nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,500 enterprises, government agencies and service providers around the world rely on nCircle's proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto.

Additional information about nCircle is available at

Our Website:

Latest Content From nCircle

Whitepaper: Defending Your Small Business Against Cyber Crime

by nCircleJul 26, 2012

It is said that the notorious gangster Willie Sutton once offered up a simple reply when asked why he robbed banks: "Because that's where the money is." In today's digital world, it is likely gangs of criminal hackers would share a similar sentiment when asked about targeting businesses.

But it's not only large enterprises that have information worth targeting - small to midsized businesses (SMBs) contain their share of valuable data as well. From credit card information to employee records, the small businesses frequented by customers across the country face the same type of threats as big business. There is one major difference, however - most of the time, SMBs do not have the same types of resources to throw at the problem.

The easier an organization makes life for an attacker, the more likely it is they will be hacked. It is imperative then, that SMBs take stock of the digital walls guarding their environment and work to close any holes before attackers sneak through. This is where vulnerability scanning can bolster security defenses. As the saying goes, "To fail to plan is to plan to fail" and assessing security is a good first step in any security plan.

Whitepaper: Change is the Enemy of Security and Compliance

by nCircleNov 01, 2010

�Security and compliance are the leading concerns of CIOs and CISOs today, but meeting the requirements of increasingly demanding regulations while reducing exposure to the new class of sophisticated threats can no longer be left to countless point products.

This document lists ten common changes in enterprise environments, all of which can chip away at your security and compliance in ways that you may not realize. Some are obvious; some are subtle; all can have a negative impact. Do you have good answers for these ten questions? Read on and learn what automated security and compliance auditing can do to help.

Whitepaper: Resources for PCI Compliance

by nCircleNov 01, 2010

As early as 2000, the credit card industry began to realize that the current level of security provided for personal and financial cardholder information could have a material negative impact on their business. The five leading credit card organizations organized under the Payment Card Industry (PCI) Security Standards Council to deliver regulations to protect cardholders, merchants, member banks and their transaction businesses.

The Data Security Standards, introduced in 2004, must be followed by all payment card network members, including traditional and Internet organizations, banks and payment processors. nCircle provides a range of PCI compliance solutions for companies of all sizes. This resource guide can help your organization get started on achieving PCI compliance today.

Whitepaper: nCircle Solutions for NIST Special Publication 800-53 Revision 3

by nCircleNov 01, 2010

The National Institute of Standards and Technology (NIST)Special Publication 800-53 revision 3, Recommended Security Controls for Federal Information Systems, provides a unified security framework intended to help U.S. federal government organizations achieve more secure information systems.

These guidelines are the most prescriptive and comprehensive set of information security guidelines to date and they form the foundation for many successful enterprise security programs in government organizations. This resource guide provides a mapping of nCircle functional capabilities to the requirements of the NIST 800-53 controls with brief commentary.

Whitepaper: Calculating the Financial Impact of a Vulnerability Management Program

by nCircleNov 01, 2010

Return on investment on Information Technology security infrastructure investments (solutions and products) has traditionally been hard to quantify, however there are some compelling aspects of securing an organization�s infrastructure that can be identified and quantified. This discipline will continue to evolve as organizations focus on managing and balancing their security expenses and strive to control the accelerating growth in their security investments.

This is the next necessary step in the maturing discipline of information security, where the initial focus has been about protection and organizations are now striving to optimize security and minimize risk to the business at the least possible cost. The following guide highlights some areas of consideration in cost justifying an enterprise-class security risk and compliance management.

Whitepaper: Five Critical Steps of a Complete Security Risk and Compliance Lifecycle

by nCircleNov 01, 2010

Tackling the challenge of finding and addressing risks in the enterprise while demonstrating compliance with increasingly demanding regulations requires the maturity and discipline to adopt and follow a complete security risk and compliance lifecycle. nCircle worked with clients to capture and distill the five critical steps followed by successful organizations to reduce risk and demonstrate compliance.

While the challenges of security and compliance continue to drive the needs of organizations, the adoption of this five-step lifecycle enables organizations to develop the maturity and insight necessary to cultivate accountability, streamline operations and improve efficiency.

Whitepaper: Configuration Auditing - The Next Critical Step in Compliance

by nCircleNov 01, 2010

Configuration auditing is the process of verifying the configurations of assets to ensure they match with stated security and compliance policies. While compliance may be the driver for many organizations, enterprises that utilize automated configuration auditing experience benefits in compliance, security and beyond. Common approaches to uncovering and managing risk � like vulnerability assessment � provide an essential foundation; developing a complete picture of an organization�s risk posture requires configuration auditing.

Configuration auditing enhances the visibility of assets on the network with specific benefits to operations, audit and security. Time, money and talent are scarce resources; configuration auditing saves time and money and provides immediate returns with actionable information, alerts and intelligence to make key decisions.

Whitepaper: nCircle Solutions for Automating the Consensus Audit Guidelines Critical Security Controls

by nCircleNov 01, 2010

Securing our federal infrastructure has become one of our nation�s top cyber security priorities. The Consensus Audit Guidelines (CAG) were created to begin the process of establishing a prioritized baseline of information security measures and controls for the Federal Government. Fifteen of the twenty security controls outlined in CAG can be monitored, at least in part, automatically and continuously.

The rapid rate of change present in an environment constantly under attack makes it impossible to secure our cyber infrastructure without automated tools and processes. Every Federal agency must automate as much as possible to make the best use of their human resources and be in a position to evolve their processes as the cyber attacks continue to create new challenges.