EDR solutions ensure an organization's endpoints are running properly by monitoring and troubleshooting tech on the network. Compare the top tools now.
Bitwarden vs Dashlane: Comparing Password Managers
Password managers store and encrypt passwords, making it easy to create, manage, and auto-fill credentials across devices. Compare Bitwarden vs. Dashlane here.
Bitwarden vs Dashlane: Comparing Password Managers
Password managers store and encrypt passwords, making it easy to create, manage, and auto-fill credentials across devices. Compare Bitwarden vs. Dashlane here.
What Is EDR in Cyber Security: Overview & Capabilities
EDR (Endpoint Detection and Response) is a security solution that monitors, detects, and responds to threats on endpoint devices, ensuring quick threat mitigation.
Bitdefender vs. McAfee: Comparing Features, Pricing, Pros & Cons
Read our experts' comparison of Bitdefender vs McAfee in 2024. Explore features, pricing, pros, and cons to choose the best antivirus solution for your needs.
EDR vs EPP vs Antivirus: Comparing Endpoint Protection Solutions
Antivirus, EDR, and EPPs are endpoint security products that protect users from cyberthreats. Read now to understand how they differ and which is best.
Kubernetes security best practices include using RBAC for access control, enforcing network policies, regularly updating components, and more. Read our guide here.
Security professionals heavily rely on penetration testing tools for network security. Review and compare 23 of the best open-source pen testing tools.
How to Use A Password Manager: Setup, Benefits & Best Practices
Learning how to use a password manager can enhance your online security. Read our guide now to learn how to store & manage passwords more efficiently now.
5 Best Cybersecurity Certifications to Get in 2025
Boost your career and job security with a cybersecurity certificate. Gain in-demand skills, access to high-paying roles, and protect vital information.
IT Security Policy: Importance, Best Practices, & Top Benefits
IT security policies are essential to get right. Discover their importance and benefits. Learn best practices for safeguarding your organization's network.
Cybersecurity laws and regulations enhance security, protect individuals' information, and ensure organizations manage threats effectively. Stay up to date here.
EDR solutions ensure an organization's endpoints are running properly by monitoring and troubleshooting tech on the network. Compare the top tools now.
Bitwarden vs Dashlane: Comparing Password Managers
Password managers store and encrypt passwords, making it easy to create, manage, and auto-fill credentials across devices. Compare Bitwarden vs. Dashlane here.
Bitwarden vs Dashlane: Comparing Password Managers
Password managers store and encrypt passwords, making it easy to create, manage, and auto-fill credentials across devices. Compare Bitwarden vs. Dashlane here.
What Is EDR in Cyber Security: Overview & Capabilities
EDR (Endpoint Detection and Response) is a security solution that monitors, detects, and responds to threats on endpoint devices, ensuring quick threat mitigation.
Bitdefender vs. McAfee: Comparing Features, Pricing, Pros & Cons
Read our experts' comparison of Bitdefender vs McAfee in 2024. Explore features, pricing, pros, and cons to choose the best antivirus solution for your needs.
EDR vs EPP vs Antivirus: Comparing Endpoint Protection Solutions
Antivirus, EDR, and EPPs are endpoint security products that protect users from cyberthreats. Read now to understand how they differ and which is best.
Kubernetes security best practices include using RBAC for access control, enforcing network policies, regularly updating components, and more. Read our guide here.
Security professionals heavily rely on penetration testing tools for network security. Review and compare 23 of the best open-source pen testing tools.
How to Use A Password Manager: Setup, Benefits & Best Practices
Learning how to use a password manager can enhance your online security. Read our guide now to learn how to store & manage passwords more efficiently now.
5 Best Cybersecurity Certifications to Get in 2025
Boost your career and job security with a cybersecurity certificate. Gain in-demand skills, access to high-paying roles, and protect vital information.
IT Security Policy: Importance, Best Practices, & Top Benefits
IT security policies are essential to get right. Discover their importance and benefits. Learn best practices for safeguarding your organization's network.
Cybersecurity laws and regulations enhance security, protect individuals' information, and ensure organizations manage threats effectively. Stay up to date here.
