The GFI Blog This blog features discussions regarding several issues that system admins face on a daily basis plus the latest security issues and company news. Click here to access the blog!

White papers

Web Monitoring

	Web security:
	10 steps to effective web security Achieving comprehensive web security is not a trivial task. The threat landscape of the web is complex and ever evolving ... and implementing mechanisms to mitigate threats coming from the various risks is a difficult task.

Monitoring the Web:

It is all about security and nothing but security
Monitoring Web traffic within an organization is not only a major component of the security software and service architecture, but is also an important part of security policy. This white paper examines why organizations not only need to implement clear IT policy to support Web monitoring, they also need to reinforce this with clear training and communication.

Web-based security threats:

How attacks have shifted and what to do about it
As email and web technologies converge, the number of security threats has grown, both in terms of creativity and effectiveness. Web-based threats are proving to be a nightmare for IT administrators and computer users. Although technology helps to counter these threats, a more holistic approach is needed,one that includes strict and enforceable policies as well as a proper awareness program.

	Web reputation:
	How it can help increase your online protection Web reputation is the latest method in use to boost protection against current to future malicious content on the web for those browsing the Internet. Using web reputation, websites are assessed for immediate and potential threats, malicious content and risky characteristics and a score (0 – 100) is given.

Internet use in SMBs:

Towards a comprehensive Internet security strategy for SMBs
Small and medium-sized businesses (SMBs) need a comprehensive Internet security strategy to be able to protect themselves from myriad web-based threats. Defining and implementing such a strategy requires proper preparation, a clear understanding of the technologies and methods that can be adopted, a good user-education program and a proactive approach to security.

Web monitoring:

Why SMBs need to deploy a web monitoring tool
Most organizations today use the Internet to conduct business, giving employees access to what is, without doubt, an essential business tool. However, non-work related Internet use by employees is a common and growing concern for management. One effective way of maintaining comprehensive control is to use a web monitoring and web security solution.

Internet use in organizations:

The importance of an acceptable use policy
In this white paper we examine both the extent of the problem of misuse, and the role the creation and dissemination of an acceptable use policy (AUP) can offer in helping an enterprise avoid unwanted consequences and enabling it to deal with transgressions in a fair and systematic way that will survive legal challenges without reducing employee morale and productivity.

	Web monitoring for employee productivity enhancement:
	Employees both want and don’t want to have their Internet use restricted The key to success in gaining productivity and employee acceptance of the problem is the perception of fairness, clear goals and self-enforcement. Web monitoring is good for business.

	Internet monitoring:
	Not ‘Big Brother’ but ‘wise management’ In an ideal world everything conducted at a business would be related to a business, but that isn’t always the case. Just as the telephone, company car, and photocopier have been used for non-business related matters, so have the Internet and email.

	Social networking at work:
	Thanks, but no thanks? If you own a business would you want your employees to be so keen on social networking that they could be spending unacceptably long periods of time online and chatting? No. And while most employers are willing to close an eye to the occasional quick browse and update, they are more concerned about those who abuse the system.

	To block or not to block:
	Why web filtering is no longer a taboo The way we use the Internet has fundamentally changed in the last 20 years, driven by the introduction of the World Wide Web. The way the web has reshaped how we use the Internet and how we deliver content to users is phenomenal and has far exceeded the original expectations of its creator, Tim Berners-Lee.

Email Archiving

	Archiving technologies:
	Email management, compliance, stubbing and journaling Email archiving is no longer an option for organizations and the key to a successful implementation is choosing the right email archiving technology for that organization.

	Email archiving:
	There’s more to archiving than keeping copies of old emails Email is the lifeblood of modern business, without which productivity and day-to-day communications soon break down. Incidents such as the failure of BlackBerry® maker RIM’s back-end systems which crippled millions of BlackBerry email smartphones serve as an easy reminder of just how important email is today.

	Why organizations need to archive email:
	The underlying reasons why corporate email archiving is important This white paper examines the different methods for deploying and managing email archive solutions in an organization. It also specifies key requirements that any full featured email archiving system should include.

