  • Long upgrade and restart times

  • Documentation could be improved

  • Occasional performance slowdowns

  • Limited integrations with some cloud platforms

  • Resource-intensive solution

Disclaimer: This product review is based on information provided on the company’s website, VPN review sites and social networking forums such as Gartner and G2, as well as customer feedback shared on these platforms, accessed on September 6, 2024.

5. Cloudflare WAF

Cloudflare WAF

Cloudflare is an American company that offers content delivery networks, cloud cybersecurity, DDoS mitigation, and domain services. As of 2024, over 19% of the internet uses it for web security. Its Web Application Firewall (WAF) features managed rulesets that are frequently updated, geolocation blocking, and proxy detection, making it highly effective in preventing man-in-the-middle attacks. Users also note its useful integrations, such as with Azure AD and Google Cloud.

Most mentioned overall product benefits:

  • Easy installation

  • Simple to monitor with actionable features

  • Extremely effective with customizable options

  • User-friendly interface

  • Straightforward to use

Drawbacks:

  • Hard for small businesses to negotiate pricing and add features

  • Limited configurations in the Terraform provider

  • Implementing network-based rules through code is difficult

  • Documentation lacks specific, in-depth configurations

  • Some false positives in traffic blocking, though fixable over time

  • Slow customer support responses

  • Limited flexibility in rate-limiting rules for APIs

  • Load balancing requires an additional license

Disclaimer: This product review is based on information provided on the company’s website, VPN review sites and social networking forums such as Gartner and Reddit, and it assesses customer feedback shared on these platforms, accessed on September 6, 2024.

6. ZScaler Internet Access

Zscaler Internet Access

Established in 2007 and headquartered in California, ZScaler provides a cloud-native Zero Trust Exchange platform that focuses on securing online traffic and controlling access to applications. It offers cloud-based protection against cyber threats and data loss. As for its firewall features, users point out that ZScaler offers a broad range of security tools and flexible options, making it adaptable for cloud-based setups.

Most mentioned overall product benefits:

  • Scalable

  • Consistent and stable connectivity

  • Efficient centralized management for access and security oversight

  • Robust cloud-native infrastructure

  • Intuitive interface for users

  • High-performance security solution

Drawbacks:

  • Complicated migration from traditional VPN to Zero Trust Network Access

  • Steep learning curve for new users

  • URL misclassifications that affect protection measures

  • Disconnects during brief internet interruptions

  • Inadequate API documentation

  • Slow customer service response

  • Lengthy setup and configuration process

  • Confusing pricing structure for features and services

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as Gartner and G2, as well as customer feedback shared on these platforms, accessed on September 6, 2024.

7. Appgate SDP

Appgate SDP

Appgate, founded in 2020 and based in Coral Gables, Florida, provides security solutions for organizations and government agencies. It focuses on Universal Zero Trust Network Access (ZTNA) and fraud protection. As for the firewall functionality, users mention that Appgate SDP is straightforward to manage with helpful troubleshooting documentation.

Most mentioned overall product benefits:

  • Stable performance

  • Fast operation

  • Easy to deploy and manage

  • Clear documentation for troubleshooting

  • Real-time updates based on risk metrics

  • Micro-segmented access to resources

  • Intuitive user interface

Drawbacks:

  • Runs on Ubuntu Server, which is not frequently updated

  • Per-site licensing increases overall costs

  • Slow connection speeds to remote sites

  • Occasional resource reduction despite steady internet bandwidth

  • Complex to configure

  • Limited log management features

  • Dashboard is not very helpful for security monitoring

  • Frequent need to restart due to slow connection despite good internet

  • Insufficient dashboard information for identifying node connectivity issues

  • Centralized management lacks efficiency

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as Gartner and G2, as well as customer feedback shared on these platforms, accessed on September 6, 2024.

8. Check Point Harmony SASE (formerly Perimeter 81)

Check Point Harmony SASE

Check Point Software Technologies offers solutions to protect businesses and governments. Founded in 1993, it employs over 6,000 people and protects more than 100,000 organizations. Check Point Harmony SASE, formerly known as Perimeter 81, combines network and endpoint security for a unified approach. As for the firewall capabilities, users note easy troubleshooting due to log visibility and VPN tunnel stability.