34 Most Common Types of Network Security Solutions
Whether you’re operating a global enterprise network or a small family business, your network’s security needs to be optimized with tools, teams, and processes to protect customer data and valuable business assets. Network security is an umbrella term for all facets of your network’s cybersecurity posture, with an emphasis on developing and using policies, procedures, […]
eSecurity Planet content and product recommendations are
editorially independent. We may make money when you click on links
to our partners.
Learn More
Whether you’re operating a global enterprise network or a small family business, your network’s security needs to be optimized with tools, teams, and processes to protect customer data and valuable business assets.
Network security is an umbrella term for all facets of your network’s cybersecurity posture, with an emphasis on developing and using policies, procedures, best practices and tools that safeguard every piece of your network’s overall infrastructure.
Networks are complex and connect to a number of critical components — software, applications, databases, and various types of endpoints — that don’t all operate the same way, making it a complicated challenge to keep threats off the network.
One key to creating an effective cybersecurity plan of action and support system is to consider what security solution works best for each part of your network. Network security threats and breaches are on the rise, but a diversified security solutions stack — also known as “defense in depth” — can help your team maintain visibility and get ahead of threats before they spiral out of control.
In this guide, we’ll walk you through some of the most common types of network security protections, how they work, and the top products and services to consider in each category. Many of these tools protect resources connected to networks, thus shutting down threats as early as possible.
A wide range of tools and services designed to protect cloud data, applications, and other unique components of a cloud environment, including cloud access security broker (CASB) tools
Tools that offer features to manage third-party risk and compliance in ERPs, CRMs, supply chain software, and other types of software that third parties often access
Fake network assets that can draw the attention of hackers and alert security teams to their presence
Vulnerability Scanning and Management
Vulnerability scanning is a process, often handled by software with automated workflows, that scans for security vulnerabilities and identifies potential areas for improvement across a network. It is one component of the greater vulnerability management framework.
Vulnerability management as a whole is a security management life cycle that focuses on scanning a network to develop an asset inventory, identifying and prioritizing security risks, taking steps to correct or mitigate those risks, and reporting on results and next steps in the process. Vulnerability management is handled not only by cybersecurity and IT teams but by cross-functional teams that understand how assets are used across the organization.
At the most basic level, threat detection strategies and tools monitor networks for suspicious and anomalous activity. From there, these tools send alerts to security teams if and when risks are identified.
A growing segment of companies is turning to more advanced threat detection solutions like threat intelligence platforms (TIPs). These platforms make it possible for security teams to analyze consolidated threat feeds from various external alerts and log events. TIPs contextualize these threats, offering security teams more information, usually at a faster rate than vendor threat feeds.
Threat intelligence platforms are often confused with security information and event management (SIEM) solutions; however, SIEM is best suited for managing internal event logs while TIP is best for external threat feeds and alerts. For best results, threat intelligence platforms are typically used in combination with SIEM and log management solutions.
Network access control (NAC) solutions make it possible for network administrators to create security, compliance, and usage policies and enforce them across all users and devices in the network. NAC solutions are particularly effective for organizations that need to adhere to strict compliance standards or protect extremely sensitive data.
Network access control is also helpful for organizations with a variety of user and device types that require different levels of access. A good NAC solution helps administrators to set and enforce policies not only based on device or user but also on asset type and location.
Network access control solutions should do the following:
Offer clear requirements for security configuration and administration
Provide and execute on next steps for endpoints that fall out of compliance
Support administrative access management for guest access, blocks, quarantines, and other special cases
Conduct baseline assessments of new endpoints that attempt to connect with the network
Extended detection and response (XDR) solutions offer more advanced and integrated security capabilities than most other threat detection and response technologies. XDR is often considered an evolution of EDR, moving beyond endpoint data analysis and threat response to look at telemetry data across clouds, applications, servers, third-party resources, and other network components. XDR solutions typically incorporate features and functions from these other types of security tools:
Endpoint detection and response (EDR)
Managed detection and response (MDR)
Network detection and response (NDR)
Security information and event management (SIEM)
Security orchestration, automation, and response (SOAR)
User and entity behavior analytics (UEBA)
Holistic network-based threat detection and response and automated consolidation of all sorts of data are trademark features that make XDR a more comprehensive threat management solution. With faster response times, a more centralized platform, and artificial intelligence-powered workflows, many companies select XDR tools to optimize or go beyond what their SIEM and UEBA tools can do.
