NAC at the Endpoint: Control Your Network Through Device Compliance

published by Sophos on May 23, 2008

Protecting IT networks used to be a straightforward case of encircling computers and servers with a firewall and ensuring that all traffic passed through just one gateway. However, the increase in mobile workers, numbers and type of device and the amount of non-employees requiring network access, has led to a dissolving of that network perimeter.

NAC 2.0: A New Model for a More Secure Future

published by Sophos on Jul 03, 2008

As organizations turn to network access control (NAC) technologies to protect their networks and data, the flaws of earlier versions of NAC are becoming apparent. New pressures from a constantly changing threat environment and an increasingly mobile workforce require a new NAC model that will offer more finely controlled network access, an increased agility of response, and a better focus on network, desktop, and security operations.

Proactive Network Defense - The Case for Security Information and Event Management (SIEM)

published by TriGeo Network Security on May 15, 2008

It’s widely accepted that Security Information and Event Management (SIEM) systems are excellent tools for regulatory compliance, log management and analysis, trouble-shooting and forensic analysis. What’s surprising to many is that this technology can play a significant role in actively defending networks. This whitepaper explains precisely how real-time analysis, combined with in-memory correlation, and automated notification and remediation capabilities can provide unprecedented network visibility, security and control.

The Total Economic Impact of the Tripwire Enterprise Solution

published by Tripwire on Jan 10, 2007

Hear from a leading industry analyst how your company can quickly enjoy a substantial return on investment from implementing Tripwire’s configuration audit and control solution.

Testing file size 3 MB upload 1

published by 2dev on Mar 02, 2009

The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164

published by Tripwire on Mar 30, 2009

HIPAA requires businesses that handle personal health information (PHI) to set up strong controls to ensure the security and integrity of that information. Learn how Tripwire Enterprise helps meet the detailed technical requirements of HIPAA and delivers continuous compliance.

Effective Email Policies: Why Enforcing Proper Use is Critical to Security

published by Sophos on May 07, 2008

The unmonitored and unguarded use of email by employees poses a multitude of risks to organizations. The distribution of inappropriate or offensive content, malicious emails, and the risks of data leakage all threaten working environments, IT resources and an organization's reputation. A comprehensive, transparent and enforceable email acceptable use policy (AUP), combined with robust email security solutions, dramatically reduces exposure to these risks.

The Value of Enterprise SSO to HIPAA Compliance

published by Imprivata on Nov 02, 2005

When the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996, among the law's many provisions was the establishment of formal regulations designed to protect the confidentiality and security of patient information. In addition to mandating new policies and procedures, the HIPAA security regulations require mechanisms for controlling access to patient data on healthcare providers' information technology (IT) systems.

Best Practices: LAN Security and 802.1X

published by Nevis Networks on Jun 22, 2007

While 802.1X has a growing presence, it's still immature and may not provide all the policy enforcement features commonly required in most organizations. This white paper focuses on the 802.1X standard for authentication and access control and how it compares to the Nevis approach for LAN security.

Best Practices for Deploying LAN Security and NAC

published by Nevis Networks on Apr 23, 2007

Companies are yearning for a solution to guard their network from security risks such as external or untrusted users, and unmanaged endpoints on their internal LAN. NAC technology works well, but a strategic solution is required to fully address the problem of the dissolving network perimeter.

Change Control: Learn How to Address the Insider Threat

published by NetIQ Corporation on Jan 10, 2007

Learn why organizations need to limit IT administrator power to ensure operational integrity and assure compliance and how to implement robust change control processes and tools with this white paper.

Effectively Delegate Administrative Privileges

published by NetIQ Corporation on Aug 27, 2007

Learn how delegating administrative privileges can aid in improving administrative productivity, system availability and security, while satisfying the demands of auditors.  Read this new white paper from NetIQ today.

Evaluate NAC for your Enterprise

published by Symantec on May 30, 2008

Looking for a network security solution? Whether you've already adopted NAC for your enterprise or are researching options, download this helpful survey presented by IDC about NAC benefits and vendor overviews.