Most mentioned overall product benefits:

  • Smooth migration with easy configuration of necessary features

  • Smart Console is user-friendly and free of software bugs

  • Unified platform integrating network and endpoint security

  • Proactive threat prevention and real-time monitoring

  • Simplified management with enhanced visibility across the IT environment

  • Reliable performance

  • Useful logging activity in the dashboard

Drawbacks:

  • Unable to establish redundant VPN tunnels with cloud environments

  • Support failed to detect misconfiguration, leading to significant downtime

  • Complex initial setup, steep learning curve for new users

  • Integration challenges with third-party vendors

  • High pricing structure

  • Difficulty getting timely technical support

  • Frustration with poor customer service and unresolved issues

  • Issues with overbilling and slow responses from the support team

  • Logging activity is unreliable, with users questioning its accuracy

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as Gartner and G2, as well as customer feedback shared on these platforms, accessed on September 6, 2024.

9. Todyl

Todyl

Founded in 2015 and headquartered in Denver, Colorado, Todyl offers a cybersecurity platform designed for MSPs and MSSPs. The platform provides comprehensive security solutions through a single-agent model, allowing businesses to customize capabilities to meet their needs. Users frequently note that Todyl’s integration and ease of deployment stand out as key features.

Most mentioned overall product benefits:

  • Easy to use

  • Top-notch support

  • Intuitive interface

  • Simple integration and deployment

  • All-in-one solution for clients

  • Centralized logs in the SEIM

  • Flexible licensing options per device and customer

Drawbacks:

  • Simultaneous use with Defender may cause reporting issues

  • Lacks custom gauge creation for dashboards

  • Missing GRC features

  • Setup can sometimes be tricky

  • Occasional bugs with the SGN Connect agent disappearing from the system tray

  • Web filtering can be clumsy

  • Marketing strategies have upset users

  • Platform lacks maturity

  • Connecting to on-premise devices like servers is difficult

  • Site-to-site connection often disconnects

  • Hard to cancel the service

  • Frequent DNS issues and workarounds needed

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as G2 and Reddit, as well as customer feedback shared on these platforms, accessed on September 6, 2024.

10. Banyan Security

Banyan Security

Banyan Security, recently acquired by SonicWall, provides a Zero Trust Network Access (ZTNA) solution focused on securing remote access to applications and resources. It is known for strong visibility and auditing features along with a user-friendly experience.

Most mentioned overall product benefits:

  • Good visibility and auditing features

  • Easy to use

  • More affordable than competitors

Drawbacks:

  • Integration challenges

  • Higher costs for some features

  • False positives in security alerts

  • Some rough edges in the platform

Disclaimer: This product review is based on information provided on VPN review sites and social networking forums such as Gartner, G2, Capterra and Reddit, as well as customer feedback shared on these platforms, accessed on September 6, 2024.

Key features to look for in a firewall

Focus on features that provide strong network protection while meeting the specific needs of your business. The right firewall solution should offer visibility, easy integration, and scalability to ensure nothing gets misconfigured as your company grows:

  1. Visibility and control. A good firewall solution needs to provide deep insight into your network traffic and applications, especially for businesses needing access control to meet regulations. Next-generation firewalls with strong threat intelligence can help you stay compliant.

  2. Easy integrations. Ensure the firewall provider offers solutions that integrate well with your current systems, like deep packet inspection tools or data centers. It should strengthen your overall network security by fitting smoothly with your other security features.

  3. Updates and maintenance. Choose firewall vendors that provide regular updates and proactive product development. Focus on solutions that are frequently updated, well-maintained, and show consistent growth. Providers should offer public release notes, regular updates, and clear communication with customers. It’s crucial to ensure that security features stay current. Automated updates and clear versioning also reduce manual work for IT teams,

  4. Hybrid network support. If your business operates across both on-premises and cloud setups, choose a firewall solution that supports hybrid infrastructures.