Endpoint detection and response (EDR) platforms are solutions that centralize many aspects of threat monitoring and response in one platform. With EDR’s focus on endpoint security, this type of software monitors behavior on all kinds of end-user devices and other endpoints continuously and in real time, giving security teams the data analytics and resources they need to contextualize and solve security problems.
In many cases, EDR solutions include other types of network security in their platform, including vulnerability monitoring and threat intelligence. EDR platforms pair well with other types of detection and response tools; while EDR focuses on securing endpoints like computers and servers, network detection and response tools focus on network traffic security via packet data analysis.
Network detection and response (NDR) is a cybersecurity solution that is quickly growing in popularity. Building on network traffic analysis (NTA), NDR relies on machine learning, artificial intelligence, advanced analytics, and automation to identify and respond to different kinds of security threats. Unlike EDR, NDR focuses less on actual devices and more on network traffic behavior analysis via packet data. Its use of AI and ML makes it possible for security teams to detect emerging threats like signature-less attacks.
NDR solutions are designed to integrate well with the rest of your cybersecurity solutions stack. Other types of network security solutions that often integrate with NDR include:
Endpoint detection and response (EDR)
Next-generation firewalls (NGFW)
Security information and event management (SIEM)
Security orchestration, automation, and response (SOAR)
Managed detection and response is a managed service option for companies that either don’t have the resources, the budget, or the in-house expertise to manage security effectively. MDR services give smaller organizations the equivalent of a security operations center (SOC) to help with threat detection and response, and these services can also help with processes, procedures, and best practices. Managed investigation and remediation, threat hunting, patch implementation and management, and compliance management are some of the specialized support services that MDR vendors frequently offer.
MDRs are similar to managed security service providers (MSSPs). However, MSSPs usually only handle baseline threat monitoring and alerts, while MDRs go steps further to handle investigation and response as well.
Full disk encryption, sometimes called whole disk encryption, is a data encryption approach for both hardware and software that involves encrypting all disk data, including system files and programs. As soon as data is added to a fully encrypted disk, it will remain encrypted until an authorized user accesses the disk.
Full disk encryption is most valuable for organizations that work with a lot of sensitive data that’s constantly changing. Instead of having to remember and follow specific steps to encrypt each folder or group of folders as they’re added to a disk, full disk encryption ensures even temporary files are protected against unauthorized access. Many organizations choose to implement full disk encryption when a large number of employees or other users access sensitive data on mobile or other portable devices that could more easily be lost or stolen.
A more fine-grained approach is file-based encryption, which can maintain protection even as that data travels across a network or cloud, and end-to-end encryption solutions can protect email, applications and databases too.
Breach and attack simulation (BAS) solutions share some similarities with vulnerability management and penetration testing solutions. However, they offer more than these security tools, with automated, continuous testing and automated breach simulation at their core.
With BAS’s simulation of advanced persistent threats (APTs), companies can continually practice and prepare for different kinds of security incidents and breaches. BAS works in the background of daily operations and is frequently automated with artificial intelligence and machine learning. The automated, continuous format of BAS makes it a great option for companies that are interested in detecting the latest threats to enterprise security.
Penetration testing is a tried-and-true method of cyber attack simulation. Unlike vulnerability management, which focuses on targeting and improving upon perceived threat landscapes, pen testing is the process of ethically simulating an actual attack under real-world conditions.
Traditionally, companies have brought in third parties to conduct penetration tests, but a growing number of companies are investing in penetration testing tools and teams that help them to conduct tests on their own, as regularly and in-depth as they please. Companies that have in-house cybersecurity experts and hackers can create red teams of hypothetical hackers and use these tools to set their own rules, test different threats, and assess what improvements need to be made.
Penetration testing tools are great resources for identifying threats, but they don’t usually include enough features or functions to remediate those vulnerabilities. That’s why penetration testing tools are most often used in conjunction with other cybersecurity tools, such as BAS, vulnerability management, patch management, and IT asset management tools.
Next-generation firewalls (NGFWs) move beyond the traditional perimeter of a network to provide protections at the application layer of the TCP/IP stack. This means that application- and user identity-based access and blocking are possible no matter the port or protocol. With an NGFW, cybersecurity administrators can create highly specific rules about what users and devices can access each part of the network.
