NAC
(21)
Risk Management: Bridging Policies and Procedures - Fundamental Security Concepts
[ Source: Global Knowledge ]
October 2008-One thing that security professionals know is that security is about processes, not about the technology. The key to security is to match the technology to the process, but you have to know the process first. Policies and procedures are the requirements, and risk management is the bridge between the two. Collectively, they are the road maps that lead to effective and efficient security designs. This white paper covers the basics of risk management in ....
Protecting Against the New Wave of Malware
[ Source: Sunbelt Software ]
September 2008-Managing threats to the endpoint infrastructure is becoming increasingly difficult for most organizations regardless of their size. Viruses, worms, spyware and other forms of malware are becoming more virulent, their authors are becoming more adept at getting around existing defenses, and the profits generated by malware are funding new and more dangerous threats.
At the same time, many anti-virus, anti-spyware and other anti-malware defenses are not keeping up with the growing threats ....
Trends in Information Security: A CompTIA Analysis of IT Security and the Workforce
[ Source: CompTIA ]
September 2008-As global trends of workforce mobility and decentralization put a greater strain on IT security infrastructure, it is becoming increasingly more complex for corporate IT departments to safeguard information. More than ever before, firms are using diverse devices to exchange information faster and over longer distances, and the growing use of technologies supporting this trend - such as handheld devices or voice over IP – gives rise to new risks. As a result, corporate IT ....
Fast-Start Failover Best Practices: Oracle Data Guard 10g Release 2
[ Source: Oracle ]
January 2008-Fast-Start Failover is an Oracle Data Guard 10g Release 2 feature that mechanically and reliably fails over to an elected, synchronized standby database in the event of loss of the manufacture database, without requiring manual intervention to execute the failover. In addition, following a fast-start failover, the original production database is automatically reconfigured as a new standby database upon reconnection to the configuration. This white paper explains Fast-Start Failover and describes Maximum Availability Architecture (MAA) ....
Vulnerability Management for Dummies
[ Source: Qualys ]
May 2008-As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk.
"Vulnerability Management for Dummies" arms you with the facts and shows you how to implement a successful Vulnerability Management program. Whether your network consists of just a handful of computers or thousands of servers distributed around the world, this book ....
ThinkVantage Security Strategy and Client Security Solution 6.0
[ Source: IBM ]
January 2008-This paper published by IBM describes ThinkVantage security strategy and the roll that Client Security Solution 6.0 plays in that strategy. The ThinkVantage security strategy is to provide a complementary set of security features as value add to ThinkPad notebooks and ThinkCentre desktops. The purpose of this set of security features is to enable customers to implement a layered defense security model on PCs.
The Effectiveness of Security Policies
[ Source: IronPort Systems ]
November 2008-This set of findings from a security study on data leakage revealed that many companies do not have security policies and that security policies that are in place are often ineffective. This analysis provides additional justification for the initial survey findings, which reported that employees around the world are putting corporate and personal data at risk.
The survey included more than 2000 employees and information technology professionals in 10 countries that Cisco selected because ....
Data Backup and Compliance: Three Reasons to Get It Right
[ Source: Remote Backup Systems ]
January 2008-Fortune 500 companies have been vilified for reckless data stewardship and fabrication of financial reports. Corporate America, already under varying degrees of competitive and performance pressure, is now faced with compliance legislation and disclosure requirements that seek to right some of wrongs done to consumers, investors, and employees alike. Access and process controls, internal and third party audits, reporting requirements and penalties for non-compliance are just a few of the areas that will be addressed ....
NAC 2.0: A New Model For a More Secure Future
[ Source: Sophos ]
September 2008-As organizations turn to network access control (NAC) technologies to protect their networks and data, the flaws of earlier versions of NAC are becoming apparent. New pressures from a constantly changing threat environment and an increasingly mobile workforce require a new NAC model that will offer more finely controlled network access, an increased agility of response, and a better focus on network, desktop, and security operations. This paper looks at where NAC 1.0 went wrong ....
The Case for Security Information and Event Management (SIEM) in Proactive Network Defense
[ Source: TriGeo Network Security ]
January 2008-It’s widely accepted that Security Information and Event Management (SIEM) systems are excellent tools for regulatory compliance, log management and analysis, trouble-shooting and forensic analysis. What’s surprising to many is that this technology can play a significant role in actively defending networks. This whitepaper explains precisely how real-time analysis, combined with in-memory correlation, and automated notification and remediation capabilities can provide unprecedented network visibility, security and control.