  5. Scalability. As your business grows, your firewall solution should scale without significant cost increases. For example, as your setup becomes more complex, you’ll need more firewall rules. It’s wise to check the number of rules included in each plan before purchasing, as the cost difference between plans can sometimes be steep. This helps maintain strong network protection as your infrastructure expands.

When picking a firewall, focus on features that offer strong security and fit your setup. Prioritize solutions with automation features to reduce manual work. It will save time and help manage security across complex infrastructures.

How to choose the best firewall for your business

When picking the right firewall for your company, you need to weigh several important factors:

  1. Security needs. Start by assessing your network security risks. If you’re a larger organization facing more threats, choose a next-generation firewall with a strong intrusion prevention system, advanced threat intelligence, and encryption to protect sensitive data across all layers. Smaller businesses should focus on essential features like packet filtering, malware defense, and network monitoring without overcomplicating the setup. Make sure the firewall solution aligns with the size and complexity of your network to avoid unnecessary costs or gaps in protection.

  2. Ease of use. The firewall should be easy to deploy and manage, especially if your IT resources are limited. Network firewalls with simple, user-friendly interfaces can reduce the time spent on managing network protection. Opt for solutions that offer automation for tasks like network traffic monitoring, deep packet inspection, and access control to save time.

  3. Support. Reliable customer support is crucial when setting up and maintaining a firewall. A firewall vendor that provides 24/7 support ensures issues are resolved quickly, minimizing downtime. If your business uses data centers or hybrid cloud setups, look for a vendor that offers proactive support to avoid misconfigurations and keep your security features running smoothly.

  4. Cost. While the price is important, consider the long-term value. Cheaper options may lack the scalability and advanced features you’ll need as your business grows. Make sure the solution can scale with your business, especially if you expand your data centers or cloud environments, without incurring hefty costs when upgrading.

  5. Compatibility. Ensure the firewall integrates seamlessly with your existing infrastructure, whether it’s cloud services, VPNs, or identity management systems. A firewall that works well with other security tools, such as intrusion prevention systems and threat management platforms, strengthens your overall network security and prevents integration issues.

  6. Performance and scalability. As your business grows and network traffic increases, your firewall must be able to handle the additional load without sacrificing performance. Whether securing sensitive resources or managing remote access, the firewall should maintain consistent network protection and scale efficiently to meet your evolving needs.

Overall, different firewall solutions suit different business needs. Large options like Fortinet and Palo Alto are ideal for enterprises. Mid-sized businesses may find NordLayer or Perimeter 81 effective, while Todyl targets MSPs and MSSPs. Smaller options like Banyan Security fit smaller budgets. Choose based on your security needs and resources.

Disclaimer: The information in this article is provided for informational purposes only. It is based on publicly available third-party reviews, user feedback, and online sources accessed on September 6, 2024, and should not be considered definitive or permanent. While we strive for accuracy and completeness, Nord Security Inc. and its affiliates make no guarantees regarding the information’s accuracy, completeness, or suitability. We do not undertake, warrant, or represent that any product, or its feature, is or will remain publicly regarded as better or worse than other alternatives, serve any purpose, has mentioned features, benefits, strengths, and limitations for any period of time. Product features, pricing, and other details may change, and we advise readers to verify these directly with vendors. We disclaim any liability to any party for any errors, omissions, or actions taken based on this information. The inclusion of competitor products does not imply affiliation or endorsement, and all trademarks mentioned are the property of their respective owners. Readers should conduct their research and seek independent advice before making purchasing decisions.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

What is fileless malware and how to protect yourself

Some forms of malware are more sophisticated than others, using varying methods of compromise or evasion. Examples include ransomware, wipers, viruses, worms…designed to intrude upon unsuspecting digital victims to steal, damage, or destroy their data. 

Fileless malware is one of those types that is highly evasive – only working within a computer’s memory, leaving no physical footprint on its hard drive.

With such a method of execution, does it mean that our devices are left vulnerable? Not quite.

What is fileless malware?

A common way many types of malware families work is that by opening a malicious attachment, you inadvertently enable the code to execute its dark magic, acting without the user’s knowledge.