Expanding beyond traditional firewall expectations, the average NGFW solution includes the following features and capabilities:
A web application firewall (WAF) is like a more granularly focused next-generation firewall. Instead of providing firewall protections across all kinds of network components, software, and user types, WAFs are dedicated firewalls that protect against web-based attacks for specific web applications. These solutions provide Layer 7 protection and are often positioned between a traditional firewall and a web or application server.
WAFs are often used in combination with NGFWs and, in many cases, modern NGFW solutions include WAF capabilities. Advanced features to look for in WAF solutions include threat intelligence, intrusion prevention, and load balancing.
Identity and access management (IAM) solutions make it possible for security professionals and network administrators to more easily manage user credentials and access to different parts of the network, including cloud environments and SaaS applications. Smaller organizations may not need the advanced management capabilities that come with IAM solutions, but for bigger organizations that are globally distributed and/or managing remote workforces, IAM makes it easier to establish and enforce user-based access and permissions across the network.
As IAM tools continue to evolve, they are increasingly being leveraged for improved zero trust protections and SASE policy enforcement. IAM is also frequently used to manage third-party and customer access to an organization’s corporate resources.
Cloud security is a broad network security strategy that focuses on protecting applications, cloud data storage setups, and other unique features of a cloud computing environment. Many other solutions included on this list — such as SASE, IAM, and DLP tools — are considered important parts of a cloud security solution stack.
One of the most important cloud security solutions to invest in is a cloud access security broker (CASB). These software solutions enforce specified security policies for users each time they access a cloud-based resource. Some of the most common features included in CASB are:
Intrusion detection and prevention system (IDPS) solutions combine the functions of intrusion detection systems (IDS) and intrusion prevention systems (IPS), ensuring that a singular technology is capable of identifying and blocking unauthorized or otherwise threatening network traffic. Examples of threatening traffic that IDPS solutions can combat include network intrusions, DDoS attacks, malware, and socially engineered attacks.
Digital forensics software (DFS) is a type of security software that is used to compile evidence of cyber crimes in the case of a security incident investigation. These tools support data streamlining and filtering across network technologies and applications, consolidating and uniting data evidence across IoT devices, mobile devices, email and SaaS applications, and other endpoints.
With DFS, relevant data can quickly be sorted through and brought to light for investigative purposes. Although not every organization will want or need digital forensics software, especially if they have not suffered from a recent breach or other security incidents, this type of technology is incredibly valuable for organizations that need to quickly and effectively sort through their network to make their case against a malicious actor.
Distributed denial of service (DDoS) attacks are attempts by malicious actors to bar authorized users from their usual access to a device or network resource; these attacks are typically instigated by overwhelming the target system with large amounts of traffic that disrupt regular traffic patterns.
DDoS protection services are offered by third-party vendors to combat these types of attacks. Some of their most common strategies or methodologies include the following:
Clean pipe method: All traffic is forced to move through a decontamination pipeline so malicious or anomalous traffic can be separated from regular traffic and blocked.
Content delivery network (CDN) dilution: Distributed networks are used in combination with each other, meaning users receive content from the server that is closest to them rather than the initial server that received the request.
TCP/UDP proxy protection: A similar approach to CDN dilution, but for services, like gaming and email platforms, that use specialized protocols.
Rootkit scanners and removal kits are software solutions that can detect rootkits, incredibly stealthy types of malware used for OS-level attacks, through system scanning. Rootkit scanners tend to be some of the most inexpensive security solutions on the market; many are even free. However, few businesses beyond SMBs will want to rely on rootkit scanners, as their scope is small. Rootkit scanning solutions are best suited for personal devices and programs, while antimalware, antivirus, EDR, and XDR tend to be more effective at identifying and responding to malware on a business scale.
Virtual private networks (VPNs) have long been used to protect and regulate user traffic for private networks on public channels. With a VPN, users can securely access their enterprise network from various locations and devices; VPNs encrypt the private network’s data via various tunneling protocols to decrease the chances of a third-party attack on the public network.
Container security solutions are designed to enhance the native security that container platforms like Docker and Kubernetes already offer. Because virtually any kind of third-party application or software can run in a container, containers can fall prey to vulnerabilities that reside in each of those applications.