	Compliance with the requirements of GDPdU:
	GFI MailArchiver® 6 complies with GDPdU requirements This white paper examines the different methods for deploying and managing an email archive solution in an organization and specifies the key requirements that a full featured email archiving system should include.

Going beyond Exchange 2010:

Why it pays to have a dedicated email archiving solution
Why do you need a dedicated email archiving solution? If you have migrated to Microsoft® Exchange 2010, would the in-built archiving functionality not suffice? Offloading your email archiving needs to a dedicated, central repository not only results in improved server performance but provides the organization and its users with greater accessibility to email than ever before.

Security scanning and patch management

Patch management:

Fixing vulnerabilities before they are exploited
Managing and administering software updates remains one of the most challenging and resource-intensive tasks an IT Department undertakes on a daily basis. This white paper examines the important role played by patch management to help organizations keep their PC real estate fully up-to-date with the latest security patches, without unduly compromising reliability, productivity, security and data integrity.

PCI DSS compliance:

The payment card industry data security standard and GFI Software™ products
This document outlines what GFI® can do to assist in your achieving PCI DSS compliance. The intent of this document is to provide you with GFI's understanding of the requirements, and how the GFI Software product line (including three of our flagship products: GFI LanGuard®, GFI EventsManager® and GFI EndPointSecurity™) can assist you to meet PCI compliance as outlined in the PCI DSS requirements.

Network fax technology

	Why you need to invest in electronic faxing for your practice
	As technology continues to advance, healthcare professionals are making significant strides in medicine, and expanding the scope of studies related to human health and lifespan. Yet, among physicians and administrators – the fax machine – a decades-old dinosaur, remains a primary means of communication.

	Does your medical practice text? Critical reasons you need to communicate with patients via text messaging
	Once considered a luxury, the mobile phone is now a necessity for daily, hourly and minute-by-minute communication. This is particularly true for healthcare professionals. Many of them, like the patients they treat, keep on-the-go schedules that place the landline phone somewhere between inconvenient and obsolete.

	Virtualized fax servers – why they’re better than an appliance
	Many organizations looking at fax servers consider a hardware appliance to be the easiest way to go. Without research and investigation, this seems to be a good conclusion but when you weigh the pros and cons this is not the case. A virtualized fax server may be a much better choice.

	Faxing in a virtual environment:
	GFI FaxMaker®, helping customers evolve their faxing GFI Software understands the needs of our customers to evolve their faxing to improve efficiency and cost effectiveness. GFI FaxMaker is a world-trusted fax solution that helps you accomplish just that by combining faxing with virtual environments.

	Integrating faxes Into today’s world of healthcare records
	One area in particular is causing some challenges in the push to e-records: faxing This white paper examines the obstacles preventing the move away from fax machines, and the benefits of having a communications system that integrates faxed documents into healthcare systems and solutions.

	GFI FaxMaker helps with HIPAA compliance:
	GFI FaxMaker helps health organizations to address security issues GFI FaxMaker allows for the sending/receiving of faxes via an email client thereby providing a secure vehicle for the distribution and receipt of faxes that contain protected health information (PHI).

	Integrated network faxing is key to improved productivity and information security:
	Network faxing reduces labor costs and increases information security This white paper details how integrated network faxing remains a relevant technology that can give you a business edge in an always competitive marketplace, providing higher productivity and helping you save thousands of dollars in labor costs and more.

	Fax routing:
	An introduction to fax routing A look at how network fax packages are able to determine the right recipient of an incoming fax.

	Sending faxes in real-time over an IP Network:
	How to benefit from fax over internet protocol (FoIP) to send faxes This technical white paper gives an introduction to fax over Internet protocol (FoIP) and explains the various usages and advantages of FoIP including least cost routing (LCR).

Email security: Spam, content checking and antivirus

	Email security in small and medium-sized businesses:
	No organization can afford to operate without an email security strategy The risk landscape is constantly changing with new threats surfacing every day. This white paper looks at email security in small and medium businesses, the solutions available and what features SMBs cannot do without.