Consequently, the code can infest different parts of the system, install other payloads such as keyloggers or other spyware, block access to files or apps, display malicious ads, and more. Think of it as a regular program that’s installed on your PC, just acting against your interests.

Fileless malware is a bit different. Instead of being stored on your computer’s drive, it acts maliciously exclusively after being loaded into a computer’s random-access memory (RAM) – except being less visible as it uses legitimate programs to compromise the computer, as opposed to regular malware, which leverages executable files to run itself (needs to be installed). This means that fileless malware is harder to detect since it has no footprint to speak of – it exists entirely in memory.

Essentially, fileless malware manipulates existing processes/tools for its agenda, as opposed to running a separate standalone ‘campaign’, also making it more persistent due to its ability to manipulate system features, abusing and hiding within them.

Did you know? The fileless beginning of viruses

The first computer virus for the PC, the Brain virus, infected floppy diskette boot sectors only, not files. Dating back to 1986, it was followed by many other floppy diskette (and hard disk drive) boot sector infectors like Form, and hard disk drive master boot record infectors like Stoned and Michelangelo. All of these were never contained in any file on the file system of the disk volume, just in system areas of the disk that were normally inaccessible to users, and subsequently in memory, once a system booted from infected media.

But you might ask, “Alright, but I still need to download it somewhere, no?” and you’d be right: in-memory ‘fileless’ malware is still delivered via malicious links or attachments; it’s just that the execution is different – fileless malware wants to evade detection as much as it can.

Examples of fileless malware

A well-known example of the use of fileless malware was within the Astaroth malware campaign (detected by ESET as Guildma), which had been using a fileless method (process injection) to operate an infostealer, originally delivered through a malicious email link. Upon interaction, the malware used legitimate Windows tools such as BITSAdmin, the Alternate Data Streams file attribute, and a utility of Internet Explorer (ExtExport.exe) for defense evasion (through DLL Side-loading).

In essence, it leveraged legitimate system processes and tools to run its code becoming detectable after being run in memory (by ESET as Win32/Spy.Guildma).

Similarly, the Kovter malware family, first detected by ESET Research in 2014, stored its malicious payload encrypted in the Windows registry, considered as fileless persistence. Likewise, GreyEnergy also made sure that some of its modules only ran in memory, hindering detection.

Such malware techniques are problematic for simple endpoint security software that works by scanning files on a system, lacking process or memory scanning capabilities. But this doesn’t mean that they cannot be detected.

Protecting against fileless threats

ESET Endpoint Security’s multilayered product features an Advanced Memory Scanner module, which, combined with our Exploit Blocker, protects against malware designed with evasiveness in mind. Additionally, thanks to different forms of Advanced Machine Learning employed within, detections are fine-tuned to offer the best detection rates.

Only memory scanning can successfully discover active in-memory fileless attacks that lack persistent components in the file system, such as was the case with Astaroth (Guildma) and its use of the Windows toolset.

Furthermore, the ESET Host-based Intrusion Prevention System (HIPS) and its Deep Behavioral Inspection (DBI) use predefined rules to scan for and monitor suspicious behavior related to running processes, files, and registry keys, targeting methods often used by fileless malware to obfuscate its activities. Hence, malware families like Kovter find it hard to hide from ESET Endpoint Security in the Windows registry, since the memory scanner also deals with encrypted threats.

Issue-less

With cybersecurity protections stepping up to protect people against advanced threats such as fileless malware, one thing still needs to be said: Never click on any malicious links or attachments in suspicious emails – even if they are from someone you know and trust.

First, via a different communications medium (e.g., text, phone, or in person for something received in email, etc.), reach out to the apparent sender and verify whether it’s really them who had sent the message, as well as their intent. While this might seem like a bit too much, social engineering has gotten rather complex, and can fool anyone quite easily.

As always, exploiting human error is the best avenue for a compromise, so stay informed by reading our ESET Blogs, WeLiveSecurity, and ESET Research on Twitter (now known as X) to keep ahead of the cyber threat game.

In addition, try our free ESET Cybersecurity Awareness Training to learn how to stay secure at all times.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×