Container-specific security solutions offer features like image and vulnerability scanning, threat detection, runtime and network security, DevOps and SIEM integration, incident response, forensics, and compliance support to identify problems that plague each container and lessen the impact of less-secure applications.
Most important for highly regulated industries or global regions, governance, risk, and compliance (GRC) solutions are incredibly helpful for organizations that need to understand and apply regulatory expectations to their network’s various data sets. This kind of software helps companies to clearly define policies and how they relate to compliance postures. It also helps organizations to organize and assess data for vulnerabilities and determine an appropriate response plan in the case of a data breach.
Security information and event management (SIEM) technology is used to compile event data logs from a network’s various devices, applications, software, and endpoints. This unification of various data logs makes it possible for security teams to look at a single source of truth when identifying and responding to security threats.
In many cases, SIEM tools include the features or functions of these other types of cybersecurity tools:
Intrusion detection and prevention systems (IDPS)
Endpoint detection and response (EDR)
User and entity behavior analytics (UEBA)
Digital forensics software (DFS)
SIEM also frequently integrates with IAM, threat intelligence, and SOAR solutions for more comprehensive threat response.
Security Information and Event Management Product Guide
As a concept and framework, Zero Trust requires that all users and devices are regularly authenticated and re-authorized before accessing any part of the network. Within this framework are requirements to minimize lateral movement and impact in breach scenarios as well as data collection and response requirements.
Zero trust software is an umbrella term for software solutions that help to enforce these Zero Trust framework rules. While some zero trust solutions offer a holistic platform for zero trust management, others focus on certain aspects of zero trust security, such as identity security, infrastructure security, data security, network visibility and analytics, or automation.
Sometimes included as part of a SIEM, XDR or other security solution, user entity and behavior analytics (UEBA) software is an analytics solution that uses machine learning to identify unusual network activity and behavior patterns that could indicate an emanate attack. UEBA shares some similarities with intrusion prevention and detection systems. However, IDPS solutions typically do not have the in-depth analytics that UEBAs do. With AI/ML as its backbone, UEBA is particularly helpful for identifying and responding to new kinds of security threats in real time.
Third-party risk management (TPRM), sometimes called vendor risk management (VRM), is the group of processes organizations rely on to protect their data and ensure compliant usage from third parties. In many organizations, third-party consultants and service providers regularly access CRMs, ERPs, and other kinds of software that contain sensitive product and customer data. Because each of these organizations will have a different security posture and standard procedures, third parties inherently expose organizations to additional unknown risks.
With TPRM software, organizations can enforce their own policies across all third-party users and assess third-party risks across their network. TPRM software frequently includes built-in compliance support for internal policy and external mandate management, continuous threat monitoring across all users, processes and templates, and risk monitoring and exposure reports.
Password management software is designed to securely store individual user, team, and organizational credentials in a centralized, encrypted password vault. Users can only access this vault if they have the right master password and/or if they are able to pass through multi-factor authentication.
As a baseline, password managers store passwords in a single place, but most of these tools do much more than that. They make it possible to securely share credentials with other users in the organization, help you generate stronger passwords, offer account recovery options, and alert administrators if unusual behavior is detected.
Cyber insurance is a fast-growing type of liability insurance, most often purchased by organizations that need to protect highly sensitive customer data. This type of insurance supports organizations in cyber risk management and security incident prevention, data recovery, and incident response — especially when it comes to communicating with impacted customers. In worst-case scenarios, these firms should cover your business if you’re impacted by a data breach that leaks sensitive information and leads to fines and legal fees.
Antivirus and anti-malware software are both used to combat malicious code and software that infects computers and other network components. Although the terms are more or less interchangeable, antivirus-branded products sometimes focus more on longtime threats, like Trojans and worms, while anti-malware focuses on emerging threats.
In many cases, antivirus protection is included as part of a greater cybersecurity suite of solutions, such as EDR or XDR. Although you can still purchase antivirus solutions singularly for your organization, this type of security is better suited for individual users rather than multi-user networks.
Data loss prevention (DLP) tools give organizations the ability to organize data and institute additional protections for sensitive data that falls under certain regulations and compliance requirements. With DLP, organizations can increase their visibility over all data assets in a network — but especially over the most sensitive ones — and create policies and standard procedures based on data type. Spotting insider threats and malicious activity are some of their key functions. Data labeling and classification, as well as anomalous behavior detection and blocking, are two of the most common features of DLP solutions.
