 |
|
|
White papers
 A Phased Approach to NAC Implementation (23pp)
There are many reasons for the instant appeal and excitement for NAC; a primary reason being that conceptually NAC is easy to understand and the benefits are obvious. NAC has the potential to protect networks, put control back into the hands of the IT staff and result in automated compliance. However, the reality is that NAC has not always lived up to its potential. Implementing a NAC solution can be costly, complicated and expensive. The single most important thing you can do to ensure a successful NAC implementation is to pick a NAC system that has proven itself.
NAC is in the Details (6pp)
Although there's a lot of confusion on the market about NAC (Network Access Control), this whitepaper provides insight into why a NAC solution is a critical component of your network security plan. By understanding the 3 main components of NAC — enforcement, testing, and integration — readers learn which methods are best for them depending on their network infrastructure. This paper simplifies NAC product strategies so you can make informed, confident decisions regarding NAC.
NAC: The Evolution of NAC and the Age of Complete NAC (8pp)
No other technology in information security has generated as much interest, discussion, or requests during the past two years as network access control (or NAC). There are multiple reasons why NAC has become the latest solution in keeping our enterprises secure including the emergence of Complete NAC. This paper explores the concepts behind Complete NAC and what to consider in a network access solution.
Network Convergence: The Unified Network Platform™ (6pp)
The convergence of networking technology and security technology is the next phase in the evolution of the network. The unified network platform (UNP) represents the maturation of the convergence movement. The UNP provides an open, modular, customizable, virtual, software-based platform for delivering core networking and security functions. This paper examines the industry trends that have led to convergence and the UNP and concludes with an in-depth description of StillSecure's UNP product concept.
Network Access Control (NAC) Standards: Choosing the right framework for your environment (4pp)
In response to the complexity and diversity of NAC solutions, vendors such as Microsoft, Cisco, and a number of industry consortiums are endorsing specific NAC 'frameworks'—or interoperable standards—to bring a level of uniformity and conformity to the landscape. When considering a NAC purchase, you need understand these frameworks, their similarities, and their differences. Will the NAC solution you deploy today work with tomorrow's framework-compliant infrastructure components? This paper summarizes each NAC framework and its pros and cons for those purchasing NAC in the near term.
PCI Compliance: A technology overview (18pp)
The Payment Card Industry (PCI) Data Security Standard gives straight-forward direction on the technologies, policies and procedures needed to achieve compliance. However, compliance programs differ depending on an organization's size, function, and operational approach. This paper maps out PCI requirements and presents time- and money-saving practices, as well as an introduction to the StillSecure® suite of integrated network security products, which provides three of the PCI-required advanced security functions: network access control, vulnerability management, and intrusion detection/prevention.
Passing an information security audit: Targeted reporting for network vulnerability management (8pp)
This paper discusses how to pass an audit using Security POV, the reporting and risk analysis module available for VAM, StillSecure's enterprise-class vulnerability management platform. The paper presents common auditing and management scenarios and details how Security POV meets the informational requirements using actual reports output from the system.
Demystifying Network Access Control (8pp)
This paper demystifies network access control. It examines the core security problems that gave rise to NAC technology. It addresses organization-specific factors that must be considered when evaluating solutions, and it covers the range of enforcement methods available to keep non-compliant devices from accessing the network.
When is agent-less not agent-less? Interpreting endpoint testing options for network access control. (4pp)
Network access control vendors are eager to claim that testing endpoints using an ActiveX control is an 'agent-less' or 'clientless' solution. In reality, ActiveX controls have many of the same administrative drawbacks of a persistent agent. This paper examines ActiveX testing and compares it to true agent-less testing, where no software need be installed on, or downloaded to the endpoints being tested.
The move toward integrated network security (6pp)
Network security is moving into the era of integrated solutions, where data is shared among traditionally disparate point solutions, such as firewalls, intrusion detection/prevention systems, vulnerability management systems, patch managers, trouble ticketing systems, and endpoint security solutions. This paper examines the benefits of integration and provides a detailed example how an attack is handled in an integrated security environment.
Choosing Security Tools for a FISMA-compliant Infrastructure (5pp)
The Federal Information Security Management Act (FISMA) steers agencies toward compliance through unified reporting standards. While a wide range of information security tools are permissible under FISMA, reporting requirements will be tightly defined. Tools being evaluated with FISMA compliance in mind should be judged on how they directly or indirectly support the FISMA reporting requirements. This paper identifies capabilities including accurate assessment, connectivity, and reporting that your security infrastructure should provide to satisfy FISMA's reporting requirements.
Friendly fire: Protecting the network from its own endpoints (5pp)
Describes how network attacks are increasingly leveraging internal endpoints to gain a foothold and propagate. Endpoint security is no longer a matter of protecting the endpoint itself; it’s now about protecting the entire network from the attacks introduced through compromised endpoints.
Beyond the firewall: The next level of network security (8pp)
Explains why a firewall alone can no longer adequately protect your network. It introduces you to advanced network security technologies, including intrusion detection/prevention systems (IPS/IDS) and vulnerability assessment (VA) tools. The paper describes these advanced technologies within a layered-security framework and illustrates why it is imperative to adopt the layered approach to protect your digital assets.
Securing the university network: An introduction to endpoint security options (6pp)
Discusses the various technologies and approaches that are being used to protect university networks from the dangers introduced by the thousands of student-owned endpoints that must be granted access.
A how-to guide for HIPAA security requirements (8pp)
This paper shows you how to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. There are a number of straightforward actions that IT leaders can take to meet the prescribed requirements and position their organization for ongoing protection of personal healthcare information. Areas covered include: policy definition and compliance; risk assessment and management; exposure mitigation; auditability.
Staying compliant with the evolving security regulations of GLBA (7pp)
Provides a concise summary of recently issued guidance that expands GLBA. Issued by the Federal Financial Institutions Examination Council (FFIEC) in January 2003, the new guidance requires financial institutions to protect all information assets, not just customer information. This paper describes the security process that the FFIEC recommends affected institutions put in place to stay compliant with the expanded requirements.
The Data Protection Rule of the GLBA: A strategy for compliance (8pp)
Provides a detailed summary of the Gramm-Leach-Bliley Act (GLBA), the 1999 legislation that regulates data security in the financial services industry. The paper summarizes the key requirements of the act, discusses what you need to do to ensure compliance, and provides a checklist to help you assess your current state of readiness.
A practical guide to purchasing technology (5pp)
Discusses you how to increase your chances of getting a technology purchase approved by upper management. Today's difficult economic climate demands that proposed purchases be tightly aligned with the overarching business goals of the organization. Written for CIOs and IT directors, this paper presents a four-stage process for navigating a technology-based proposal through the evaluation and approval process.
| |
|
|
Products
Product collateral »