Email security:

Why SMBs need an email security strategy
Whether you’re an organization with 50 employees or a global corporation with 50,000, spam and viruses can wreak havoc on your business. SMBs need to make sure they are armed with the best security solutions available – demanding enterprise-class protection paired with fast deployment, ease of management and flexible configuration options. And, all at a price they can afford.

	Email security:
	Hosted or on-premise? Email is at the very core of how we communicate today, and nowhere is this more prevalent than in the workplace. With the broad availability and adoption of broadband, email has quickly risen to supplant both the phone and fax machine as the primary form of day-to-day and legally-binding business communication.

	Email security:
	Cloud vs. on-premise solutions Choosing whether to put your email security in the cloud or host it on premise is a major decision. Hopefully this white paper will help.

	Why one virus engine is not enough:
	Multiple virus engines are needed to reduce time lag between virus outbreak and virus protection This white paper examines why having multiple anti-virus scanners at mail server level substantially reduces the chance of virus infection and explores ways in which this can be achieved.

	Why you need an email exploit detection engine:
	The dangers of email exploits are many This white paper explains what email exploits are, provides examples of common email exploits, and discusses why a non-signature-based approach (in other words, a different approach than just that of a virus engine) is needed to protect against email exploits.

Protecting your network against email threats:

There is a real need for comprehensive server-based email security
This white paper explains why anti-virus software alone is not enough to protect your organization against the current and future onslaught of email viruses and threats. Examining the different kinds of email attacks and issues that threaten today's organizations, this paper describes the need for a solid server-based email security solution to safeguard your network.

	Binary translation:
	Design of x86 emulator for generic unpacking CPU emulation has been used over the years for a multitude of objectives. It allows an application compiled for a specific target platform to be run on a host platform with a completely different or overlapping architecture set.

Greylisting:

Decrease junk mail, increase productivity
The goal of GFI MailEssentials® Online is to improve business productivity by reducing the volume of junk mail. While GFI MailEssentials Online detects a vast majority of today’s junk email, we are continually working on new approaches to combat the increasing sophistication of spammers. Greylisting is one of the ways GFI MailEssentials Online reduces junk mail and saves you time.

	Email continuity:
	Safeguard email communications 24/7 Email is a critical communications tool. Email downtime means a loss of productivity, possible compliance and regulatory issues related to data loss or even lost revenues. Minimizing email downtime is an increasingly important part of an organization’s messaging infrastructure and its disaster prevention and recovery strategy.

	How to block NDR spam:
	A large number of organizations have been victims of NDR spam that has an effect similar to a Distributed Denial of Service on the email system This white paper provides a technical explanation of NDR spam and recommend solutions that can prevent or limit exposure to this kind of unsolicited email.

	How to keep spam off your network:
	What are the features to look for in anti-spam technology? This article defines phishing and identity theft and explains why it is important to protect your users against such attacks.

	Protect your users against phishing attacks:
	Need an introduction to phishing This article defines phishing and identity theft and explains why it is important to protect your users against such attacks.

	Messaging and web security:
	Best practices for 2011 and beyond In an Osterman Research survey conducted during January 2011, decision makers and influencers demonstrated that they are decidedly pessimistic about the future of spam and malware problems for 2011.

	Greylisting – Simple concept, highly effective technique:
	Another tool to reduce the volume of spam hitting a network Greylisting is one technique that can help administrators to reduce the volume of junk email while also saving time that might otherwise be spent reviewing lengthy quarantines and digest messages.

	Email continuity:
	Protecting your business against email downtime Email is a critical communications tool. Email downtime means a loss of productivity, possible compliance and regulatory issues related to data loss, or even lost revenues. Minimizing email downtime is an increasingly important part of an organization’s messaging infrastructure and of its disaster prevention and recovery strategy.

Event log monitoring

	How to configure IBM iSeries event collection with audit and GFI EventsManager®:
	Configuration of IBM iSeries event collection with audit and GFI EventsManager This document explains how to configure and use GFI EventsManager to collect IBM iSeries (formerly AS/400) audit events through Audit, a software tool developed by Raz-Lee.