Monitor System Changes And User Activity

published by NetIQ Corporation on Jul 11, 2007

Learn how to meet regulatory requirements for system change and user activity monitoring with NetIQ Change Guardian for Windows, without the need for performance-hindering native auditing.

10 Reasons your RADIUS Server Needs a Refresh

published by Identity Engines on Oct 15, 2007

For over a decade now, RADIUS servers have been a mainstay of dial-up and VPN access control. The rather inconspicuous RADIUS server, perhaps better known as that beige, general-purpose PC collecting dust in the corner of your data center, has proved sufficient for performing basic duties like validating passwords and granting network access.

NAC NAC: Who’s Really There? (And What Are They Bringing Inside)

published by Trusted Network Tech on Sep 12, 2006

This paper addresses several issues organizations should consider when analyzing the efficacy and costs of NAC solutions and looks at a complementary alternative technology based on TNT’s Identity™, which helps address and overcome some limitations of NAC solutions.

NISA Project: Employee Management Case Study

published by Borer Data Systems Ltd. on Sep 28, 2007

Clear Image was awarded a contract to supply and fit CCTV and Access control to NISA, one of the largest picking warehouses in Europe. The company runs 3 shifts per day and wanted to allocate lockers to employees. The simple solution would have been to give each employee a locker, but between Borer and Clear Image, a better solution was devised. Thanks to our technology, we can create one to many relationships between our devices. 

On-Demand Vulnerability Management

published by Qualys on Aug 08, 2006

Learn how to start your own self-auditing process by setting goals and answering key questions about your infrastructure. This podcast examines what to look for in a self-audition solution, how to use vulnerability management to ease the pain and why your software solution really matters.

Open Sesame! The Easy Way to Restore Access Passwords to Files, Applications and Databases

published by ElcomSoft on Oct 18, 2007

These days we’re always hearing about the "information age," "information technology," and how "information rules the world." We have come to feel that information is everything. But what does that mean, and is information in itself so important? Not completely. We need information to make decisions – that's what is truly important. A proper decision lights the way to success in any situation. That's why having access to information is a competitive advantage in any business environment.

5 Keys to a Successful Identity and Access Management Implementation

published by CA on Dec 11, 2007

Identity and Access Management (IAM) is a core element of any sound security program. But IAM is also difficult to implement because it touches virtually every end user, numerous business processes as well as every IT application and infrastructure component. As such, successful projects require input and cooperation from many internal groups, an effort that can be difficult to organize.

Protecting Your Network from ARP Spoofing-Based Attacks

published by Global Knowledge on Dec 20, 2005

Think that your encrypted HTTP connection to your remote server is secure? Guess again. ARP spoofing attacks are a highly effective method employed by hackers today to intercept information such as usernames, passwords and data. Understand this attack method and what you can do to protect your sensitive information.

Protecting HTTP Traffic: Why Web Filtering Should Be Your First Line of Defense

published by Secure Computing on Jun 05, 2006

This paper outlines the types of threats that leverage the Internet as a means of delivery and the risks that they pose to your organization. Learn the key drivers of a corporate security policy and how you can protect against HTTP-based threats using Web filtering as part of a multi-layered content security strategy.

Protecting Client Systems from the Crimeware Invasion

published by Symantec on Aug 30, 2006

The IT threat landscape has changed from individual hackers disrupting network operations to organized crime stealing confidential information. Antivirus technology must be joined by a coordinated, multilayered defense that includes proactive vulnerability-based intrusion prevention, file-based intrusion prevention, and inbound and outbound traffic control.

Protecting Your Corporate Network: What Do You Know About the Endpoint Device?

published by LANDesk on Oct 21, 2005

This white paper discusses how the network access control capabilities of LANDesk® Trusted Access™ available within LANDesk Security Suite 8.6 help organizations protect and secure their enterprise networks at their endpoints to reduce malicious attacks and the resulting downtime, lost productivity, and lost revenues.

Prevent Critical Data from Leaving your Company with Clean Separation

published by Avalere on Dec 12, 2006

Companies struggle with cleanly separating an employee, contractor or consultant with their company and critical information.  Avalere enables companies to review how information has been used prior to an employee’s departure in order to protect the company and the employee.