Towards Automated Provisioning of Secure Virtualized Networks
[ Source: Association for Computing Machinery ]
January 2008-
This paper from Hewlett-Packard describes a secure network virtualization framework that helps realize the abstraction of Trusted Virtual Domains (TVDs), a security-enhanced variant of virtualized network zones. The framework allows groups of related virtual machines running on separate physical machines to be connected together as though they were on their own separate network fabric and, at the same time, helps enforce cross-group security requirements such as isolation, confidentiality, security, and information flow control. The framework ....
Network Access Control, Part II
[ Source: InformationWeek ]
June 2007-
Compliance initiatives are driving deployments of network access control, but which system is best? Many vendors, both new and established, are offering NAC solutions. Finding a product that meets an organization's needs may be daunting given the number of options, but a fit is out there. This report analyzes enterprise use of NAC, based on the authors' expertise and market knowledge, as well as NWC polls of members of the IT community.
This ....
Fritz Nelson and Lenny Heyman brag about what's cool at Interop 2007
[ Source: TechWeb TV ]
June 2008-
Fritz Nelson and Lenny Heyman discuss the coolness that will be Interop 2007.
NAC 2.0: A New Model For a More Secure Future
[ Source: Sophos ]
September 2008-
As organizations turn to network access control (NAC) technologies to protect their networks and data, the flaws of earlier versions of NAC are becoming apparent. New pressures from a constantly changing threat environment and an increasingly mobile workforce require a new NAC model that will offer more finely controlled network access, an increased agility of response, and a better focus on network, desktop, and security operations. This paper looks at where NAC 1.0 went wrong ....
Stopping Data Leakage: Exploiting Your Existing Security Investment
[ Source: Sophos ]
September 2008-
As attitudes to work and information continue to evolve away from those of the past, organizations are become more aware of the acute need to control the information that flows into, through and out of their networks. This paper demonstrates the need for a high-profile acceptable use policy to prevent data leakage, gives practical guidance on how to use current investments in IT security technologies at the gateway and endpoint to support this policy, and ....
NAC at the Endpoint: Control Your Network Through Device Compliance
[ Source: Sophos ]
May 2008-
Protecting IT networks used to be a straightforward case of encircling computers and servers with a firewall and ensuring that all traffic passed through just one gateway. However, the increase in mobile workers, numbers and type of device and the amount of non-employees requiring network access, has led to a dissolving of that network perimeter. Access requests can come from anyone and anywhere, which is why organizations are turning to network access control (NAC) technologies. ....
Network Access Control, Part II
[ Source: InformationWeek ]
June 2007-
Compliance initiatives are driving deployments of network access control, but which system is best? Many vendors, both new and established, are offering NAC solutions. Finding a product that meets an organization's needs may be daunting given the number of options, but a fit is out there. This report analyzes enterprise use of NAC, based on the authors' expertise and market knowledge, as well as NWC polls of members of the IT community.
This ....
Host Intrusion Prevention Tech Report
[ Source: InformationWeek ]
October 2006-
Examine the emergence and impact of Host Intrusion Prevention Systems in this exclusive report. This exhaustive analysis takes an in-depth look at HIPS and its claim as the future of endpoint protection and the heir-apparent of antivirus technology.
The report examines the role of Host Intrusion Prevention Systems in the enterprise, based on analyst Don MacVittie's product expertise and market knowledge. In addition, the results of an extensive survey provides perspective from the ....
The Next Generation of Web Access Management
[ Source: P2 Security ]
March 2008-
A large financial institution was looking for a way to reduce expenditures related to its existing Web Access Management (WAM) solution. The company had implemented WAM to protect online access to the critical financial information of its 500,000 users. However, following deployment, the company found that maintaining and making changes to their WAM solution was both extremely costly and time consuming. The company looked to New York-based P2 Security for help. P2 Security's maXecurity reduces ....
Vernier Edgewall Product Review
[ Source: TechWeb TV ]
June 2008-
Fratto reviews Vernier Networks Edgewall network access control appliance. The high level overview summarizes his review of the product and compares it to similar NAC products.
Vernier Edgewall Management Review
[ Source: TechWeb TV ]
June 2008-
Fratto demonstrates the good, the bad, and the ugly of Vernier Networks Control Server which manages their Edgewall NAC appliances. Using screen capture, he offers a unique view of a live server.
Vernier Edgewall Host Assessment Review
[ Source: TechWeb TV ]
June 2008-
Fratto reviews Consentry Networks LANShield Controller network access control appliance. The high level overview summarizes his review of the product and compares it to similar NAC products.
Vernier Edgewall Reporting Review
[ Source: TechWeb TV ]
June 2008-
Fratto demonstrates Vernier Networks reporting capabilities and shows why it is one of the weaker parts of the Control Server. Using data gathered while testing the products, he walks through the reports and shows why poor reporting capabilities hinders management and troubleshooting.