	SharePoint® event collection:
	How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager This document explains how to configure and use GFI EventsManager to collect Microsoft SharePoint audit events which have been processed by LOGbinder SP in order to make the information more readable and manageable.

	The need for effective event management:
	Challenges, strategies and solutions to effective event management This white paper shows where GFI EventsManager fits in this picture and how it is an invaluable asset in the corporate toolbox.

	How to perform network-wide security event log management:
	Use GFI EventsManager for intrusion detection and essential auditing of security event logs This white paper explains the need to monitor security event logs network-wide and how you can achieve this using GFI LanGuard S.E.L.M. (now GFI EventsManager). It is written by Randy Franklin Smith, author of the in-depth series on the Windows security log in Windows® 2000 & .NET Magazine.

	Deploying GFI EventsManager:
	Calculate the number of instances required to manage your network This technical white paper gives an overview of how GFI EventsManager works and discusses installation and deployment issues while enabling you to calculate the number of GFI EventsManager instances required on your network.

Security

	Top 5 security solutions for SMBs:
	Five security solutions for small and medium businesses and why you need them In this white paper we highlight five technologies that will help protect the organization on every reasonably identifiable front.

	Best practices:
	Strategies for boosting your practice’s information immunity Physicians know how to treat human-borne viruses but are often unprepared to deal with the ones disseminated by computers. These threats, which carry legal, financial and public relations consequences, must be managed effectively to protect your practice and its patients.

Vulnerability management:

Key questions you should be asking
Is vulnerability management critical for a business? Aren’t traditional security tools sufficient to protect and secure the network? Yes, to the first question and a resounding no, to the second! Every system can be made more secure and vulnerability management solutions will not only show where to secure, but how to do it and deliver the patches and updates to achieve it. This whitepaper explains why.

PCI DSS compliance:

	Security and SMBs:
	Security considerations for small- and medium-sized businesses (SMBs) It is never possible to guarantee that a company is totally secure or that a breach will not occur, however implementing the latest tools and providing on-going, end-user education will minimize those risks and allow companies to focus more on growing their business rather than repairing it.

	Security threats for SMBs:
	Security threats are becoming increasingly sophisticated and harder to detect Many small and medium-sized businesses are still unaware of the threats that exist. This guide to security threats for SMBs outlines the most common threats and how they can be dealt with.

	Social networking and security risks:
	As with any new tool or application, it is always important to keep a close watch on its security implications. Each of these tools comes with its own set of security concerns which can put your information systems and/or personal data at risk. This white paper will look at some of these risks and identify possible solutions to help protect you, your personal information and your company data.

Vulnerability management:

Your company’s personal virtual security consultant
Managing a large and growing PC estate is no simple matter, particularly if you are doing it manually. Keeping a close watch on a couple of PCs can be straightforward, and a diligent IT manager will manage to keep such machines fully patched and free of troublesome software. But what happens when your estate grows beyond one or two machines?

Patch management:

	Dynamic threats:
	How to succeed against modern malware Sophisticated malware attacks against government agencies and large organizations are on the rise. They are all too often successful, due to the malware’s ability to slip past traditional security defenses. To combat these modern threats requires swift, comprehensive defense through dynamic malware analysis.

Data backup

	Hybrid technology:
	On-premise vs. cloud-based solutions As the price of storage and bandwidth continues to drop fast, cloud-based services are becoming more and more attractive to small and medium-sized businesses (SMBs) which are seeking to reduce licensing costs, avoid recruiting IT staff and focus fully on their core responsibility - growing the business.

Portable storage and device control

The threats posed by portable storage devices:

Uncontrolled use of iPod®s, USB sticks, PDAs and other devices leave you at risk
In a society where the use of portable storage devices is commonplace, there is a real risk to business. The threat that these devices pose to corporations and organizations is often ignored. This white paper examines the nature of the threat that devices such as iPods, USB sticks, flash drives and PDAs present and the counter-measures that organizations can adopt to eliminate them.