Network microsegmentation is a strategy for limiting the lateral movement and damage a malicious actor can do if they manage to breach your network. With microsegmentation, the most sensitive parts of a network are roped off with stricter policies, often with zero-trust architecture and identity and access management protections in place. In theory, only authorized users and role types can access these parts of the network, even during security crises.
Microsegmentation software includes features such as application and workload identification; compatibility with servers, laptops, IoT, mobile, and other types of endpoints; and automated deployment and configuration for new features and security policies.
Secure access service edge (SASE) technology is one of the newest and most comprehensive forms of cybersecurity. It is an integrated approach to end-to-end security services, offering enterprise networks a way to manage secure access to the cloud, private applications, and the web all at once.
SASE is usually delivered as a cloud computing service directly to individual users and devices, though the service provider and administrators maintain control over security permissions. The idea is that SASE upholds high levels of security while also giving users on-demand, continuous access to the SaaS applications and other parts of the network they need to access regularly.
SASE works based on an SD-WAN functional framework. It incorporates many of the functions and best practices found in zero trust software, CASB, firewalls, VPNs, gateways, and microsegmentation software.
Secure Access Service Edge Product and Vendor Guides
Security Orchestration, Automation, and Response (SOAR)
Security orchestration, automation, and response (SOAR) solutions rely on automated incident response and task management to address network security threats. SOAR software often pulls alert data from SIEM and other cybersecurity technologies to help it assess threats and determine appropriate responses. If your organization’s response time to security incidents gets bogged down by inefficient manual tasks, SOAR can help to increase data visibility, improve processes, and identify manual tasks that can be automated.
Security Orchestration, Automation, and Response Product Guide
Unified threat management (UTM) combines many of the cybersecurity functions and tools small and midsize businesses need most, typically in a hardware appliance. Firewalls, intrusion detection and prevention systems, remote access management solutions, and secure gateways are some of the most common features found in a UTM product.
Some UTM solutions have rebranded themselves as next-generation firewalls. However, while UTM solutions and NGFWs share many similarities, they are still two distinct security options. Unified threat management solutions tend to offer a wider range of functions, such as email security, data loss protection, and antivirus software, just on a smaller scale. NGFWs focus on a narrower set of network detection goals with greater complexities; they tend to be a better fit for larger organizations that need to monitor and manage greater network traffic.
Deception technology is an increasingly important defensive security technology that tries to lure hackers with attractive but fake network assets, such as applications or servers that appear to contain critically important data. Sometimes referred to as honeypots or honeytokens, it’s a great way for security teams to discover hackers before they do real damage.
Networks don’t look the same as they did even a few years ago. No longer are organizations concerned with simply protecting desktop computers and SQL databases. Now, IoT devices, SaaS applications, employee mobile devices, data warehouses and data lakes, cloud and edge solutions, and a number of emerging technologies complicate the network landscape.
Cybersecurity vendors have kept up with these changing network designs and now offer an ever-growing number of security solutions for different industries, company sizes, budgets, data and compliance requirements, and network formats. Today’s issue isn’t necessarily finding a “good” network security solution; rather, it’s sorting through all of the available options to find the right tool combination for your business.
For many businesses, it’s smartest to select a more comprehensive cybersecurity option, such as an XDR or SASE solution. These products and services may appear to cost more or look more complex to manage; however, their holistic approach can significantly decrease your cybersecurity tool sprawl, ultimately making them more cost-effective and easier to manage than many one-off solutions.
Shelby Hiter is a former eSecurity Planet writer specializing in B2B technology and cybersecurity. She has also written and edited for TechRepublic, LinuxToday, Webopedia, SoftwarePundit, Datamation, Enterprise Networking Planet, CIO Insight, AllBusiness.com, and SiteProNews. Beyond content strategy and writing, she specializes in marketing and communication strategies and the occasional photo collage of her dog.
eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.
Advertiser Disclosure: Some of the products that appear on
this site are from companies from which TechnologyAdvice
receives compensation. This compensation may impact how and
where products appear on this site including, for example,
the order in which they appear. TechnologyAdvice does not
include all companies or all types of products available in
the marketplace.