	Managing security in a device driven Windows environment:
	Device driven security GFI Software understands the needs of our customers to evolve their faxing to improve efficiency and cost effectiveness. GFI FaxMaker is a world-trusted fax solution that helps you accomplish just that by combining faxing with virtual environments.

Networking

	Network environments:
	The key to the success of your business Your network environment is one of the keys to the success of your business. Most business people don’t fully believe this, even after long discussions and mounds of evidence to the contrary.

Antivirus

	Cybercriminals and security attacks:
	What your business must know Malware attacks have become increasingly prevalent with more than one million unique malware samples uncovered each month. And with threats on the rise, businesses are starting to question the capabilities of their security infrastructure.

	Hackers don’t discriminate:
	Viruses attack all platform users Historically, few viruses have been written to attack Mac®-based operating systems. But as the popularity of these devices has increased, so has the popularity of Mac-targeted malware. Regardless of whether your organization uses Windows-based PCs or Macs or a mix of both, you need a solution that provides protection for all operating systems.

	Social networking malware:
	The dangers facing SMBs Social networking has changed the way businesses communicate with their customers and partners, with most organizations now incorporating social media into their marketing and communications strategies. Unsurprisingly, the popularity of this new media has also created an influx of social-specific malware.

	Basic security:
	Why purchasing antivirus, anti-spyware and a firewall is a must Paid security solutions offer significantly higher levels of protection, along with far greater value for the money through the inclusion of a broader range of key features tailored for the home user, while supporting parents and offering tools to help protect children from online harm.

	Why Customers Love VIPRE® Business:
	Facts & figures Selecting an antivirus solution for your organization is an important decision. You need to protect your systems but you also need to ensure that the software you choose is cost-effective and easy to maintain.

Increasing performance in enterprise anti-malware software:

Minimize the impact on system performance and user productivity, without sacrificing protection
The ideal antivirus, anti-malware infrastructure should be easy to manage, while minimizing the impact on system performance and user productivity. This series examines the factors that contribute to slow anti-malware performance, the factors to consider when selecting an anti-malware solution, and finally, the best practices for deploying anti-malware products.

Antivirus scanning performance and system resource utilization comparison:

Compare popular products to avoid bloat
IT system administrators need to balance the security requirements of the enterprise with usability of PCs. As the threat landscape evolves, PC security solutions have become resource hungry to the point that the PC becomes unusable during periods of security scanning. Tests show that VIPRE Business endpoint security solution offers better scanning performance with minimal system resource usage.

	When less is more: Why small companies should think outside the(red/yellow) box for protecting endpoints:
	Working with a smaller provider can be a breath of fresh air In their “Sector Insight” research study, Aberdeen Group investigated the considerations small business should take when selecting anti-malware solutions. Read this research paper to learn why Aberdeen recommends small businesses be open to endpoint security solutions from vendors other than McAfee® and Symantec.

Protecting against the new wave of malware:

A new approach to antivirus is necessary
This Osterman Research white paper examines why older, traditional antivirus approaches don't work and why a new approach to endpoint security is required to better protect your users, your data and your long-term viability as a company from malicious threats. Learn about the scope of the malware problem and strategies that can help you defend against evolving malware threats.

VIPRE Business takes a bite out of bloatware:

When it comes to antivirus software, bigger is definitely not better
The remedy to bloatware is a better, more efficient product that is specifically engineered to scan, detect and remove myriad security threats without impacting performance and taking a big bite out of the IT capital expenditure budgets. Learn about the scope of the malware problem and strategies that can help you defend against evolving malware threats.

How to tell if that pop-up window is offering you a rogue anti-malware product

Beware of unexpected pop-ups asking you to install antivirus software
Rogue anti-malware products are a bane for every Internet user, especially those who have little or no technical knowhow. These are hundreds of scare ware ‘products’ on the Internet. This white paper examines this type of scam, explains how they work, what to look out for and how to prevent your computer from being infected.